To address three key challenges in insider threat detection—limited temporal modeling capability, low computational efficiency, and cross-modal information silos—this paper proposes a detection framework integrating the Mamba state-space model with cross-modal adaptive fusion. The framework aligns heterogeneous logs via behavioral sequence encoding and statistical feature extraction; employs a Mamba encoder to efficiently capture long-range dependencies in user behavior sequences; introduces a gated adaptive fusion mechanism to dynamically integrate sequential and statistical features; and incorporates a dynamic threshold optimization method based on maximum inter-class variance to mitigate class imbalance and concept drift. Experiments on multiple real-world enterprise log datasets demonstrate that the proposed method significantly outperforms conventional models and Transformers, achieving an average 12.7% improvement in F1-score and a 63% reduction in inference latency, while enhancing detection accuracy, inference speed, and real-time performance.

Enterprises are facing increasing risks of insider threats, while existing detection methods are unable to effectively address these challenges due to reasons such as insufficient temporal dynamic feature modeling, computational efficiency and real-time bottlenecks and cross-modal information island problem. This paper proposes a new insider threat detection framework MambaITD based on the Mamba state space model and cross-modal adaptive fusion. First, the multi-source log preprocessing module aligns heterogeneous data through behavioral sequence encoding, interval smoothing, and statistical feature extraction. Second, the Mamba encoder models long-range dependencies in behavioral and interval sequences, and combines the sequence and statistical information dynamically in combination with the gated feature fusion mechanism. Finally, we propose an adaptive threshold optimization method based on maximizing inter-class variance, which dynamically adjusts the decision threshold by analyzing the probability distribution, effectively identifies anomalies, and alleviates class imbalance and concept drift. Compared with traditional methods, MambaITD shows significant advantages in modeling efficiency and feature fusion capabilities, outperforming Transformer-based methods, and provides a more effective solution for insider threat detection.