Indonesian Journal of Electrical Engineering and Computer Science Vol. 17, No. 3, March 2020, pp. 1474~1479 ISSN: 2502-4752, DOI: 10.11591/ijeecs.v17.i3.pp1474-1479  1474 Journal homepage: http://ijeecs.iaescore.com New insider threat detection method based on recurrent neural networks Mohammed Nasser Al-Mhiqani, Rabiah Ahmad, Zaheera Zainal Abidin, Warusia Yassin, Aslinda Hassan, Ameera Natasha Mohammad Information Security and Networking Research Group (InFORSNET), Center for Advanced Computing Technology, Faculty of Information Communication Technology, Universiti Teknikal Malaysia Melaka, Malaysia Article Info ABSTRACT Article history: Received Jul 8, 2019 Revised Sep 10, 2019 Accepted Sep 26, 2019 Insider threat is a significant challenge in cybersecurity. In comparison with outside attackers, inside attackers have more privileges and legitimate access to information and facilities that can cause considerable damage to an organization. Most organizations that implement traditional cybersecurity techniques, such as intrusion detection systems, fail to detect insider threats given the lack of extensive knowledge on insider behavior patterns. However, a sophisticated method is necessary for an in-depth understanding of insider activities that the insider performs in the organization. In this study, we propose a new conceptual method for insider threat detection on the basis of the behaviors of an insider. In addition, gated recurrent unit neural network will be explored further to enhance the insider threat detector. This method will identify the optimal behavioral pattern of insider actions. Keywords: Cyber security Deep learning Gated recurrent network Insider Insider threat Copyright © 2020 Institute of Advanced Engineering and Science. All rights reserved. Corresponding Author: Mohammed Nasser Al-Mhiqani, Information Security and Networking, Research Group (InFORSNET), Universiti Teknikal Malaysia Melaka, Melaka, Malaysia. Email: almohaiqny@gmail.com 1. INTRODUCTION Insider threat have been a critical threat source for an organization given their increased access and opportunity that can cause considerable damage to the organization. In comparison with outsiders, insiders have more privileged and legitimate access to information and facilities. Moreover, insiders are knowledgeable about an organization and its critical assets. With the additional knowledge of insiders, conducting an attack is easy for these insiders because they can hide their hacking trail/activities [1-3]. Surprisingly, 2018 insider threat reports have shown that 53% of threats come from within an organization in the last 12 months [4]. Moreover, 27% of surveyed organizations have stated that attacks originate from inside [4]. Thus, most organizations that implement cybersecurity techniques, such as intrusion detection, firewall, and electronic access system, aim to protect data not only from outside threats but also from insider threats [5]. In the last decades, many incidents of insider threats have gradually reached the media; for example, well-known cases of data leakage have been conducted by Edward Snowden, Daniel Ellsberg, and Chelsea Manning [6]. In contrast to the threats by outsiders, insider threats are easy to perform with no experience or advanced technical knowledge required given the authorization access that insiders have and the knowledge of the vulnerabilities of business processes and deployed systems. In comparison with outsiders whose hacking trails are hard to hide, malicious insiders are difficult to detect [6, 7]. Recurrent neural network (RNN) considers current value and previous input, thereby making this algorithm different from other neural networks. Therefore, RNN has been extensively used for solving the