Your search keyword '"Insider threat"' showing total 11 results

1. A Structured Control Selection Methodology for Insider Threat Mitigation.

Author

Roy, Puloma, Sengupta, Anirban, and Mazumdar, Chandan

Subjects

BUSINESS enterprises, ASSETS (Accounting), COMPUTER software

Abstract

An insider is a person or software that possesses positive authorization to access the asset(s) of an enterprise. In recent years, security incidents perpetrated by enterprise insiders have increased considerably. Enterprises attempt to mitigate such threats by implementing controls intuitively, on an ad-hoc basis. However, such intuitive control implementation is both time-consuming, as well as prone to errors, leading to insecure enterprise systems. The paper attempts to address this issue by proposing a structured methodology for the selection of relevant security controls. The technique is to model insider threats and security controls, and match their constituent components against each other. The proposed methodology has been illustrated with suitable examples. [ABSTRACT FROM AUTHOR]

Published

2021

2. Handling Insider Threat Through Supervised Machine Learning Techniques.

Author

Janjua, Faisal, Masood, Asif, Abbas, Haider, and Rashid, Imran

Subjects

SUPERVISED learning, SUPPORT vector machines, TELEMATICS, LINGUISTIC analysis, INFORMATION technology, EMAIL, SPAM email

Abstract

Information technology systems face increasing cyber security threats, mostly from insiders. Network security mechanism for insiders are not as strict as for rest. Also insider can easily bypass security or have legitimate access to confidential documents, therefore to detect and prevent insider threat is a growing challenge. The aim of this paper is to implement predictive models that are using linguistic analysis to determine an employee's risk level computer-mediated communication, particularly emails. The emails log part of the TWOS dataset has been analyzed using supervised machine learning techniques. The data set comprise behavior traces of 24 users observed over 5 days spam. Limited data issue have been addressed by avoiding complex models with many parameters. We have limited their normalization and ability to overfit by using existing pivotal models. The outcomes are collated and contrasted for the following algorithms: Adaboost, Naive Bayes (NB), Logistic Regression (LR), KNN, Linear Regression (LR) and Support Vector Machine (SVM). Among all these algorithms, Adaboost has outperformed with 98.3% Accuracy and 0.983 AUC for identification of malicious emails. [ABSTRACT FROM AUTHOR]

Published

2020

3. Improving Insider Threat Detection Through Multi-Modelling/Data Fusion.

Author

Brown, David P., Buede, Dennis, and Vermillion, Sean D.

Subjects

VIRTUAL work teams, DATA fusion (Statistics), QUESTION answering systems, VIOLENCE in the workplace, MULTISENSOR data fusion, BUSINESS losses, AIR travelers

Abstract

Insider threats within organizations can take a variety of forms including fraud, theft of classified or proprietary data, and workplace violence. Insiders can be overt individuals who commit deliberate acts against their organization, or inadvertent insiders who provide access to organizational IT systems. The damage from insider threats was estimated at an annualized average of $4.3M per company across a variety of industries in a 2016 study, which does not include the damage to an organization's reputation, loss of business, and decrease in company value. The Scientific advances to Continuous Insider Threat Evaluation (SCITE) program sponsored by the Intelligence Advanced Research Projects Activity (IARPA) was created to improve insider threat detection. In the first phase of this effort, three competing teams were provided aggregated individual performance data and asked to answer system performance questions on a range of complex challenge problems. The purpose was to be able to detect a subset of individuals from within the overall population of an organization that displayed a behavior or belonged to a group. Teams were scored on three metrics: mean squared error, calibrated certainty interval, and interval score. The team led by Innovative Decisions, Inc. (IDI) used a multiple model approach with data fusion to model these problems. This approach proved far superior to the methods used by the two other teams across all three metrics. The results of this research are applicable to any area where the objective is to identify a very small subset of a much larger group using incomplete, noisy data. Specific areas benefitting education and research include airline passenger screening, vetting of immigration or visa applications, and security clearance reviews. [ABSTRACT FROM AUTHOR]

Published

2019

4. A Structured Control Selection Methodology for Insider Threat Mitigation

Author

Anirban Sengupta, Puloma Roy, and Chandan Mazumdar

Subjects

business.industry, Computer science, Control (management), Authorization, Insider threat, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Asset (computer security), Security controls, Insider, Software, Enterprise system, 0202 electrical engineering, electronic engineering, information engineering, Selection (linguistics), General Earth and Planetary Sciences, 020201 artificial intelligence & image processing, business, computer, General Environmental Science

Abstract

An insider is a person or software that possesses positive authorization to access the asset(s) of an enterprise. In recent years, security incidents perpetrated by enterprise insiders have increased considerably. Enterprises attempt to mitigate such threats by implementing controls intuitively, on an ad-hoc basis. However, such intuitive control implementation is both time-consuming, as well as prone to errors, leading to insecure enterprise systems. The paper attempts to address this issue by proposing a structured methodology for the selection of relevant security controls. The technique is to model insider threats and security controls, and match their constituent components against each other. The proposed methodology has been illustrated with suitable examples.

