A Privacy-Aware Federated Learning Approach for Insider Threat Detection

Nimra Abbasi; Mohammed Al-Mhiqani; Hussain Al-Aqrabil; Samer Aoudi

doi:10.1109/ITT69610.2025.11352913

A Privacy-Aware Federated Learning Approach for Insider Threat Detection

Nimra Abbasi, Mohammed Al-Mhiqani, Hussain Al-Aqrabil, Samer Aoudi

Higher Colleges of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Insider threats pose critical risks to organisational security, yet existing detection methods face challenges related to privacy, class imbalance, and heterogeneous data distributions. Centralised approaches often compromise sensitive information, limiting cross-organisational collaboration. This paper introduces a privacy-aware insider threat detection approach based on federated learning (FL) with advanced feature engineering and differential privacy. The proposed approach employs a neural architecture with residual connections, multi-head attention, and focal loss to capture complex behavioral patterns from diverse sources, including email, logon activity, device usage, HTTP traffic, file operations, and psychometric data. Local Synthetic Minority Oversampling Technique (SMOTE) oversampling mitigates class imbalance, while behavioral clustering addresses data heterogeneity. Secure aggregation with differential privacy ensures configurable privacy-utility trade-offs. Experiments on the CERT dataset demonstrate that the proposed approach achieves high precision, recall, and F1-score, outperforming existing FL methods while maintaining fairness across clients and strong privacy guarantees.

Original language	English
Title of host publication	2025 10th International Conference on Information Technology Trends (ITT)
Publisher	IEEE
Pages	100-105
Number of pages	6
Edition	1st
ISBN (Electronic)	9798331545758
ISBN (Print)	9798331545765
DOIs	https://doi.org/10.1109/ITT69610.2025.11352913
Publication status	Published - 28 Jan 2026
Event	10th International Conference on Information Technology Trends - Higher Colleges of Technology, Dubai, United Arab Emirates Duration: 6 Nov 2025 → 7 Nov 2025 https://hct.ac.ae/en/events/10th-international-conference-on-information-technology-trends-itt-2025/

Conference

Conference	10th International Conference on Information Technology Trends
Abbreviated title	ITT 2025
Country/Territory	United Arab Emirates
City	Dubai
Period	6/11/25 → 7/11/25
Internet address	https://hct.ac.ae/en/events/10th-international-conference-on-information-technology-trends-itt-2025/

Access to Document

10.1109/ITT69610.2025.11352913Licence: Unspecified

Cite this

@inproceedings{e2ec152e1af54edf9ecdf06a7e79181f,

title = "A Privacy-Aware Federated Learning Approach for Insider Threat Detection",

abstract = "Insider threats pose critical risks to organisational security, yet existing detection methods face challenges related to privacy, class imbalance, and heterogeneous data distributions. Centralised approaches often compromise sensitive information, limiting cross-organisational collaboration. This paper introduces a privacy-aware insider threat detection approach based on federated learning (FL) with advanced feature engineering and differential privacy. The proposed approach employs a neural architecture with residual connections, multi-head attention, and focal loss to capture complex behavioral patterns from diverse sources, including email, logon activity, device usage, HTTP traffic, file operations, and psychometric data. Local Synthetic Minority Oversampling Technique (SMOTE) oversampling mitigates class imbalance, while behavioral clustering addresses data heterogeneity. Secure aggregation with differential privacy ensures configurable privacy-utility trade-offs. Experiments on the CERT dataset demonstrate that the proposed approach achieves high precision, recall, and F1-score, outperforming existing FL methods while maintaining fairness across clients and strong privacy guarantees.",

keywords = "Behavioral Feature Engineering, Class Imbalance, Differential Privacy, Federated Learning, Insider Threat Detection, Secure Aggregation",

author = "Nimra Abbasi and Mohammed Al-Mhiqani and Hussain Al-Aqrabil and Samer Aoudi",

note = "Publisher Copyright: {\textcopyright}2025 IEEE.; 10th International Conference on Information Technology Trends, ITT 2025 ; Conference date: 06-11-2025 Through 07-11-2025",

year = "2026",

month = jan,

day = "28",

doi = "10.1109/ITT69610.2025.11352913",

language = "English",

isbn = "9798331545765",

pages = "100--105",

booktitle = "2025 10th International Conference on Information Technology Trends (ITT)",

publisher = "IEEE",

address = "United States",

edition = "1st",

url = "https://hct.ac.ae/en/events/10th-international-conference-on-information-technology-trends-itt-2025/",

