Security protocols have been widely used to safeguard secure electronic transactions. We usually assume that principals are credible and shall not maliciously disclose their individual secrets to someone else. Nevertheless, it is impractical to completely ignore the possibility that some principals may collude in private to achieve a fraudulent or illegal purpose. Therefore, it is critical to address the possibility of collusion attacks in order to correctly analyse security protocols. This paper proposes a framework by which to detect collusion attacks in security protocols. The possibility of security threats from insiders is especially taken into account. The case study demonstrates that our methods are useful and promising in discovering and preventing collusion attacks.