Proceedings of the International Conference on Artificial Intelligence and Secure Data Analytics (ICAISDA 2025)

<Previous Article In Volume
Next Article In Volume>

Detecting and Identifying Insider Threat based on HDBSCAN Clustering Methods

Authors
K. Poornambigai1, J. Jude Lourdes1, *, K. Vignesh1, C. Mathivadhanan1
1Sri Manakula Vinayagar Engineering College, Puducherry, India
*Corresponding author. Email: judelourdes10@gmail.com
Corresponding Author
J. Jude Lourdes
Available Online 31 March 2026.
DOI
10.2991/978-94-6239-616-6_120How to use a DOI?
Keywords
K-means; Spatial Clustering; Insider Threat
Abstract

This survey provides an overview of insider threat detection in cybersecurity, with a particular emphasis on clustering-based techniques for identifying malicious user behaviour. It reviews traditional methods such as K-means Clustering and DBSCAN, highlighting its limitations in handling high-dimensional data, irregular user patterns, and sparse anomalies that characterize insider threats. The survey focuses on the potential of HDBSCAN (Hierarchical Density-Based Spatial Clustering of Applications with Noise), which can detect clusters of various types of threat and manage it effectively, the uncover hidden structures in user activity logs without requiring predefined cluster numbers. Commonly used datasets such as the CMU CERT Insider Threat Dataset, preprocessing strategies, and evaluation metrics for validating clustering models are also examined. The survey further discusses ongoing challenges, including class imbalance, false positives, scalability to large-scale logs, and the difficulty of modelling subtle insider behaviours. Future directions include integrating HDBSCAN with temporal modelling, explainability frameworks such as SHAP, and hybrid architectures to build adaptive, interpretable, and scalable insider threat detection systems for organizational cybersecurity.

Copyright
© 2026 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Download article (PDF)

<Previous Article In Volume
Next Article In Volume>
Volume Title
Proceedings of the International Conference on Artificial Intelligence and Secure Data Analytics (ICAISDA 2025)
Series
Advances in Intelligent Systems Research
Publication Date
31 March 2026
ISBN
978-94-6239-616-6
ISSN
1951-6851
DOI
10.2991/978-94-6239-616-6_120How to use a DOI?
Copyright
© 2026 The Author(s)
Open Access
Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International License (http://creativecommons.org/licenses/by-nc/4.0/), which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

Cite this article

risenwbib
TY  - CONF
AU  - K. Poornambigai
AU  - J. Jude Lourdes
AU  - K. Vignesh
AU  - C. Mathivadhanan
PY  - 2026
DA  - 2026/03/31
TI  - Detecting and Identifying Insider Threat based on HDBSCAN Clustering Methods
BT  - Proceedings of the International Conference on Artificial Intelligence and Secure Data Analytics (ICAISDA 2025)
PB  - Atlantis Press
SP  - 1693
EP  - 1705
SN  - 1951-6851
UR  - https://doi.org/10.2991/978-94-6239-616-6_120
DO  - 10.2991/978-94-6239-616-6_120
ID  - Poornambigai2026
ER  -