ITD_Model β Insider Threat Detection
A supervised ensemble machine-learning model for detecting insider threats in Active Directory environments using behavioral features.
π What this model does
This model classifies users as:
β’ Normal behavior
β’ Anomalous / insider-threat behavior
based on engineered activity features derived from AD logs.
It uses a weighted ensemble of Random Forest, XGBoost, and LightGBM with an optimized decision threshold.
π¦ Model artifact
The published file:
contains:
- Trained ensemble classifier
- Individual base models
- Fitted
StandardScaler - Feature column list
- Optimized decision threshold
βοΈ Installation
pip install -r requirements.txt
## π Basic usage
from huggingface_hub import hf_hub_download
import joblib
import pandas as pd
path = hf_hub_download(
repo_id="Mallikarjunac902/Insider_Threat_Detection",
filename="improved_threat_detector.joblib"
)
artifact = joblib.load(path)
model = artifact["model"]
scaler = artifact["scaler"]
features = artifact["feature_columns"]
threshold = artifact["optimal_threshold"]
df = pd.read_csv("new_features.csv")
X = df[features]
X_scaled = scaler.transform(X)
scores = model.predict_proba(X_scaled)[:,1]
preds = (scores >= threshold).astype(int)
print(preds[:10])