Articles
| Open Access |
DOI:
https://doi.org/10.55640/ijcsis/Volume11Issue05-03
A Hybrid Graph Neural Network and Large Language Model Framework for Insider Threat Detection via Behavioral Graph and Semantic Profiling
Md Abu Sufian Mozumder , College of Business, Westcliff University, Irvine, California, USA Mohammad Musa Mia , Master of Business Administration, International American University, Los Angeles, California Rumana Akther Nipa , Master of Science in Engineering Management, College of Engineer & Technology, Westcliff University, Irvine, California Asaduzzaman Anik , Master of Business Administration (MBA) in management, Stanton University, Los Angeles, California Eklachur Rahman Bhuiyan , Master of Science in Information Technology (MSIT). Washington University of Science and Technology, Alexandria VA, USA Sharmin Akter , Sharmin Akter Department of Information Technology Project Management, St. Francis College, USA Mashaeikh Zaman Md. Eftakhar Choudhury , Master of Social Science in Security Studies, Bangladesh University of Professional (BUP), DhakaAbstract
Insider threats remain one of the most critical and elusive challenges in enterprise cybersecurity due to their ability to exploit legitimate access while evading traditional detection mechanisms. In this study, a hybrid framework integrating Graph Neural Networks and Large Language Models is proposed to enhance insider threat detection through the fusion of behavioral graph modeling and semantic profiling. Using the CERT Insider Threat Dataset and the UEBA Dataset on Kaggle, the model captures both relational dependencies among users, devices, and resources, and contextual insights from unstructured textual data such as logs and communications. The experimental results demonstrate that the proposed hybrid model significantly outperforms traditional machine learning, sequence-based, and single-modality deep learning approaches, achieving an accuracy of 0.96, an F1-score of 0.92, and a ROC-AUC of 0.95. These improvements are primarily driven by the model’s ability to jointly learn structural anomalies and semantic deviations, enabling more accurate detection of multi-stage and stealthy insider attacks. Furthermore, the integration of explainable language-based outputs enhances interpretability and operational usability in enterprise security environments. The findings highlight the effectiveness of multi-modal learning in advancing insider threat detection and provide a scalable, practical solution for deployment in large-scale enterprise systems.
Keywords
Insider Threat Detection, Graph Neural Networks, Large Language Models, Behavioral Graphs, Cybersecurity, Anomaly Detection, Enterprise Security, Multi-Modal Learning
References
Mia, M. M., Al Mamun, A., Ahmed, M. P., Tisha, S. A., Habib, S. A., & Nitu, F. N. (2025). Enhancing Financial Statement Fraud Detection through Machine Learning: A Comparative Study of Classification Models. Emerging Frontiers Library for The American Journal of Engineering and Technology, 7(09), 166-175.
Brown, T. B., Mann, B., Ryder, N., Subbiah, M., Kaplan, J., Dhariwal, P., … Amodei, D. (2020). Language models are few-shot learners. Advances in Neural Information Processing Systems, 33, 1877–1901.
Eberle, W., & Holder, L. (2009). Insider threat detection using graph-based approaches. Cybersecurity Applications & Technology Conference for Homeland Security, 237–241.
Kipf, T. N., & Welling, M. (2017). Semi-supervised classification with graph convolutional networks. International Conference on Learning Representations (ICLR).
Liu, F., Wen, H., & Zhang, Y. (2018). Insider threat detection using graph mining techniques. IEEE Transactions on Information Forensics and Security, 13(10), 2574–2586.
Parveen, P., Thuraisingham, B., & Khan, L. (2011). Insider threat detection in streaming data using classification and ensemble learning. IEEE International Conference on Intelligence and Security Informatics, 198–200.
Shen, Y., Chen, X., & Li, J. (2021). Automated log analysis using natural language processing for cybersecurity. IEEE Access, 9, 123456–123470.
Tuor, A., Kaplan, S., Hutchinson, B., Nichols, N., & Robinson, S. (2017). Deep learning for unsupervised insider threat detection in structured cybersecurity data streams. AAAI Workshops.
Zhang, C., Wang, X., & Li, Z. (2022). Hybrid graph-based and embedding models for anomaly detection. IEEE Transactions on Neural Networks and Learning Systems, 33(5), 2100–2112.
Akhi, S. S., Ahamed, M. I., Alom, M. S., Rakin, A., Awal, A., & Al Mamoon, I. (2025, July). Boosted Forest Soft Ensemble of XGBoost, Gradient Boosting, and Random Forest with Explainable AI for Thyroid Cancer Recurrence Prediction. In 2025 International Conference on Quantum Photonics, Artificial Intelligence, and Networking (QPAIN) (pp. 1-6). IEEE.
