Modeling and Detecting Anomalous Topic Access Siddharth Gupta, Casey Hanson, Carl Gunter, Mario Frank, David Liebovitz, Bradley Malin There has been considerable success in developing strategies to detect insider threats in information systems based on what one might call the random object access model or ROA. This approach models illegitimate users as ones who randomly access records. The goal is to use statistics, machine learning, knowledge of hospital workflows and other techniques to support an anomaly detection framework that finds such users. In this paper we introduce and study a random topic access model, RTA, aimed at users whose access may well be illegitimate but is not fully random because it is focused on common hospital themes. We argue that this model is appropriate for a meaningful range of attacks and develop a system based on topic summarization that is able to formalize the model and provide anomalous user detection effectively for it. To this end, we propose a framework for evaluating the ability to recognize various types of random users called random topic access detection, or RTAD. Specifically, we utilize a combination of Latent Dirichlet Allocation (LDA), for feature extraction, and a k-nearest neighbor (k-NN) algorithm for outlier detection and evaluate the ability to identify different adversarial types relevant to the hospital ecosystem. Our results show varying degrees of success based on user roles and the anticipated characteristics of attackers.