Preprint
Article

This version is not peer-reviewed.

Behavioural Biometrics and Continuous Authentication for Insider Threat Detection in Enterprise Networks

Submitted:

22 April 2026

Posted:

24 April 2026

You are already at the latest version

Abstract
Identifying insider threats in modern enterprise environments presents a unique cybersecurity challenge. Although malicious activity may often appear to be legitimate user activity, it is difficult to recognize the distinction. This study presents an innovative approach to insider threat detection by analyzing enterprise activity logs for continuous authentication along with behavioural biometrics. Behavioural patterns, such as logins, file accesses, network interactions and emails, are analyzed to determine abnormal behaviours of users. The proposed system utilizes a hybrid deep learning architecture that includes a Long Short-Term Memory (LSTM) network and an autoencoder model to model temporal dependence of a user’s behaviour and to identify anomalies through reconstruction error analysis. The LSTM network captures user’s sequential activity and autoencoder determines variance from the user’s typical behavioural profile. The outputs of both models are aggregated using a unified behavioural risk scoring mechanism for continuous authentication and an ongoing assessment of insider threats. The experimental results from Insider Threat Dataset for Corporate Environments demonstrate that proposed approach is effective in classifying normal versus malicious behaviours of users. The model achieves of 97.65% an accuracy, of 96.35% a precision, of 99.05% a recall rate, of 97.68% an F1-score and a Receiver Operating Characteristic - Area Under Curve (ROC-AUC) score of 99.20%, which indicates a high level of detection capability and very low false positives. The findings support that a developed model is a viable solution for integrating behavioural modelling, detection of anomalies.
Keywords: 
;  ;  ;  ;  ;  ;  
Copyright: This open access article is published under a Creative Commons CC BY 4.0 license, which permit the free download, distribution, and reuse, provided that the author and preprint are cited in any reuse.
Prerpints.org logo

Preprints.org is a free preprint server supported by MDPI in Basel, Switzerland.

Subscribe

Disclaimer

Terms of Use

Privacy Policy

Privacy Settings

© 2026 MDPI (Basel, Switzerland) unless otherwise stated