Search

Your search keyword '"Insider threat"' showing total 1,479 results
Start Over Descriptor "Insider threat"
1,479 results on '"Insider threat"'

2. Sentiment classification for insider threat identification using metaheuristic optimized machine learning classifiers

Author

Djordje Mladenovic, Milos Antonijevic, Luka Jovanovic, Vladimir Simic, Miodrag Zivkovic, Nebojsa Bacanin, Tamara Zivkovic, and Jasmina Perisic

Subjects
Insider threat, Natural language processing, Hyperparameter optimization, XGBoost, AdaBoost, Medicine, Science
Abstract

Abstract This study examines the formidable and complex challenge of insider threats to organizational security, addressing risks such as ransomware incidents, data breaches, and extortion attempts. The research involves six experiments utilizing email, HTTP, and file content data. To combat insider threats, emerging Natural Language Processing techniques are employed in conjunction with powerful Machine Learning classifiers, specifically XGBoost and AdaBoost. The focus is on recognizing the sentiment and context of malicious actions, which are considered less prone to change compared to commonly tracked metrics like location and time of access. To enhance detection, a term frequency-inverse document frequency-based approach is introduced, providing a more robust, adaptable, and maintainable method. Moreover, the study acknowledges the significant impact of hyperparameter selection on classifier performance and employs various contemporary optimizers, including a modified version of the red fox optimization algorithm. The proposed approach undergoes testing in three simulated scenarios using a public dataset, showcasing commendable outcomes.

Published
2024
Full Text
View/download PDF

3. Unveiling Human Factors: Aligning Facets of Cybersecurity Leadership, Insider Threats, and Arsonist Attributes to Reduce Cyber Risk

Author

Laura A. Jones

Subjects
arsonist, criminology, cybersecurity, fire-setting, human factors, insider threat, organizational arsonist, motivation, pyromania, risk management, Sociology (General), HM401-1281, Economic history and conditions, HC10-1085
Abstract

This qualitative study is a systematic literature review (draws on literature primarily published within the last five years) addresses a comprehensive approach to a crucial but often overlooked aspect of cybersecurity: the human factors underlying insider threats. Attention is focused on the so-called “organizational arsonists” – individuals who willfully seek to adversely impact the organization by inducing anarchy aligned with their own motivations, insiders who purposefully damage their companies using digital methods, someone intentionally causing mayhem within a company, which can be criminal in cyber environments. The purpose of the research is to identify how cybersecurity leadership can effectively detect and mitigate the risks associated with insiders, particularly those exhibiting arsonist-like behaviors. Review uncovering that organizational arsonists can escalate cybersecurity risks substantially, with insider incidents costing organizations an average of $16.2 million per incident. These incidents now represent a persistent challenge, increasing in frequency by 68% over the past year according to the 2022 Insider Threat Report. The findings highlight the necessity of leadership strategies that preemptively recognize and neutralize potential insider threats to improve organizational resilience and security posture. This approach not only informs current cybersecurity practices but also aids in the development of targeted policies and refined regulatory measures. By integrating insights from psychology, criminology, and cybersecurity, the study provides a comprehensive understanding of the human elements influencing insider threats, essential for enhancing both academic knowledge and practical applications in risk management. The results showed a parallel between the motivations of arsonists who set physical fires to the characteristics and motivations of insider threats who exploit organizational vulnerabilities. The impact of this research can be helpful in assisting cybersecurity professionals, leaders who strategize against cyber threats, and risk managers and analysts who understand and mitigate human factors and insider threats. Leaders and executives may use these insights to improve security resource allocation and culture. Policymakers and regulators may use the study’s results to create more nuanced cybersecurity legislation, while academics and students in related disciplines can use it for future research.

Published
2024
Full Text
View/download PDF

4. Employee risk recognition and reporting of malicious elicitations: longitudinal improvement with new skills-based training.

Author

Caputo, Deanna D., Danley, Lura, and Ratcliff, Nathaniel J.

Subjects
PERFORMANCE awards, ELICITATION technique, TEXT messages, EMPLOYEE training, NATIONAL security
Abstract

Numerous security domains would benefit from improved employee risk recognition and reporting through effective security training. This study assesses the effectiveness of a new skills-based training approach to improve risk recognition and reporting of malicious elicitations. Malicious elicitations are techniques that strategically use conversation (i.e., online, in writing, in person, or over the phone) with the sole purpose of collecting sensitive, non-publicly available information about business operations, people, or technological assets without raising suspicion. To an untrained observer, a skilled elicitor can make conversations seem analogous to many professional networking situations such as those experienced over email and at conferences. A 12-month longitudinal experimental study was conducted to test training effectiveness on employees of a large corporation that focuses on serving national security needs and the public interest. Half of participants were randomly assigned to receive traditional awareness-based training (i.e., reviewing informational slides) while the other half of participants received a new skills-based training that allowed them--over the course of five weeks--to iteratively practice skills learned in the training and receive feedback on their performance in their day-to-day work environment. Following training for both experimental groups, malicious elicitations and benign professional networking test messages were sent (via email & text message) to unaware employee participants for 12 months. Findings revealed that skillsbased training improved reporting of malicious elicitations and lasted for up to 12 months compared to traditional awareness-based training.e [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

5. “The pull to do nothing would be strong”: limitations & opportunities in reporting insider threats.

