Abstract—Today, organizations of all sizes face many difficulties in protecting their data, systems, and tools. One issue of particular concern is the insider threat. Insiders seek to use their privileges to undermine data confidentiality, validity, and availability. Any sabotage committed by someone within a company significantly harms the company’s integrity, credibility, and financial profits. Automated feature extraction methods face challenges when used to classify data due to their tendency sometimes to return inaccurate results, leading to overfitting. Furthermore, analyzing irregular data requires extensive manual feature detection. We propose an algorithm that represents an expert system that detects insiders and determines their risk level as well. After that, the decisive step will be to intersect the results obtained from a classification using multiple algorithms with those obtained from the internal detection algorithm using expert rules. This research uses several classification methods that can deal with this type of data to predict the status of insiders within a computer network. The main goal of this study is to improve the accuracy and efficiency of identifying insiders within a computer network. Model performance evaluation includes important parameters such as precision, recall, and F1 score. The highest classification accuracy is obtained at 0.99, and after combining these results with the results of the proposed algorithm, the accuracy is 100%. These results highlight the remarkable ability of these models to detect internal states accurately, providing encouraging possibilities for improving cyber security within a computer network.