Published

2021

5. Prevention of Insider Attacks by Integrating Behavior Analysis with Risk based Access Control Model to Protect Cloud.

Author

Babu, B. Mahesh and Bhanu, Mary Saira

Subjects

COMPUTER security, INFORMATION filtering, WEBSITE security, ACCESS control, SECURITY systems

Abstract

The most dangerous threats faced by organizations are insider attacks. Since insiders are aware of the underlying system, handling insider attack is a most deterring task. The volume of attacks posed by insiders on cloud is very much higher than the traditional systems, as the attack vector and scope of the attack is high in cloud 1 . Insider attack affects the reputation and productivity of the organization and drags it into losses. Insiders may cause damage accidentally or intentionally. Proper management of privileges reduces the threats posed by insiders. So by properly managing privileges, insider threats can be reduced. This paper proposes a privilege management mechanism which manages the users by incorporating risk, trust into an access control mechanism to develop more scalable and flexible prevention mechanism against insider attacks. [ABSTRACT FROM AUTHOR]

Published

2015

6. Improving Insider Threat Detection Through Multi-Modelling/Data Fusion

Author

Sean D. Vermillion, David P. Brown, and Dennis M. Buede

Subjects

Workplace violence, Computer science, business.industry, media_common.quotation_subject, Insider threat, Information technology, Computer security, computer.software_genre, Insider, Vetting, General Earth and Planetary Sciences, business, computer, General Environmental Science, Reputation, media_common

Abstract

Insider threats within organizations can take a variety of forms including fraud, theft of classified or proprietary data, and workplace violence. Insiders can be overt individuals who commit deliberate acts against their organization, or inadvertent insiders who provide access to organizational IT systems. The damage from insider threats was estimated at an annualized average of $4.3M per company across a variety of industries in a 2016 study, which does not include the damage to an organization’s reputation, loss of business, and decrease in company value. The Scientific advances to Continuous Insider Threat Evaluation (SCITE) program sponsored by the Intelligence Advanced Research Projects Activity (IARPA) was created to improve insider threat detection. In the first phase of this effort, three competing teams were provided aggregated individual performance data and asked to answer system performance questions on a range of complex challenge problems. The purpose was to be able to detect a subset of individuals from within the overall population of an organization that displayed a behavior or belonged to a group. Teams were scored on three metrics: mean squared error, calibrated certainty interval, and interval score. The team led by Innovative Decisions, Inc. (IDI) used a multiple model approach with data fusion to model these problems. This approach proved far superior to the methods used by the two other teams across all three metrics. The results of this research are applicable to any area where the objective is to identify a very small subset of a much larger group using incomplete, noisy data. Specific areas benefitting education and research include airline passenger screening, vetting of immigration or visa applications, and security clearance reviews.

Published

2019

7. Design and Implementation of a Comprehensive Insider Threat Ontology

Author

Justin Purl, James D. Lee, Abbas K. Zaidi, and Frank L. Greitzer

Subjects

Knowledge management, business.industry, Computer science, Insider threat, 020206 networking & telecommunications, 02 engineering and technology, Ontology language, Ontology (information science), Knowledge base, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, 020201 artificial intelligence & image processing, business, Threat assessment, General Environmental Science

Abstract

We describe the development and envisioned use case applications of a comprehensive insider threat ontology—“Sociotechnical and Organizational Factors for Insider Threat” (SOFIT)—that comprises more than 300 indicators of technical, behavioral, and organizational factors. Requirements, design, and engineering development for the Web Ontology Language (OWL) implementation of the SOFIT knowledge base are reviewed; additional relationships among constructs are defined that extend the representation beyond a simple taxonomic hierarchy and that enable inferences for qualitative and quantitative threat assessment. We show how queries may be constructed to support these inferences and threat assessments. Several major application concepts are reviewed to show how the ontology may be used by the insider threat research and operational communities. To this end, the SOFIT knowledge base may be shared with stakeholders to advance research and practice for proactive insider threat mitigation.

