Faculty & Research
The School

Detecting insider behaviour on corporate systems

Corporate Insider Threat Detection: Cyber Security Inside and Out

It is widely recognised that the threat to enterprises from insider activities is increasing and that significant costs are being incurred. The multi-faceted dimensions of insider threat and compromising actions have resulted in a diverse experience and understanding of what insider threats are and how to detect or prevent them. The purpose of this research was to investigate the potential for near real-time detection of insider threat activities within a large enterprise environment using monitoring tools centred around the information infrastructure.

As inside threat activities are not confined solely to cyber-based threats, the research will explore the potential for harnessing a variety of threat indicators buried in a different enterprise operations connected or interfacing with the information infrastructure, while enabling human analysts to make informed decisions efficiently and effectively.

Read more about the project overview 

Selected publications

Jason R.C. Nurse‚ Oliver Buckley‚ Philip A. Legg‚ Michael Goldsmith‚ Sadie Creese‚ Gordon R.T. Wright and Monica Whitty. "Understanding Insider Threat: A Framework for Characterising Attacks"
Jason R.C. Nurse‚ Philip A. Legg‚ Oliver Buckley‚ Ioannis Agrafiotis‚ Gordon Wright‚ Monica Whitty‚ David Upton‚ Michael Goldsmith and Sadie Creese. "A critical reflection on the threat from human insiders − its nature‚ industry perceptions‚ and detection approaches"
Sadie Creese Philip A. Legg Nick Moffat Jason R.C. Nurse Jassim Happa Ioannis Agrafiotis Michael Goldsmith. "Towards a Conceptual Model and Reasoning Structure for Insider Threat Detection"


People Department
Min Chen, P.I Oxford e-research centre
Sadie Creese, P.I Department of Computer Science, Oxford
Michael Goldsmith, P.I Department of Computer Science, Oxford
David Upton, P.I. Saïd Business School
Monica Whittey, P.I. University of Leicester, Media and Communications
Ioannis Agrafiotis Department of Computer Science, Oxford
Oliver Buckley Department of Computer Science, Oxford
Alexandria Ellis Saïd Business School
Katherine Fletcher Department of Computer Science, Oxford
Jassim Happa Department of Computer Science, Oxford
Phil Legg Department of Computer Science, Oxford
Michael Levi Cardiff School of Social Sciences
Eamonn Maguire Department of Computer Science, Oxford
Nick Moffat Department of Computer Science, Oxford
Jason Nurse Department of Computer Science, Oxford
Simon Walton Oxford e-research centre
Gordon Wright University of Leicester


October 2012 - March 2015



Read the press release

Read "Oxford study warns of the increasing risk of internal cyber-attacks" Saïd Business School press release