The principal objective of this project is to develop a knowledge base of the tactics, techniques, and procedures (TTPs) used by insiders in the IT environment. It will establish an Insider Threat TTP Knowledge Base, built upon data collected on insider threat incidents and lessons learned and experience from the ATT&CK knowledge base.
Proxilion MCP Security Gateway is a self-hosted, Docker-ready security gateway that provides real-time threat detection (<50ms P95 latency) against insider threats, compromised accounts, and rogue AI agents by analyzing tool calls from assistants like Copilot and Claude Code, achieving a 75-85% detection rate against sophisticated attacks.
A digital immune system designed to detect and neutralize identity-based threats from within an organization
Personal data analysis project combining insider threat detection, cybersecurity, and exploratory data analytics. Built for portfolio showcase and practical skills demonstration.
A Hybrid Approach for Insider Threat Detection Using System Call Analysis and Malware API Monitoring.
Insider Threat Monitor
The Public Distribution List and Mailbox Forward Reports are developed to enhance security auditing in Microsoft 365’s Exchange Online and on-premises Exchange environments.
Simulated and detected a stealthy insider threat ‘Alex’, who moved from file snooping to SSH brute-forcing. Includes PCAPs, Zeek logs, NetworkMiner analysis, and a full incident report.
Simulated threat detection project using Splunk with custom logs, dashboard, and MITRE ATT&CK mapping
The Common Criteria for Insider Threat
생성형 AI를 활용한 국가안보 침해 내부자 행위 선제 감시 체계 설계
Enterprise-Grade AI/ML-Powered Insider Threat Detection Platform
Thesis project
Add a description, image, and links to the insider-threat topic page so that developers can more easily learn about it.
To associate your repository with the insider-threat topic, visit your repo's landing page and select "manage topics."