Protecting sensitive data against malicious or compromised insiders is a big concern. In most cases, insiders have authorized access in file systems containing such data which they misuse or exfiltrate for financial profit. Moreover, external parties can compromise identity credentials of valid file system users by means of exploiting security vulnerabilities, phishing attacks etc. Therefore, in order to protect sensitive information from such attackers, security measures, e.g., access control and encryption are often combined with anomaly detection. Anomaly detection is based on the key observation that the access behavior of an attacker is significantly different from the regular access pattern of a benign user. However, due to the complexity of users' interactions with a file system, the modeling of user profiles is a challenging problem. As a result, most of the existing anomaly detection techniques suffer from poor user profiles that contribute to high false positive and high false negative rates. In this paper, we propose an approach that as a first step discovers the users' tasks (sets of file accesses that represent distinct file system activities) by applying frequent sequence mining on the access log. In the next step, our approach builds robust temporal user profiles by extensively analyzing the timestamp information of users' file system accesses and thus precisely models the relation between the users' tasks and their temporal properties using a multilevel temporal data structure. Finally, we evaluate the performance of our approach on a real dataset.