In recent years, internal attacks have posed a serious threat to the security of individuals, companies and even the country. Machine learning is currently a common method of insider threat detection. However, this technology requires a series of complex feature engineering, which has certain limitations in practical applications. This paper comprehensively considers the user's business operation behavior data and internal psychological data, and establishes an internal threat detection model to analyze their potential associations. The main tasks are as follows: In order to improve the fine-grained features of heterogeneous behavior log data and accurately reflect user behavior attributes, a session-based full feature extraction method is proposed. In this method, combined with a variational autoencoder, a long and shortterm memory variational autoencoder (LVE) model is proposed. Taking into account the time characteristics of user behavior, a long and short-term memory network is used in the codec part, that is, input data, generate hidden variables, and then restore output data through hidden variables. The results show that this method improves the recall rate compared with other algorithms. Finally, the main work and improvement prospects are summarized.