Adaptive Privacy-Preserving Insider Threat Detection Using Generative Sequence Models

Insider threats remain one of the most challenging security risks in modern enterprises due to their subtle behavioral patterns and the difficulty of distinguishing malicious intent from legitimate activity. This paper presents a unified and adaptive generative framework for insider threat detection that integrates Variational Autoencoders (VAEs) and Transformer Autoencoder architectures to learn personalized behavioral baselines from sequential user event logs. Anomalies are identified as significant deviations from these learned baseline distributions. The proposed framework incorporates an adaptive learning mechanism to address both cold-start scenarios and concept drift, enabling continuous model refinement as user behavior evolves. In addition, we introduce a privacy-preserving latent-space design and evaluate the framework under formal privacy attacks, including membership inference and reconstruction attacks, demonstrating strong resilience against data leakage. Experiments performed on the CERT Insider Threat Dataset (v5.2) show that our approach outperforms traditional and deep learning baselines, with the Transformer Autoencoder achieving an F1-score of 0.66 and an AUPRC of 0.59. The results highlight the effectiveness of generative sequence models for privacy-conscious and adaptive insider threat detection in enterprise environments, providing a comparative analysis of two powerful architectures for practical implementation.