Author

Holden, Heather, Munro, Victor, Tsakiris, Lina, and Wilner, Alex

Subjects
*COGNITIVE dissonance, *NATIONAL security, *FINANCIAL services industry, *ACQUISITION of data, *LABOR supply
Abstract

Though a reporting mechanism, in which employees report suspicious and/or potentially malicious coworker behavior, is thought to be important to tackling insider risk, the literature on the subject is sparse and unconvincing. Empirical evidence of the actual use and utility of this type of detection mechanism is slim. Our article explores the propensity of employees to report a coworker’s concerning behavior suspected to be related to insider activity that would negatively impact an organization. This study uses an inductive approach and qualitative analysis of original interview data collected from 16 financial services organizations to explore attitudes and opinions about reporting a coworker’s concerning behavior, providing lessons on countering insider threats useful across industries and national security domains. The results show that there is confusion, uncertainty, and cognitive dissonance surrounding institutional reporting mechanisms, with some participants expressing both affirmative and negative opinions about their personal likelihood of reporting. Employees do want to report concerning coworker behavior that suggests an insider threat, but not at their own expense. These results are consistent with those from other studies and sectors. Our study will assist organizations in refining their assumptions around workforce attitudes regarding the reporting of coworkers. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

6. Time Aspect of Insider Threat Mitigation.

Author

Savchenko, V., Dzyuba, T., Matsko, O., Novikova, I., Havryliuk, I., and Polovenko, V.

Subjects
*MARKOV processes, *PSEUDOPOTENTIAL method, *CYBERTERRORISM, *SECURITY systems, *ORGANIZATION
Abstract

The article reveals the problem of mitigating an insider threat by creating a timebalanced security system in an organization. Based on Markov chain, the authors propose a basic model of interaction in an "organization - insider" system. The article analytically defines a ratio between the time of an insider attack and the time during which the organization's security system can neutralize it. The authors propose a concept of a multi-level system of organization protection, which takes into account the involved resources and practical skills of employees, as well as security services. At the end of the article, it is concluded that the proposed concept of the organization's protection system will be effective against potential insider attacks. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

7. Fiends and Fools: A Narrative Review and Neo-socioanalytic Perspective on Personality and Insider Threats.

Author

Marbut, A. R. and Harms, P. D.

Subjects
*COUNTERPRODUCTIVITY (Labor), *PERSONALITY, *WORK-related injuries
Abstract

Insider threats represent a serious threat to organizations but are considered to be difficult to predict and prevent. Although a growing body of research has examined personological antecedents to insider threats, this literature lacks a unifying theoretical perspective connecting the characteristics that have been researched. In addition to cataloging the personality factors that have been associated with insider threat behaviors, this review also proposes neo-socioanalytic theory as a useful framework for organizing these factors and for distinguishing insider threats from counterproductive work behaviors and workplace accidents. The majority of risk and protective factors related to insider threats were shared for both malicious and non-malicious insider threat behaviors. However, the prior literature strongly suggests that malicious threats are motivated by selfishness and the rationalization of immoral behavior, while non-malicious threats are better understood as being associated with maladjustment and curiosity. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

8. National Security, Insider Threat Programs, and the Compliance-Industrial Complex: Reflections on Platformization in Corporate Policing, Intelligence, and Security

Author

Kuldova, Tereza Østbø, Aston, Elizabeth, Series Editor, Rowe, Michael, Series Editor, Bacon, Matthew, Editorial Board Member, Bartkowiak-Theron, Isabelle, Editorial Board Member, de Kimpe, Sofie, Editorial Board Member, du Maillard, Jacques, Editorial Board Member, Fyfe, Nick, Editorial Board Member, Huey, Laura, Editorial Board Member, Loftus, Bethan, Editorial Board Member, Malik, Ali, Editorial Board Member, Marks, Monique, Editorial Board Member, Nurse, Angus, Editorial Board Member, Porter, Louise, Editorial Board Member, Ugwudike, Pamela, Editorial Board Member, Willis, James J, Editorial Board Member, Wooff, Andrew, Editorial Board Member, Jaishankar, K., Editorial Board Member, Kuldova, Tereza Østbø, editor, Gundhus, Helene Oppen Ingebrigtsen, editor, and Wathne, Christin Thea, editor

Published
2024
Full Text
View/download PDF

9. Insider Threat Defense Strategies: Survey and Knowledge Integration

Author

Song, Chengyu, Zhang, Jingjing, Ma, Linru, Hu, Xinxin, Zheng, Jianming, Yang, Lin, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Cao, Cungeng, editor, Chen, Huajun, editor, Zhao, Liang, editor, Arshad, Junaid, editor, Asyhari, Taufiq, editor, and Wang, Yonghao, editor

Published
2024
Full Text
View/download PDF

12. A Study on Historical Behaviour Enabled Insider Threat Prediction

Author

Xiao, Fan, Hong, Wei, Yin, Jiao, Wang, Hua, Cao, Jinli, Zhang, Yanchun, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Song, Xiangyu, editor, Feng, Ruyi, editor, Chen, Yunliang, editor, Li, Jianxin, editor, and Min, Geyong, editor

Published
2024
Full Text
View/download PDF

17. M-EOS: modified-equilibrium optimization-based stacked CNN for insider threat detection.

Author

Anju, A. and Krishnamurthy, M.

Subjects
*CONVOLUTIONAL neural networks, *CYBERTERRORISM, *LEARNING strategies, *INFORMATION organization
Abstract

Insider threats remain a serious anxiety for organizations, government agencies, and businesses. Normally, the most hazardous cyber attacks are formed by trusted insiders and not by malicious outsiders. The malicious behaviors resulting from unplanned or planned mishandling of resources, data, networks, and systems of an organization constitute an insider threat. The unsupervised behavioral anomaly detection methods are mostly developed by the traditional machine learning methods for identifying unusual or anomalous variations in user behavior. The insider threat mainly originates from an individual inside the organization who is a current or former employee who has access to sensitive information about the organization. For achieving an improvement over traditional methods, the Stacked Convolutional Neural Network- Attentional Bi-directional Gated Recurrent Unit model is proposed in this paper to detect insider threats. The CNN-Attentional BiGRU model utilizes the user activity logs and user information for time-series classification. Using the log files, the temporal data representations, and weekly and daily numerical features from various sub-models of CNN are learned by the stacked generalization. Based on the chosen feature vectors, a model is trained on the CERT insider threat dataset. The stacked CNN is combined with the Attentional BiGRU model to incorporate more complex features of the user activity logs and user data during each convolution operation without raising network parameters. Thus the classification performance is improved with less complexity. The non-linear time control, chaos-based strategy, update rules, and opposite-based learning strategies are evaluated for generating the Modified-Equilibrium Optimization. The simulation outputs obtained by the model are 92.52% accuracy, 98% Precision, 95% Recall, and 96% F1-score. Thus, the proposed model has reached higher detection performance. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

18. Unveiling Human Factors: Aligning Facets of Cybersecurity Leadership, Insider Threats, and Arsonist Attributes to Reduce Cyber Risk.

