The paper introduces BRITD (Behavior Rhythm Insider Threat Detection), a novel approach for detecting insider threats by leveraging time-aware and user-adaptive behavioral feature extraction. The key contributions of BRITD include: 1. **Feature Extraction Method**: BRITD implicitly encodes absolute time information in behavioral feature sequences and uses a feature sequence construction method that considers covariance to make the scheme adaptive to users. This method captures both absolute and relative time information, enhancing the detection of insider threats. 2. **Deep Learning Model**: A deep learning-based model, BRITD, is proposed to utilize the extracted features. The model consists of a stacked BiLSTM and an FNN, which are used to construct the encoder. The FNN in the encoder improves the model's ability to capture non-time-related behavior features, making it more effective in detecting insider threats. 3. **Performance**: BRITD achieves an AUC of 0.9730 and a precision of 0.8072 on the CMU CERT dataset, outperforming all baselines. 4. **User Adaptation**: The feature sequence construction method selects the best scheme for each user based on the covariance of the feature sequences, ensuring that the model fits the natural cycle of user behavior and captures the user-day behavior rhythm. 5. **Scalability and Generalization**: The scheme is suitable for various insider threat scenarios and can be integrated with trust management and access control mechanisms to enhance overall security. The paper also discusses related works in insider threat detection, including anomaly-based, misuse-based, hybrid, classification-based, and unsupervised detection methods, and access control and trust management techniques. Experimental results demonstrate the effectiveness and superiority of BRITD over existing methods, particularly in scenarios involving time-related threat behaviors.The paper introduces BRITD (Behavior Rhythm Insider Threat Detection), a novel approach for detecting insider threats by leveraging time-aware and user-adaptive behavioral feature extraction. The key contributions of BRITD include: 1. **Feature Extraction Method**: BRITD implicitly encodes absolute time information in behavioral feature sequences and uses a feature sequence construction method that considers covariance to make the scheme adaptive to users. This method captures both absolute and relative time information, enhancing the detection of insider threats. 2. **Deep Learning Model**: A deep learning-based model, BRITD, is proposed to utilize the extracted features. The model consists of a stacked BiLSTM and an FNN, which are used to construct the encoder. The FNN in the encoder improves the model's ability to capture non-time-related behavior features, making it more effective in detecting insider threats. 3. **Performance**: BRITD achieves an AUC of 0.9730 and a precision of 0.8072 on the CMU CERT dataset, outperforming all baselines. 4. **User Adaptation**: The feature sequence construction method selects the best scheme for each user based on the covariance of the feature sequences, ensuring that the model fits the natural cycle of user behavior and captures the user-day behavior rhythm. 5. **Scalability and Generalization**: The scheme is suitable for various insider threat scenarios and can be integrated with trust management and access control mechanisms to enhance overall security. The paper also discusses related works in insider threat detection, including anomaly-based, misuse-based, hybrid, classification-based, and unsupervised detection methods, and access control and trust management techniques. Experimental results demonstrate the effectiveness and superiority of BRITD over existing methods, particularly in scenarios involving time-related threat behaviors.