Research project title
Sentinelle MI : Data collection and analysis to identify the insider threat (Theme 1) - Amal Zouaq - Post-doctoral fellowship
Education level
Post-doctoral fellowship
Director/co-director
Director: Amal Zouaq
Co-director(s): Frédéric Cuppens (Polytechnique Montréal)
End of display
June 30, 2025
Areas of expertise
Unit(s) and department(s)
Department of Computer Engineering and Software Engineering
Conditions
We are recruiting several master's, doctoral, and post-doctoral students for the Sentinelle MI project. Internships with industrial partners are planned.
Post-doctoral candidates will participate in the supervision of PhD and MSc students.
In this first theme of the Sentinelle MI project, the goal is to develop AI models and representations to identify insider's threat, based on ontological representations and deep learning approaches such as pretrained language models from various documents (log files, emails, etc). This includes insider threat profiling, activity modeling/learning at the employee / job level, anomaly characterization and detection, and semi-supervised learning of at-risk activities.
Detailed description
The objective of the project is to develop innovative solutions to effectively identify and prevent the insider threat in companies and organizations. The insider threat originates from a user, such as an employee, contractor or consultant, with legitimate access rights, who, through malice or negligence, engages in behavior that is harmful to the business or organization. Recent studies show that 60% of cyber incidents in companies are caused by internal threats. However, compared to the external threat, the internal threat remains seldom studied.
In this context, the LabCys and LAMA-WeST laboratories in partnership with UdeM and HEC are launching a research project on the management of internal threats. Our goal is to design advanced security features to protect against insider threat: define and automate insider threat analysis, deployment and security decision-making functions to detect and control insider threat.
The project is structured around three research themes:
1) Insider threat identification: intrusion detection, analysis techniques, artificial intelligence (knowledge modeling and automatic reasoning, machine learning)
2) Design of an integrated insider threat management solution: cyber defense techniques, incident responses, access control, digital investigation
3) Taking into account economic, ethical and regulatory constraints: organizational defense strategy against the internal threat: social, economic, ethical and legal aspects, secure management of data necessary for managing the internal threat
Professors involved in this project:
Polytechnique Montréal : Frédéric Cuppens, Nora Cuppens et Amal Zouaq
Université de Montréal : Benoit Dupont
HEC Montréal : Alina Dulipovici
Financing possibility
Financial support available
Amal Zouaq
Associate Professor