Author

Jones, Laura A.

Subjects
INTERNET security, LEADERSHIP, CRIMINOLOGY, RESOURCE allocation, RISK management in business
Abstract

This qualitative study is a systematic literature review (draws on literature primarily published within the last five years) addresses a comprehensive approach to a crucial but often overlooked aspect of cybersecurity: the human factors underlying insider threats. Attention is focused on the so-called "organizational arsonists" -- individuals who willfully seek to adversely impact the organization by inducing anarchy aligned with their own motivations, insiders who purposefully damage their companies using digital methods, someone intentionally causing mayhem within a company, which can be criminal in cyber environments. The purpose of the research is to identify how cybersecurity leadership can effectively detect and mitigate the risks associated with insiders, particularly those exhibiting arsonist -like behaviors. Review uncovering that organizational arsonists can escalate cybersecurity risks substantially, with insider incidents costing organizations an average of $16.2 million per incident. These incidents now represent a persistent challenge, increasing in frequency by 68% over the past year according to the 2022 Insider Threat Report. The findings highlight the necessity of leadership strategies that preemptively recognize and neutralize potential insider threats to improve organizational resilience and security posture. This approach not only informs current cybersecurity practices but also aids in the development of targeted policies and refined regulatory measures. By integrating insights from psychology, criminology, and cybersecurity, the study provides a comprehensive understanding of the human elements influencing insider threats, essential for enhancing both academic knowledge and practical applications in risk management. The results showed a parallel between the motivations of arsonists who set physical fires to the characteristics and motivations of insider threats who exploit organizational vulnerabilities. The impact of this research can be helpful in assisting cybersecurity professionals, leaders who strategize against cyber threats, and risk managers and analysts who understand and mitigate human factors and insider threats. Leaders and executives may use these insights to improve security resource allocation and culture. Policymakers and regulators may use the study's results to create more nuanced cybersecurity legislation, while academics and students in related disciplines can use it for future research. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

19. Employee risk recognition and reporting of malicious elicitations: longitudinal improvement with new skills-based training

Author

Deanna D. Caputo, Lura Danley, and Nathaniel J. Ratcliff

Subjects
security, insider threat, insider risk, malicious elicitation, skills-based training, employee training, Psychology, BF1-990
Abstract

Numerous security domains would benefit from improved employee risk recognition and reporting through effective security training. This study assesses the effectiveness of a new skills-based training approach to improve risk recognition and reporting of malicious elicitations. Malicious elicitations are techniques that strategically use conversation (i.e., online, in writing, in person, or over the phone) with the sole purpose of collecting sensitive, non-publicly available information about business operations, people, or technological assets without raising suspicion. To an untrained observer, a skilled elicitor can make conversations seem analogous to many professional networking situations such as those experienced over email and at conferences. A 12-month longitudinal experimental study was conducted to test training effectiveness on employees of a large corporation that focuses on serving national security needs and the public interest. Half of participants were randomly assigned to receive traditional awareness-based training (i.e., reviewing informational slides) while the other half of participants received a new skills-based training that allowed them—over the course of five weeks—to iteratively practice skills learned in the training and receive feedback on their performance in their day-to-day work environment. Following training for both experimental groups, malicious elicitations and benign professional networking test messages were sent (via email & text message) to unaware employee participants for 12 months. Findings revealed that skills-based training improved reporting of malicious elicitations and lasted for up to 12 months compared to traditional awareness-based training.

Published
2024
Full Text
View/download PDF

20. FedITD: A Federated Parameter-Efficient Tuning With Pre-Trained Large Language Models and Transfer Learning Framework for Insider Threat Detection

Author

Zhi Qiang Wang, Haopeng Wang, and Abdulmotaleb El Saddik

Subjects
Cybersecurity, insider threat, deep learning, transformer, BERT, RoBERTa, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Insider threats cause greater losses than external attacks, prompting organizations to invest in detection systems. However, there exist challenges: 1) Security and privacy concerns prevent data sharing, making it difficult to train robust models and identify new attacks. 2) The diversity and uniqueness of organizations require localized models, as a universal solution could be more effective. 3) High resource costs, delays, and data security concerns complicate building effective detection systems. This paper introduces FedITD, a flexible, hierarchy, and federated framework with local real-time detection systems, combining Large Language Models (LLM), Federated Learning (FL), Parameter Efficient Tuning (PETuning), and Transfer Learning (TF) for insider threat detection. FedITD uses FL to protect privacy while indirect integrating client information and employs PETuning methods (Adapter, BitFit, LoRA) with LLMs (BERT, RoBERTa, XLNet, DistilBERT) to reduce resource use and time delay. FedITD customizes client models and optimizes performance via transfer learning without central data transfer, further enhancing the detection of new attacks. FedITD outperforms other federated learning methods and its performance is very close to the best centrally trained method. Extensive experiment results show FedITD’s superior performance, adaptability to varied data, and reduction of resource costs, achieving an optimal balance in detection capabilities across source data, unlabeled local data, and global data. Alternative PETuning implementations are also explored in this paper.

