User Behaviour Analysis for Insider Threat Detection Using Machine Learning: A Case Study in Enterprise Web Application Security

This study presents a user behaviour analysis approach for detecting insider threats in an enterprise web application environment. The approach applies machine learning techniques to analyze patterns of user activity. Using a primary dataset collected from a leading ICT distributor company in Indonesia with nationwide channel operations over January–June 2025, we identify patterns of normal and anomalous user activities indicative of insider threats. Three machine learning models were implemented: Random Forest, Support Vector Machine (SVM) with RBF kernel, and 1D CNN, which are widely used in insider-threat and anomaly-detection research. Severe class imbalance was mitigated via undersampling followed by SMOTE. Random Forest delivered the best performance on the test set (Accuracy 97.38%, F1-Score 97.77%, ROC-AUC 99.82%), with CNN and SVM also showing strong anomaly sensitivity. The findings demonstrate a practical, high-accuracy insider-threat detector trained on real enterprise logs, not simulated datasets, suitable for deployment in Indonesian enterprise settings.