This study addresses the challenges of insider threats and sensitive data leakage in complex networks of large organizations by proposing a multi-component collaborative detection model based on an enhanced Shamir’s Secret Sharing scheme. The model integrates a custom-designed hash function and multi-factor authentication, distributing key shares among multiple authorized components to enable distributed authentication, behavioral correlation, and anomaly detection. Implemented as a full-stack system on Google Cloud Platform—with a Python backend, PostgreSQL database, Docker containerization, and a frontend user interface—the approach demonstrates effective detection of insider attacks, including unauthorized path interruptions. Experimental results validate its capability to significantly enhance overall security posture while maintaining operational integrity within enterprise environments.

We design and develop a secret-sharing-scheme-based cyberattack detection model(S3CDM)that can detect unauthorized or illegal activities (especially insider attacks) and protect sensitive information within complex network infrastructures of large organizations. The model splits a secret among a group of legitimate participants or components for authentication, integration and detection of unauthorized activities. Traditional Shamir's polynomial interpolation based and our own hash function based schemes are utilized in the model, they both are practical and efficient to make sure the communications between different components are secure and any unauthorized activities can be detected. The model offers a flexible multi-factor authentication method to enhance the overall system security. Probability analysis [3] shows that multiple component model is more resistant against cyberattacks than the single component one. To demonstrate the feasibility, we implement the S3CDM in three parts on Google Cloud Platform, i.e., the front end UI (User Interface) running on an HTTP server, the back end individual services written in Python, and a PostgreSQL database. Docker is used to manage the start and stop of individual services and their URLs. We demonstrate how to use the UI with a use case of simulation of broken path in details.