Insider threats pose significant challenges for security teams due to their legitimate access and the difficulty in detecting malicious activity. Traditional datasets fail to capture the complexity of real-world scenarios, leading to ineffective detection models. To address this, a research team has developed Chimera, a system utilizing LLM agents to simulate both normal and malicious employee behavior in various enterprise environments. Chimera generates realistic datasets, encapsulated in ChimeraLog, containing approximately 25 billion log entries, reflecting diverse insider attack scenarios like intellectual property theft and fraud.
The system allows organizations to customize simulations without exposing sensitive data, facilitating training for insider threat detection models. Tests revealed that traditional models falter when applied to ChimeraLog, underscoring the importance of realistic behavioral patterns. The research paves the way for automated cyber ranges, providing security professionals with significant tools to enhance detection capabilities in real-world environments. Chimera thus represents a promising advance in insider threat detection technology.
Source link