Published

2019

8. A Continuous Re-Authentication Approach Using Ensemble Learning.

Author

Xiaojun, Chen, Zicheng, Wei, Yiguo, Pu, and Jinqiao, Shi

Subjects

COMPUTER access control, MACHINE learning, HUMAN-computer interaction, COMPUTER security, CYBERTERRORISM, PROBLEM solving

Abstract

Abstract: Insider threat becomes a more and more serious problem to organizations. Identify theft is a common attack method among various attack methods from insider. And it is very hard to detection since the attacker acts as a legal identity. Existing researches focus on Human Computer Interaction (HCI) behavior such as keystroke dynamics or mouse dynamics to detection this kind of attack. Based on an obvious observable that different applications show different HCI behavioral patterns (rich-key-operations or rich-mice-operations), we demonstrate that single authentication method is not efficient always in full time work period. In this paper, we provide an ensemble re-authentication approach to detection identify theft in real time, which combine the classification of keystroke-classifier and mice-classifier to determine whether the current operations is produced by the real legitimate user or not. Our experiment proves this new approach is efficient and can provide consistent detection ability with high accuracy. [Copyright &y& Elsevier]

Published

2013

9. Prevention of Insider Attacks by Integrating Behavior Analysis with Risk based Access Control Model to Protect Cloud

Author

Mary Saira Bhanu and B. Mahesh Babu

Subjects

Risk, Scope (project management), business.industry, Computer science, Keystroke dynamics, media_common.quotation_subject, Internet privacy, Insider threat, Cloud computing, Access control, Computer security, computer.software_genre, Task (project management), Insider, Trust, General Earth and Planetary Sciences, Insider attack, Privilege Management Infrastructure, business, Cloud, computer, General Environmental Science, Reputation, media_common

Abstract

The most dangerous threats faced by organizations are insider attacks. Since insiders are aware of the underlying system, handling insider attack is a most deterring task. The volume of attacks posed by insiders on cloud is very much higher than the traditional systems, as the attack vector and scope of the attack is high in cloud1. Insider attack affects the reputation and productivity of the organization and drags it into losses. Insiders may cause damage accidentally or intentionally. Proper management of privileges reduces the threats posed by insiders. So by properly managing privileges, insider threats can be reduced. This paper proposes a privilege management mechanism which manages the users by incorporating risk, trust into an access control mechanism to develop more scalable and flexible prevention mechanism against insider attacks.

Published

2015

10. Insider Threat Detection Using Log Analysis and Event Correlation

Author

Amruta Ambre and Narendra Shekokar

Subjects

false alarm rate, Computer science, Event (computing), event correlation, Probabilistic logic, Insider threat, Intrusion detection system, Root cause, computer.software_genre, Computer security, Bayesian detection rate, Security, General Earth and Planetary Sciences, log analysis, Data mining, Log management, Event correlation, computer, General Environmental Science

Abstract

Insider threat is one of the most dangerous security threat, and a much more complex issue. These insiders can be a former or a disgruntled employee or any business associate that has or had an authorised access to information for any particular organization. They have control and security measures. Hence continuous monitoring is essential to track each and every activity within the network. Log management is a strong technique which includes both Log analysis with event correlation which provides the root cause of any attack and network can be protected from security violations. Though intrusion detection is complex process, while checking the ability to detect intrusive behaviour within the internal environment, it has to take care of suppressing the false alarm rate. Some strong approach is required on the basis of which decisions can be taken fast. This paper proposes a probabilistic approach which illustrates the frequency of occurrence of event in percentage while still considering the false alarm rate at an acceptable level.

11. A Continuous Re-Authentication Approach Using Ensemble Learning

Author

Pu Yiguo, Shi Jinqiao, Chen Xiaojun, and Wei Zicheng

Subjects

Focus (computing), Authentication, Computer science, Detection of Indentify Theft, Insider threat, Computer security, computer.software_genre, Re-Authentication, Ensemble learning, Insider, Keystroke dynamics, Identity (object-oriented programming), General Earth and Planetary Sciences, Behavior Biometrics, computer, General Environmental Science, Ensemble Learning

Abstract

Insider threat becomes a more and more serious problem to organizations. Identify theft is a common attack method among various attack methods from insider. And it is very hard to detection since the attacker acts as a legal identity. Existing researches focus on Human Computer Interaction (HCI) behavior such as keystroke dynamics or mouse dynamics to detection this kind of attack. Based on an obvious observable that different applications show different HCI behavioral patterns (rich-key-operations or rich-mice-operations), we demonstrate that single authentication method is not efficient always in full time work period. In this paper, we provide an ensemble re-authentication approach to detection identify theft in real time, which combine the classification of keystroke-classifier and mice-classifier to determine whether the current operations is produced by the real legitimate user or not. Our experiment proves this new approach is efficient and can provide consistent detection ability with high accuracy.