Published
2024
Full Text
View/download PDF

21. A Review of the Insider Threat, a Practitioner Perspective Within the U.K. Financial Services

Author

Findlay Whitelaw, Jackie Riley, and Nebrase Elmrabit

Subjects
Financial services, insider threat, insider threat strategies, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

The insider threat within organisational cybersecurity continues to be of great concern globally. The current insider threat detection strategies are acknowledged as ineffective, evidenced by the increased reported events in high-profile insider threats and cyber data loss cases borne from insider and privilege misuse. The impact of insider incidents on Financial Service (FS) organisations is vast, operationally disruptive, and costly from a regulatory, financial, and reputational perspective. Many United Kingdom (UK) FS organisations have invested in insider risk programmes, but there is no sign of the insider threat diminishing. This paper will address the following research questions: 1) What factors influence employees to become malicious insider threats and apply this to employees working within the UK? 2) What preventative measures could be effectively operationalised within UK FS organisations to prevent malicious insider attacks? A literature review was conducted, reviewing 54 articles in peer-reviewed journals. Additional and relevant articles were incorporated to enrich the review, further substantiating the academic currency and context of the study. The review reveals five primary emerging insider threat themes, subsequently discussed and including behavioural indicators, information security behaviours, technical controls, insider threat strategies, and regulation. Throughout the literature review, one primary challenge highlighted the lack of articles published concerning the FS industry; however, the studies reviewed were relevant, appropriate, and applied across this review. Furthermore, the review also considers outcomes from a practitioner’s perspective, offering insights into the limitations of insider threat approaches and strategies and offering potential recommendations.

Published
2024
Full Text
View/download PDF

25. Robust Federated Learning for execution time-based device model identification under label-flipping attack.

Author

Sánchez Sánchez, Pedro Miguel, Huertas Celdrán, Alberto, Buendía Rubio, José Rafael, Bovet, Gérôme, and Martínez Pérez, Gregorio

Subjects
*FEDERATED learning, *DATA privacy, *DEEP learning, *ELECTRONIC data processing, *HUMAN fingerprints, *DATA protection
Abstract

The computing device deployment explosion experienced in recent years, motivated by the advances of technologies such as Internet-of-Things (IoT) and 5G, has led to a global scenario with increasing cybersecurity risks and threats. Among them, device spoofing and impersonation cyberattacks stand out due to their impact and, usually, low complexity required to be launched. To solve this issue, several solutions have emerged to identify device models and types based on the combination of behavioral fingerprinting and Machine/Deep Learning (ML/DL) techniques. However, these solutions are not appropriate for scenarios where data privacy and protection are a must, as they require data centralization for processing. In this context, newer approaches such as Federated Learning (FL) have not been fully explored yet, especially when malicious clients are present in the scenario setup. The present work analyzes and compares the device model identification performance of a centralized DL model with an FL one while using execution time-based events. For experimental purposes, a dataset containing execution-time features of 55 Raspberry Pis belonging to four different models has been collected and published. Using this dataset, the proposed solution achieved 0.9999 accuracy in both setups, centralized and federated, showing no performance decrease while preserving data privacy. Later, the impact of a label-flipping attack during the federated model training is evaluated using several aggregation mechanisms as countermeasures. Zeno and coordinate-wise median aggregation show the best performance, although their performance greatly degrades when the percentage of fully malicious clients (all training samples poisoned) grows over 50%. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

26. Developing Novel Deep Learning Models to Detect Insider Threats and Comparing the Models from Different Perspectives.

Author

Görmez, Yasin, Arslan, Halil, Işık, Yunus Emre, and Gündüz, Veysel

Abstract

Copyright of International Journal of InformaticsTechnologies is the property of Institute of Informatics, Gazi University and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published
2024
Full Text
View/download PDF

27. Enhancing Insider Malware Detection Accuracy with Machine Learning Algorithms †.

Author

Kabir, Md. Humayun, Hasnat, Arif, Mahdi, Ahmed Jaser, Hasan, Mohammad Nadib, Chowdhury, Jaber Ahmed, and Fahim, Istiak Mohammad

Subjects
MACHINE learning, DIGITAL technology, RANDOM forest algorithms, FEATURE extraction, DECISION trees, BOOSTING algorithms
Abstract

One of the biggest cybersecurity challenges in recent years has been the risk that insiders pose. Internet consumers are susceptible to exploitation due to the exponential growth of network usage. Malware attacks are a major concern in the digital world. The potential occurrence of this threat necessitates specialized detection techniques and equipment, including the capacity to facilitate the precise and rapid detection of an insider threat. In this research, we propose a machine learning algorithm using a neural network to enhance malware detection accuracy in response to insider threats. A feature extraction, anomaly detection, and classification workflow are also proposed. We use the CERT4.2 dataset and preprocess the data by encoding text strings and differentiating threat and non-threat records. Our developed machine learning model incorporates numerous dense layers, ReLU activation functions, and dropout layers for regularization. The model attempts to detect and classify internal threats in the dataset with precision. We employed random forest, naive Bayes, KNN, SVM, decision tree, logical regression, and the gradient boosting algorithm to compare our proposed model with other classification techniques. Based on the results of the experiments, the proposed method functions properly and can detect malware more effectively and with 100% accuracy. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

28. Insider Threat Detection Based on Deep Clustering of Multi-Source Behavioral Events.

Author

Wang, Jiarong, Sun, Qianran, and Zhou, Caiqiu

Subjects
MACHINE learning, FUZZY algorithms, FEATURE extraction
Abstract

With the continuous advancement of enterprise digitization, insider threats have become one of the primary cybersecurity concerns for organizations. Therefore, it is of great significance to develop an effective insider threat detection mechanism to ensure the security of enterprises. Most methods rely on artificial feature engineering and input the extracted user behavior features into a clustering-based unsupervised machine learning model for insider threat detection. However, feature extraction is independent of clustering-based unsupervised machine learning. As a result, user behavior features are not the most appropriate for clustering-based unsupervised machine learning, and thus, they reduce the insider threat detection accuracy. This paper proposes an insider threat detection method based on the deep clustering of multi-source behavioral events. On the one hand, the proposed method constructs an end-to-end deep clustering network and automatically learns the user behavior feature expression from multi-source behavioral event sequences. On the other hand, a deep clustering objective function is presented to jointly optimize the learning of feature representations and the clustering task for insider threat detection. This optimization can adjust the optimal user behavior features for the clustering model to improve the insider threat detection accuracy. The experimental results show that the proposed end-to-end insider threat detection model can accurately identify insider threats based on abnormal multi-source user behaviors in enterprise networks. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