Alom, M. S., Akhi, S. S., Borsha, S. N., Mia, N., Tamim, F. S., & Nabin, J. A. (2025, July). Federated Machine Learning for Cardiovascular Risk Assessment: A Decentralized XGBoost Approach. In 2025 International Conference on Quantum Photonics, Artificial Intelligence, and Networking (QPAIN) (pp. 1-6). IEEE.
Nitu, F. N., Mia, M. M., Roy, M. K., Yezdani, S., FINDIK, B., & Nipa, R. A. (2025). Leveraging Graph Neural Networks for Intelligent Supply Chain Risk Management in the Era of Industry 4.0. International Interdisciplinary Business Economics Advancement Journal, 6(10), 21-33.
Akhi, S. S., Rahaman, M. A., & Alom, M. S. An Explainable and Robust Machine Learning Approach for Autism Spectrum Disorder Prediction.
Rabbi, M. A., Rijon, R. H., Akhi, S. S., Hossain, A., & Jeba, S. M. (2025, January). A Detailed Analysis of Machine Learning Algorithm Performance in Heart Disease Prediction. In 2025 4th International Conference on Robotics, Electrical and Signal Processing Techniques (ICREST) (pp. 259-263). IEEE.
Mujiba Shaima, Mazharul Islam Tusher, Estak Ahmed, Sharmin Sultana Akhi, & Rayhan Hassan Mahin. (2025). Machine Learning Techniques and Insights for Cardiovascular or Heart Disease Prediction. Academic International Journal of Engineering Science, 3(01), 22-35.
Mia, M. M., Roy, M. K., YASSAR, I. S., Mottalib, M. Y., Yezdani, S., Nijhum, A. M., ... & Uddin, M. K. (2025). Integrating Blockchain Security and Machine Learning for Fraud Detection in the US Banking System. Emerging Frontiers Library for The American Journal of Engineering and Technology, 7(11), 65-76.
Umam, S., & Razzak, R. B. (2024, October). Linguistic disparities in mental health services: Analyzing the impact of spanish language support availability in saint louis region, Missouri. In APHA 2024 Annual Meeting and Expo. APHA.
Umam, S., & Razzak, R. B. (2025, November). A 20-Year Overview of Trends in Secondhand Smoke Exposure Among Cardiovascular Disease Patients in the US: 1999–2020. In APHA 2025 Annual Meeting and Expo. APHA.
Razzak, R. B., & Umam, S. (2025, November). Health Equity in Action: Utilizing PRECEDE-PROCEED Model to Address Gun Violence and associated PTSD in Shaw Community, Saint Louis, Missouri. In APHA 2025 Annual Meeting and Expo. APHA.
Razzak, R. B., & Umam, S. (2025, November). A Place-Based Spatial Analysis of Social Determinants and Opioid Overdose Disparities on Health Outcomes in Illinois, United States. In APHA 2025 Annual Meeting and Expo. APHA.
Umam, S., Razzak, R. B., Munni, M. Y., & Rahman, A. (2025). Exploring the non-linear association of daily cigarette consumption behavior and food security-An application of CMP GAM regression. PLoS One, 20(7), e0328109.
Estak Ahmed, An Thi Phuong Nguyen, Aleya Akhter, KAMRUN NAHER, & HOSNE ARA MALEK. (2025). Advancing U.S. Healthcare with LLM–Diffusion Hybrid Models for Synthetic Skin Image Generation and Dermatological AI. Journal of Medical and Health Studies, 6(5), 83-90. https://doi.org/10.32996/jmhs.2025.6.5.11
Ayub, M. I., Gharami, A. K., Nitu, F. N., Uddin, M. N., Islam, M. I., Nijhum, A. M., ... & Yezdani, S. (2025). AI-Driven Demand Forecasting for Multi-Echelon Supply Chains: Enhancing Forecasting Accuracy and Operational Efficiency through Machine Learning and Deep Learning Techniques. Emerging Frontiers Library for The American Journal of Management and Economics Innovations, 7(07), 74-85.
Mia, M. M., Rahman, M. M., Sayed, M. A., Nipa, R. A., Dey, S. K., Jahed, K. A., & Mottalib, M. Y. (2026). Enhancing Enterprise Security Management Using Hybrid Machine Learning and Large Language Model–Assisted Intrusion Detection. Emerging Frontiers Library for The American Journal of Engineering and Technology, 8(2), 170-178.