}

Abbasi, N, Al-Mhiqani, M, Al-Aqrabil, H & Aoudi, S 2026, A Privacy-Aware Federated Learning Approach for Insider Threat Detection. in 2025 10th International Conference on Information Technology Trends (ITT). 1st edn, 11352913, IEEE, pp. 100-105, 10th International Conference on Information Technology Trends, Dubai, United Arab Emirates, 6/11/25. https://doi.org/10.1109/ITT69610.2025.11352913

TY - GEN

T1 - A Privacy-Aware Federated Learning Approach for Insider Threat Detection

AU - Abbasi, Nimra

AU - Al-Mhiqani, Mohammed

AU - Al-Aqrabil, Hussain

AU - Aoudi, Samer

PY - 2026/1/28

Y1 - 2026/1/28

N2 - Insider threats pose critical risks to organisational security, yet existing detection methods face challenges related to privacy, class imbalance, and heterogeneous data distributions. Centralised approaches often compromise sensitive information, limiting cross-organisational collaboration. This paper introduces a privacy-aware insider threat detection approach based on federated learning (FL) with advanced feature engineering and differential privacy. The proposed approach employs a neural architecture with residual connections, multi-head attention, and focal loss to capture complex behavioral patterns from diverse sources, including email, logon activity, device usage, HTTP traffic, file operations, and psychometric data. Local Synthetic Minority Oversampling Technique (SMOTE) oversampling mitigates class imbalance, while behavioral clustering addresses data heterogeneity. Secure aggregation with differential privacy ensures configurable privacy-utility trade-offs. Experiments on the CERT dataset demonstrate that the proposed approach achieves high precision, recall, and F1-score, outperforming existing FL methods while maintaining fairness across clients and strong privacy guarantees.

AB - Insider threats pose critical risks to organisational security, yet existing detection methods face challenges related to privacy, class imbalance, and heterogeneous data distributions. Centralised approaches often compromise sensitive information, limiting cross-organisational collaboration. This paper introduces a privacy-aware insider threat detection approach based on federated learning (FL) with advanced feature engineering and differential privacy. The proposed approach employs a neural architecture with residual connections, multi-head attention, and focal loss to capture complex behavioral patterns from diverse sources, including email, logon activity, device usage, HTTP traffic, file operations, and psychometric data. Local Synthetic Minority Oversampling Technique (SMOTE) oversampling mitigates class imbalance, while behavioral clustering addresses data heterogeneity. Secure aggregation with differential privacy ensures configurable privacy-utility trade-offs. Experiments on the CERT dataset demonstrate that the proposed approach achieves high precision, recall, and F1-score, outperforming existing FL methods while maintaining fairness across clients and strong privacy guarantees.

KW - Behavioral Feature Engineering

KW - Class Imbalance

KW - Differential Privacy

KW - Federated Learning

KW - Insider Threat Detection

KW - Secure Aggregation

UR - https://www.scopus.com/pages/publications/105033639986

U2 - 10.1109/ITT69610.2025.11352913

DO - 10.1109/ITT69610.2025.11352913

M3 - Conference contribution

AN - SCOPUS:105033639986

SN - 9798331545765

SP - 100

EP - 105

BT - 2025 10th International Conference on Information Technology Trends (ITT)

PB - IEEE

T2 - 10th International Conference on Information Technology Trends

Y2 - 6 November 2025 through 7 November 2025

ER -

A Privacy-Aware Federated Learning Approach for Insider Threat Detection

Abstract

Conference

Access to Document

Other files and links

Fingerprint

Cite this