29. Insider Threat Detection on an Imbalanced Dataset Using Balancing Methods

Author

Dinardo, Keir, Lemoudden, Mouad, Ahmad, Jawad, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, and Arai, Kohei, editor

Published
2023
Full Text
View/download PDF

30. Analyzing Information Security Among Nonmalicious Employees

Author

Morris, Elerod D., Muller, S. Raschid, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Nguyen, Thi Dieu Linh, editor, Verdú, Elena, editor, Le, Anh Ngoc, editor, and Ganzha, Maria, editor

Published
2023
Full Text
View/download PDF

31. To Catch a Thief: Examining Socio-technical Variables and Developing a Pathway Framework for IP Theft Insider Attacks

Author

Whitty, Monica T., Ruddy, Christopher, Keatley, David A., Rannenberg, Kai, Editor-in-Chief, Soares Barbosa, Luís, Editorial Board Member, Goedicke, Michael, Editorial Board Member, Tatnall, Arthur, Editorial Board Member, Neuhold, Erich J., Editorial Board Member, Stiller, Burkhard, Editorial Board Member, Stettner, Lukasz, Editorial Board Member, Pries-Heje, Jan, Editorial Board Member, Kreps, David, Editorial Board Member, Rettberg, Achim, Editorial Board Member, Furnell, Steven, Editorial Board Member, Mercier-Laurent, Eunika, Editorial Board Member, Winckler, Marco, Editorial Board Member, Malaka, Rainer, Editorial Board Member, and Clarke, Nathan, editor

Published
2023
Full Text
View/download PDF

32. Analysis of Malicious Intruder Threats to Data Integrity

Author

Padiet, Peter, Islam, Rafiqul, Khan, M. Arif, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Daimi, Kevin, editor, and Al Sadoon, Abeer, editor

Published
2023
Full Text
View/download PDF

33. MUEBA: A Multi-model System for Insider Threat Detection

Author

Liu, Jing, Zhang, Jingci, Du, Changcun, Wang, Dianxin, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Xu, Yuan, editor, Yan, Hongyang, editor, Teng, Huang, editor, Cai, Jun, editor, and Li, Jin, editor

Published
2023
Full Text
View/download PDF

34. Cloud leakage in higher education in South Africa: A case of University of Technology

Author

Tshepiso Ntloedibe, Thato Foko, and Mmatshuene A. Segooa

Subjects
cloud computing, data leakage, insider threat, information security, information systems security policies, Management information systems, T58.6-58.62, Information theory, Q350-390
Abstract

Background: Users with knowledge of an organisation can pose risks to Cloud Computing, including current and past employees and external stakeholders with access to the organisation’s cloud. These insiders may engage in intentional or unintentional disruptive behaviors, causing significant harm to the organisation. A study focused on insider threats in South African higher education examined the tactics used by cybersecurity leaders to enforce cybersecurity policies. Objectives: The goal of this study was to develop a comprehensive insider mitigation framework for cloud leakage in a South African University. Method: The study employed qualitative methodologies and a case study approach. Open-ended interviews were conducted to collect data from the participants. The collected data was coded and analysed using ATLAS.ti 22. Results: The study’s findings revealed that some of the major sources of cloud leakage are a lack of effective training, ineffective information security (IS) policy regulation, and the implementation of information security awareness workshops that provided advice on how information security should be managed in the university. Conclusion: Insider threats pose a serious risk to organisations. To mitigate this threat, it is crucial for organisations to establish strong security policies and closely monitor employee activities. By conducting a thorough assessment of insider threats, organisations can enhance their understanding of this dynamic threat and strengthen their defenses. Contribution: Although every employee is ultimately responsible for an organisation’s security, the most effective IS programmes demonstrate strong top-level leadership by setting a ‘tone at the top’ and promoting the benefits of IS through careful policy and guidance.

Published
2024
Full Text
View/download PDF

36. User-level malicious behavior analysis model based on the NMF-GMM algorithm and ensemble strategy.

Author

Kan, Xiu, Fan, Yixuan, Zheng, Jinjie, Kudreyko, Aleksey, Chi, Chi-hung, Song, Wanqing, and Tregubova, Albina

Abstract

In the security supervision sector, it is the importance of accurate detection and analysis of insider threats. In this article, we propose a new concept of insider threat kill chain, which is capable to understand psychological and behavioral change process of malicious users. Meanwhile, a novel user-level malicious behavior analysis model is established based on non-negative matrix factorization-Gaussian mixture model (NMF-GMM). In particular, we carry out the analysis from three perspectives: typical malicious behavior characteristics, overall user behavior and temporal individual behavior change. New classification method suggests to use group users by targeting malicious users with typical malicious features. The Z-score method is applied to establish evaluation model of suspicious user behavior, and the threshold of normal behavior is also determined. Furthermore, a temporal individual behavior change model is established, malicious users are located by the Pettitt test method, and the time of the first malicious behaviors are given. Experimental results show that the proposed user grouping method and ensemble strategy is capable for detection of malicious users. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

37. The impact of unplanned system outages on critical infrastructure sectors: cybersecurity perspective.

Author

Sam, Dessu and Liu, Xiang

Subjects
INFRASTRUCTURE (Economics), INFORMATION technology, INTERNET security, COMPUTER systems, GOVERNMENT agencies, INFORMATION technology security
Abstract