Khan, M. S., Gharami, A. K., Nitu, F. N., Uddin, M. N., Ahmed, M., Roy, M. K., & Yezdani, S. (2025). Deep Learning-Driven Customer Segmentation in Banking: A Comparative Analysis for Real-Time Decision Support. International Interdisciplinary Business Economics Advancement Journal, 6(08), 9-22.
Mottalib, M. Y., Nobe, N., Islam, M. T., Hossain, M. R., Jisan, A. H., & Hossen, M. E. (2026). Ensemble Machine Learning and Natural Language Processing for Automated Cancer Indicator Detection in Clinical Notes. Nvpubhouse Library for International Journal of Medical Science and Public Health Research, 7(03), 27-37.
Eberle, W., & Holder, L. (2009). Insider threat detection using graph-based approaches. Cybersecurity Applications & Technology Conference.
Yuan, S., Wu, X., & Li, Y. (2021). Deep learning for insider threat detection: Review, challenges and opportunities. Computers & Security, 104, 102221.
Gong, Y., Cui, S., Liu, S., Jiang, B., & Lu, Z. (2024). Graph-based insider threat detection: A survey. Computer Networks, 254, 110757.
Fei, K., Zhou, J., Su, L., Wang, W., & Chen, Y. (2025). Log2Graph: A graph convolution neural network-based method for insider threat detection. Journal of Cyber Security.
Yang, X., Zhang, Y., & Liu, H. (2024). A survey of large language models for cyber threat detection. Computers & Security.
Haidar, A., Lin, Y. Z., Shi, Q., & Yang, Z. (2025). A survey of large language models for insider threat detection. IEEE CARS Conference.
Tuor, A., Kaplan, S., Hutchinson, B., Nichols, N., & Robinson, S. (2017). Deep learning for unsupervised insider threat detection. AAAI Workshops.
YASSAR, I. S. (2023). SCALABLE SDN-BASED ARCHITECTURE FOR LARGE-SCALE ENTERPRISE NETWORK MANAGEMENT. Insights Sustainable Engineering Practices, 1(01), 115-130.
YASSAR, I. S. (2024). SECURING US CRITICAL INFRASTRUCTURE WITH AUTONOMOUS LANGUAGE AGENTS: A TRUSTWORTHY, POLICY-ALIGNED FRAMEWORK FOR HIGH-RISK ENTERPRISE REASONING. Journal of Engineering Education and Practice, 2(1), 48-69.
Jamee, S. S., YASSAR, I. S., Hossain, M. A., Mia, M. M., & Roy, M. K. (2026). Explainable AI in Banking Compliance: Leveraging Large Language Models for AML and KYC Decision Support. Library of Frontline Marketing, Management and Economics Journal, 6(01), 06-12.
Jamee, S. S., Arif, M., Rahman, M. M., YASSAR, I. S., & Hossain, M. A. (2025). Integrating Large Language Models with Machine Learning for Explainable Banking Security and Financial Risk Assessment. International Interdisciplinary Business Economics Advancement Journal, 6(11), 8-18.
Rafi, M. A., & YASSAR, I. S. (2025). Forecasting Customer Lifetime Value: A Data-Driven Approach to Optimizing Marketing Budget Allocation. Journal of Computer Science and Technology Studies, 7(10), 537-550.
Mia, M. M., Roy, M. K., YASSAR, I. S., Mottalib, M. Y., Yezdani, S., Nijhum, A. M., ... & Uddin, M. K. (2025). Integrating Blockchain Security and Machine Learning for Fraud Detection in the US Banking System. Emerging Frontiers Library for The American Journal of Engineering and Technology, 7(11), 65-76.
Hossain, M. R., & Yassar, I. S. (2025). AI Integrated IT Framework for Cyber Resilience in SMEs. Futurity Proceedings, 3.
Article Statistics
Downloads
Copyright License
Copyright (c) 2026 Md Abu Sufian Mozumder, Mohammad Musa Mia, Rumana Akther Nipa, Asaduzzaman Anik, klachur Rahman Bhuiyan, Sharmin Akter, Mashaeikh Zaman Md. Eftakhar Choudhury
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Copyright and Ethics:
- Authors are responsible for obtaining permission to use any copyrighted materials included in their manuscript.
- Authors are also responsible for ensuring that their research was conducted in an ethical manner and in compliance with institutional and national guidelines for the care and use of animals or human subjects.
- By submitting a manuscript to International Journal of Computer Science & Information System (IJCSIS), authors agree to transfer copyright to the journal if the manuscript is accepted for publication.