Defending against Advanced Persistent Threats (APTs) is challenging due to uncertainty in insider threat preferences—malicious, negligent, or bribed—hindering effective defensive decision-making. Method: This paper proposes BG-FlipIn, the first framework integrating Bayesian game theory into the FlipIt model to formally capture incomplete-information adversarial interactions between defenders and heterogeneous insiders. Contribution/Results: We rigorously derive a closed-form Bayesian Nash equilibrium, explicitly characterizing the relationship among defense frequency, defense cost, and insider type preferences. The framework yields deterministic equilibrium strategies for all three insider types and demonstrates strong strategic robustness under parameter variations—without requiring real-time insider classification or frequent hyperparameter tuning. BG-FlipIn thus provides an interpretable, computationally tractable theoretical foundation and a practical decision-making paradigm for proactive defense against uncertain insider threats in APT scenarios.

In this paper, we study advanced persistent threats (APT) with an insider who has different preferences. To address the uncertainty of the insider's preference, we propose the BG-FlipIn: a Bayesian game framework for FlipIt-insider models with an investigation on malicious, inadvertent, or corrupt insiders. We calculate the closed-form Bayesian Nash Equilibrium expression and further obtain three edge cases with deterministic insiders corresponding to their Nash Equilibrium expressions. On this basis, we further discover several phenomena in APT related to the defender's move rate and cost, as well as the insider's preferences. We then provide decision-making guidance for the defender, given different parametric conditions. Two applications validate that our BG-FlipIn framework enables the defender to make decisions consistently, avoiding detecting the insider's concrete preference or adjusting its strategy frequently.