Threat actors and groups capable of launching advanced persistent threats have repeatedly breached the U.S. critical infrastructure sector’s information technology systems. Although federal agencies collect and maintain valuable sensitive personal and national security information, they often fail to meet even the most basic cybersecurity standards. Insider threat (improper use) and unknown attack vectors remain the highest reported information security incidents in the federal government. Unplanned system outages with known and unknown causes are also on the rise across the industry. This study aims to investigate the impact of unplanned system outages on users, operation, network, and computer systems. The ultimate goal is to enhance our understanding of these impacts and propose effective solutions for protecting the nation’s critical infrastructure. The study adopted a qualitative research method with an exploratory design. An expert and purposive sampling strategy along with a snowballing technique were employed to gather insights from 27 cybersecurity experts and field leaders. Six key themes emerged from the thematic analysis highlighting the significance of a cyberrisk strategy in bolstering the cybersecurity posture of critical national infrastructure sectors during unplanned system outages with unknown causes. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

38. A graph empowered insider threat detection framework based on daily activities.

Author

Hong, Wei, Yin, Jiao, You, Mingshan, Wang, Hua, Cao, Jinli, Li, Jianxin, Liu, Ming, and Man, Chengyuan

Subjects
ACTIVITIES of daily living
Abstract

While threats from outsiders are easier to alleviate, effective ways seldom exist to handle threats from insiders. The key to managing insider threats lies in engineering behavioral features efficiently and classifying them correctly. To handle challenges in feature engineering, we propose an integrated feature engineering solution based on daily activities, combining manually-selected features and automatically-extracted features together. Particularly, an LSTM auto-encoder is introduced for automatic feature engineering from sequential activities. To improve detection, a residual hybrid network (ResHybnet) containing GNN and CNN components is also proposed along with an organizational graph, taking a user-day combination as a node. Experimental results show that the proposed LSTM auto-encoder could extract hidden patterns from sequential activities efficiently, improving F1 score by 0.56%. Additionally, with the designed residual link, our ResHybnet model works well to boost performance and has outperformed the best of other models by 1.97% on the same features. We published our code on GitHub: https://github.com/Wayne-on-the-road/ResHybnet. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

39. Exploring Personal and Environmental Factors that Can Reduce Nonmalicious Information Security Violations.

Author

Ifinedo, Princely

Subjects
INFORMATION technology security, SOCIAL cognitive theory, ORGANIZATIONAL commitment, JOB involvement, PERSONAL belongings, TRAFFIC violations
Abstract

Employee engagement in nonmalicious information security violations (NISVs) is a threat to organizations. The Social Cognitive Theory was used to investigate the effects of personal and environmental factors on the intention to engage in NISVs. Data of 204 working professionals in Germany were used for analysis. Key results showed that personal goal setting, employee organizational commitment, and vicarious learning reduced employees' intentions to engage in NISVs. Implications of the findings for research and practice were discussed. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

40. A Multi-Agent Intrusion Detection System Optimized by a Deep Reinforcement Learning Approach with a Dataset Enlarged Using a Generative Model to Reduce the Bias Effect.

Author

Mouyart, Matthieu, Medeiros Machado, Guilherme, and Jun, Jae-Yun

Subjects
DEEP reinforcement learning, REINFORCEMENT learning, GENERATIVE adversarial networks, DEEP learning, ERROR probability
Abstract

Intrusion detection systems can defectively perform when they are adjusted with datasets that are unbalanced in terms of attack data and non-attack data. Most datasets contain more non-attack data than attack data, and this circumstance can introduce biases in intrusion detection systems, making them vulnerable to cyberattacks. As an approach to remedy this issue, we considered the Conditional Tabular Generative Adversarial Network (CTGAN), with its hyperparameters optimized using the tree-structured Parzen estimator (TPE), to balance an insider threat tabular dataset called the CMU-CERT, which is formed by discrete-value and continuous-value columns. We showed through this method that the mean absolute errors between the probability mass functions (PMFs) of the actual data and the PMFs of the data generated using the CTGAN can be relatively small. Then, from the optimized CTGAN, we generated synthetic insider threat data and combined them with the actual ones to balance the original dataset. We used the resulting dataset for an intrusion detection system implemented with the Adversarial Environment Reinforcement Learning (AE-RL) algorithm in a multi-agent framework formed by an attacker and a defender. We showed that the performance of detecting intrusions using the framework of the CTGAN and the AE-RL is significantly improved with respect to the case where the dataset is not balanced, giving an F1-score of 0.7617. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

41. A novel user oriented network forensic analysis tool

Author

Joy, Dany

Subjects
Digital Forensics, Network Forensics, Insider Threat, Online User Interactions, Network Metadata Analysis, Timeline of User Interactions
Abstract

In the event of a cybercrime, it is necessary to examine the suspect's digital device(s) in a forensic fashion so that the culprit can be presented in court along with the extracted evidence(s). But, factors such as existence and availability of anti-forensic tools/techniques and increasing replacement of hard disk drives with solid state disks have the ability to eradicate critical evidences and/or ruin their integrity. Therefore, having an alternative source of evidence with a lesser chance of being tampered with can be beneficial for the investigation. The organisational network traffic can fit into this role as it is an independent source of evidence and will contain a copy of all online user activities. Limitations of prevailing network traffic analysis techniques - packet based and flow based - are reflected as certain challenges in the investigation. The enormous volume and increasing encrypted nature of traffic, the dynamic nature of IP addresses of users' devices, and the difficulty in extracting meaningful information from raw traffic are among those challenges. Furthermore, current network forensic tools, unlike the sophisticated computer forensic tools, are limited in their capability to exhibit functionalities such as collaborative working, visualisation, reporting and extracting meaningful user-level information. These factors increase the complexity of the analysis, and the time and effort required from the investigator. The research goal was set to design a system that can assist in the investigation by minimising the effects of the aforementioned challenges, thereby reducing the cognitive load on the investigator, which, the researcher thinks, can take the investigator one step closer to the culprit. The novelty of this system comes from a newly proposed interaction based analysis approach, which will extract online user activities from raw network metadata. Practicality of the novel interaction-based approach was tested by designing an experimental methodology, which involved an initial phase of the researcher looking to identify unique signatures for activities performed on popular Internet applications (BBC, Dropbox, Facebook, Hotmail, Google Docs, Google Search, Skype, Twitter, Wikipedia, and YouTube) from the researcher's own network metadata. With signatures obtained, the project moved towards the second phase of the experiment in which a much larger dataset (network traffic collected from 27 users for over 2 months) was analysed. Results showed that it is possible to extract unique signature of online user activities from raw network metadata. However, due to the complexities of the applications, signatures were not found for some activities. The interaction-based approach was able to reduce the data volume by eliminating the noise (machine to machine communication packets) and to find a way around the encryption issue by using only the network metadata. A set of system requirements were generated, based on which a web based, client-server architecture for the proposed system (i.e. the User-Oriented Network Forensic Analysis Tool) was designed. The system functions in a case management premise while minimising the challenges that were identified earlier. The system architecture led to the development of a functional prototype. An evaluation of the system by academic experts from the field acted as a feedback mechanism. While the evaluators were satisfied with the system's capability to assist in the investigation and meet the requirements, drawbacks such as inability to analyse real-time traffic and meeting the HCI standards were pointed out. The future work of the project will involve automated signature extraction, real-time processing and facilitation of integrated visualisation.

