News story

Quick detection of cyber insider threats

Case study from the University of South Wales who pitched their ideas at the CDE Marketplace on 5 February 2015.


The University of South Wales was funded by CDE for its work to quickly and accurately detect a threat of an insider attack on cyber networks.

The funding is for an initial phase of work aimed at developing and demonstrating a distributed insider threat detection system that is capable of working on a host or in-line.

The work is based on defining user roles and determining the expected range of behaviours for each of those roles. It recognises that a role may be fulfilled by multiple people, and one person may fulfill multiple roles. It further takes a biological approach to identifying whether user actions are consistent with those expected behaviours, and can react accordingly. The result of such an approach is to greatly increase the accuracy, rate and speed with which insider threats are detected and impede the ability of adversaries to operate undetected within government and military interest networks.

The University of South Wales was created in 2014 when the University of Glamorgan and the University of Wales, College Newport merged to create the University of South Wales. It is the sixth largest university in the UK.

Professor Andrew Blyth said:

The support that we receive from CDE has allowed the Information Security Research Group at the University of South Wales to perform cutting-edge research that directly addresses the needs of MOD for cyber defence.

Centre for Defence Enterprise

Building R103
Fermi Avenue

Harwell Oxford
OX11 0QX

Please email for the quickest response.

Published 5 February 2015
Last updated 10 February 2015 + show all updates
  1. Pitch presentation slides added.
  2. First published.