This work addresses the limitation of existing deep sequential modeling approaches in insider threat detection, which often overlook behavioral statistical regularities—such as recurring patterns and frequency dynamics—thereby struggling to identify subtle, progressive anomalies. To overcome this, we propose MV-Gate, a novel multi-view behavioral modeling framework that explicitly integrates behavioral semantic sequences with multi-scale statistical features, including state signals and frequency deviations. A key innovation is the anomaly-aware gating mechanism, which dynamically modulates attention weights to enhance sensitivity to faint anomalous signals. Experimental results demonstrate that MV-Gate significantly outperforms current baselines on the CERT r4.2, CERT r5.2, and ADFA-LD datasets, particularly excelling in detecting gradual, low-intensity threats that evade conventional methods.

Insider threats often reveal early anomalies through disruptions in behavioral statistics-such as altered recurrence patterns or short-versus long-term frequency shifts-rather than changes in event semantics. Yet, as the field has shifted from statistical modeling to log tokenization and deep sequential encoders, these statistical cues are weakened or lost, leaving current models insensitive to gradual and low-visibility insider behaviors.We propose MV-Gate, a multi-view behavior modeling framework that explicitly integrates statistical regularities with sequence semantics. MV-Gate constructs three aligned behavioral sequences: activity tokens, multi-scale status signals capturing recurrence patterns, and frequency-deviation signals describing short- vs long-term intensity differences. An anomaly-aware gating mechanism injects these statistical views into the attention computation, guiding the encoder to emphasize statistically irregular events. Experiments on CERT r4.2, CERT r5.2, and ADFA-LD show that MV-Gate achieves notable gains over classical, deep-learning, and domain-specific baselines, particularly for progressive, weak-signal threats. These results highlight the necessity of jointly modeling statistical and sequential evidence for robust insider-threat detection.