Published
2021

42. Understanding insider threats using Natural Language Processing

Author

Paxton-Fear, Kate, Hodges, D., and Buckley, O.

Subjects
CYber security, Insider threat, Natural language processing, Organic narratives, Topic modelling
Abstract

Insider threats are security incidents committed not by outsiders, such as malicious hack ers or advanced persistent threat groups, but instead an organisation's employees or other trusted individuals. These attacks are often more impactful than incidents committed by outsiders. Insiders may have valid security credentials, knowledge relating to the organ isation they work for (such as competitors), knowledge of security controls in place and potentially how to bypass those controls. This activity could be unintentional, such as an employee leaving a laptop on public transport, or malicious, when an insider purposefully chooses to attack for some gain, such as selling IP to a competitor. When an outsider chooses to attack, they may leave digital breadcrumbs as they perform various stages of the cyber kill-chain. These breadcrumbs can allow organisations to detect and respond to an incident, flagging suspicious behaviour or access. Comparatively, an insider may be able to continue their attack for years for being caught. Therefore, insider threat activity can be considered co-spatial and co-temporal with legitimate activity; an insider conducts their attack during their work or very soon after leaving their jobs. There are three fundamental approaches to control the risk of malicious insider threats: organisational, technical, and psychological. More recently, insider threat models attempt to encapsulate all these factors into one approach, combining all these into a single frame work or model. However, one issue with these models is their static nature; models cannot adapt as insider threat changes. For example, during the COVID-19 Pandemic, many or ganisations had to support remote working, increasing the risk of attacks. This work attempts to address this flaw of models directly. Instead of attempting to supplant existing practices in these three domains, this work will support them, providing new techniques for exploring an insider threat attack to better understand the attack through the lens of strategic and tactical decision making. This dynamic, custom insider threat model can be constructed by leveraging natural language processing techniques, a type of machine learning completed on text, and a large corpus (body of documents) of news articles de scribing insider threat incidents. This model can then be applied to a new, previously unseen corpus of witness reports to offer an overview of the attack. The core technique this work uses is topic modelling, which uses word association to identify key themes across a document, similar to grounded theory approaches. By identifying themes across many different insider threat incidents, the core attributes of insider threat are recognised, such as methodologies, motivations, information about the insider's role in an organisa tion or the weakness they exploited. These topics can be further enriched by identifying temporal, casual and narrative clues to place events on a graph and create a timeline or causal chain. The final output of this process is a collection of visualisations of the incident; this visualisation then aims to support the investigator as they ask critical questions about an incident, such as "What was the motivation of the insider?" "What assets did they target and how?" "Were there any security controls in place?" "Did they bypass those?" allowing for the full exploration of the attack. Informed organisations can make changes using the answers to these questions combined with existing controls, policies, and procedures. The work presented in this thesis has many implications for both insider threat spe cifically and the broader domains of sociology and cyber security. Primarily this work introduces a new approach to incident response, supporting the reflection stage of incid ent response. While this work represents a proof of concept for NLP to be used in this way, due to the technical nature of this work, it could be improved to produce an implement able and deployable piece of software, generating further impact, while there would be some necessary training required, this could offer a new tool for handling insider threat within an organisation. Aside from this direct impact in the insider threat domain, the methods developed and designed during this work will have a broader impact on cyber security, mainly due to its interdisciplinary nature within social science. With the ability to leverage witness reports or organic narratives and map these automatically to an exist ing framework, rather than ask a witness to adapt their narrative to a framework directly. Reports can then be collected on a large scale and analysed. These techniques provide a holistic view of an attack, considering many aspects of an insider threat attack by using reports already collected after an incident to create a better understanding of insider threat which leads to more techniques in prevention and detection.

Published
2021

43. (Mis)Use of personal technology by employees in financial services organisations

Author

Collis, Raichel, Hicks, David, Henry, Phil, and Hodgson, Philip

Subjects
personal internet activity, Smartphone users, average users, personal digital activity in the workplace, risk of malware, social media, mobile applications, routine activity theory, cyberspace, cybercrime, insider threat, open source intelligence, OSINT, SOCMINT, digital investigation, unsafe online activity, digital footprint, employees, routine digital activity, Internet of Things, IoT, cyber risk
Abstract

