Insiders, who have the lawful authority in network information system, formed a huge threat to security by abuse and misuse of authority. It has become one of huge challenge to the security of information system. Against the features of more subtle and more difficult to find, this paper study how to perceive the trusted behavior of insiders with behavior-based attestation. Taking into account the impact of various uncertainties in monitoring and perception process, dynamic awareness model of insider threat is presented based on subjective logic. In order to find the insider threats, monitoring data of actual behaviors are compared with operation tree; legality of the user behavior dynamically analyzed according to historical experience and current experience; the trust of user behavior legitimacy is represented as trust point in subjective logic. Finally, experiments are employed to test the validity and applicability of proposed method.
