Simulating Malicious Insiders in Real Host-Monitored Background Data

Our task is to provide insider threat test data for a research program that is developing a new generation of (anomaly-based) insider threat detectors. The program has at its disposal a unique research resource: a secure data facility operated by an industry partner on behalf of the program that contains real (background) data gathered from approximately 5,000 employees from host-monitored computers deployed in the workplace. The data currently contains more than 2.5x108 user events and counting, with approximately 3 million new events gathered each day.