Abstract

The increasing sophistication of insider threats and Advanced Persistent Threats (APTs) necessitates intelligent, proactive cybersecurity systems that go beyond traditional rule-based detection. This paper presents an integrated framework that combines behavioral biometrics with Cyber Threat Intelligence (CTI) ontologies for the predictive analysis of insider threats and APT actor behavior. Behavioral biometrics—such as keystroke dynamics, mouse movement, and touch gestures—are leveraged to establish dynamic, continuous identity verification baselines. These are semantically mapped using CTI ontologies, including MITRE ATT&CK and STIX/TAXII, to associate anomalous behavior with known adversary tactics, techniques, and procedures (TTPs). The proposed model employs multi-layered learning with clustering algorithms, Bayesian networks, and graph convolutional reasoning to detect behavioral deviations and attribute them to malicious intent. Empirical evaluations using a 12-month dataset of over 80,000 user behavior records show that the integrated system achieved an accuracy of over 92% in identifying insider threat activity and predicting APT behavioral patterns. Explainable AI techniques such as SHAP and LIME enhance interpretability, while fairness audits ensure ethical compliance. The findings demonstrate that integrating behavioral biometrics and CTI ontologies significantly improves detection fidelity, contextual awareness, and cyber threat mitigation. This work contributes to the development of cognitive, adaptive defense mechanisms essential for modern enterprise security.