ABSTRACT
Effective detection of insider threats from social media data requires monitoring mechanisms that are far more fine grained than for external threat detection. These monitors must be efficiently and reliably deployable in the software environments for actions endemic to malicious insider missions to be caught in a timely manner. Such environments typically include user-level applications, such as word processors, e-mail clients, and web browsers for which reliable monitoring of internal events by conventional means is difficult.
