System for Prediction and Early Detection of Insider Attacks (SPEDIA) Dataset

The SPEDIA dataset was developed as part of an academic cybersecurity project focused on insider threat detection and analysis. It was generated through a 30-day cyber exercise in which real users with technical backgrounds performed realistic insider attacks based on the MITRE ATT&CK framework.

The dataset integrates data from three sources:

1. Malicious activity performed by real participants during the cyber exercise.

2. Non-malicious activity simulated via a role-based behavioral model.

3. Synthetic events derived from the CERT Insider Threat dataset.

The dataset includes over 20 fields per event, capturing rich information such as SSH and FTP connections, command execution, HTTP and email activity, file modifications, and more. It features a balanced distribution of malicious and non-malicious events, making it suitable for training supervised anomaly detection models.

Applications:

• Training and evaluation of insider threat detection models.

• Behavioral analysis of users in controlled network environments.

• Validation of incident response and risk assessment tools.

Format: CSV (cleaned version, with 23 key columns)