This work presents a single methodology design across three different groups to chart the challenges and potential of digital investigation and to offer an original contribution to researchers seeking purposive samples specific to topical research questions. Open-source online intelligence theorised from an attacker's perspective is underpinned by a novel cyber-orientated framework of routine activity theory (RAT) (Cohen and Felson, 1979) to highlight digital footprint as a vector for targeted social engineering. Seventy-six (N=76) demographically diverse financial services employees from occupations throughout the sector provide empirical data via a mixed methods online survey. Cyber-specific RAT evaluates the 'average user' (with no specialist training) as a potential contributor to human assisted cybercrime threatening corporate networks through use of personal technologies and internet-based activities. Robust discussion debates routine digital activity using smartphones, tablets, and consumer Internet of Things (IoT) devices as an unmitigated factor for workplace risk. Personal internet use, devices accessing corporate networks, self-promotion on social media, physical and virtual IoT, executive personnel practicing 'unsafe' behaviours and assumed device security as licence for unrestricted online activity are key findings of this study which offers original contributions to critical assessment of insider threat. Despite employee (mis)use of personal technology as a potential vector financial organisations are seemingly unprepared for small-scale and dynamic risk. Results recommend bespoke training at all levels to associate personal use and online behaviour with known cyber risks and capacity for loss or harm. Cyber-RAT as a framework to identify suitable targets and potential for guardianship will contribute value added and assist in a more holistic response to cybercrime where the human element complements technological solutions as a positive enhancement to enterprise security.

Published
2021

44. Queen of Cuba.

Author

Pereira, Alfredo Ribeiro

Subjects
*COWORKER relationships, *MILITARY intelligence, *ESPIONAGE, *SPIES, UNITED States armed forces
Abstract

Ana Montes, a senior intelligence analyst, spied on the Defense Intelligence Agency for Cubans. Highly specialized in Latin American military intelligence, she was known as "Queen of Cuba." Her traumatic childhood made her susceptible to recruitment and her motivation was ideological. Using classic espionage techniques, mainly memorization, she managed to spy for 16 years until she was discovered. The findings of an American spy in Cuba, a bad relationship with coworkers, and the lack of a support agent led to her exposure. Ana was sentenced to 25 years in prison and five to probation. Her case indicates 10 conclusions about espionage. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

45. Industrial espionage from a human factor perspective.

Author

Mészáros, Alexandra Ágnes and Kelemen-Erdős, Anikó

Subjects
BUSINESS intelligence, INFORMATION technology security, CORPORATE culture, BUSINESS ethics, SAFETY education, PERSONAL information management, GROUNDED theory
Abstract

Industrial espionage is a significant threat in a fiercely competitive environment which increases the risk of information security and safety being compromised and leads to concerns about business ethics. The main aim of this paper is to examine industrial espionage from the perspective of the insider human factor, explore the motivations that may lead to industrial espionage, and identify ways of maintaining information security and safety to reduce insider threats. The research involved qualitative in-depth interviews among twenty-one stakeholders from seven European countries. The transcripts were analysed using grounded theory methodology. Results show that main factors that may lead to industrial espionage include intensifying market competition, financial compensation offered in exchange for information, decreasing loyalty among the younger generation, psychological issues of personal grievance and psychological disorders, and poorly developed information-security infrastructure. This study recommends that managers and policymakers plan and implement protection and prevention measures, undertake risk analyses to reduce the potential consequences of insider threats, and establish a critical business information tracking system. Further recommendations include maintaining an appropriate company culture, ensuring employee satisfaction, and fostering information safety education while creating adequate security infrastructure. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

46. DTITD: An Intelligent Insider Threat Detection Framework Based on Digital Twin and Self-Attention Based Deep Learning Models

Author

Zhi Qiang Wang and Abdulmotaleb El Saddik

Subjects
Digital twin, cybersecurity, insider threat, deep learning, transformer, BERT, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Recent statistics and studies show that the loss generated by insider threats is much higher than that generated by external attacks. More and more organizations are investing in or purchasing insider threat detection systems to prevent insider risks. However, the accurate and timely detection of insider threats faces significant challenges. In this study, we proposed an intelligent insider threat detection framework based on Digital Twins and self-attentions based deep learning models. First, this paper introduces insider threats and the challenges in detecting them. Then this paper presents recent related works on solving insider threat detection problems and their limitations. Next, we propose our solutions to address these challenges: building an innovative intelligent insider threat detection framework based on Digital Twin (DT) and self-attention based deep learning models, performing insight analysis of users’ behavior and entities, adopting contextual word embedding techniques using Bidirectional Encoder Representations from Transformers (BERT) model and sentence embedding technique using Generative Pre-trained Transformer 2 (GPT-2) model to perform data augmentation to overcome significant data imbalance, and adopting temporal semantic representation of users’ behaviors to build user behavior time sequences. Subsequently, this study built self-attention-based deep learning models to quickly detect insider threats. This study proposes a simplified transformer model named DistilledTrans and applies the original transformer model, DistilledTrans, BERT + final layer, Robustly Optimized BERT Approach (RoBERTa) + final layer, and a hybrid method combining pre-trained (BERT, RoBERTa) with a Convolutional Neural Network (CNN) or Long Short-term Memory (LSTM) network model to detect insider threats. Finally, this paper presents experimental results on a dense dataset CERT r4.2 and augmented sporadic dataset CERT r6.2, evaluates their performance, and performs a comparison analysis with state-of-the-art models. Promising experimental results show that 1) contextual word embedding insert and substitution predicted by the BERT model, and context embedding sentences predicted by the GPT-2 model are effective data augmentation approaches to address high data imbalance; 2) DistilledTrans trained with sporadic dataset CERT r6.2 augmented by the contextual embedding sentence method predicted by GPT-2, outperforms the state-of-the-art models in terms of all evaluation metrics, including accuracy, precision, recall, F1-score, and Area Under the ROC Curve (AUC). Additionally, its structure is much simpler, and thus training time and computing cost are much less than those of recent models; 3) when trained with the dense dataset CERT r4.2, pre-trained models BERT plus a final layer or RoBERTa plus a final layer can achieve significantly higher performance than the current models with a very little sacrifice of precision. However, complex hybrid methods may not be required.

Published
2023
Full Text
View/download PDF

47. Quantitative Analysis of Worm Transmission and Insider Risks in Air-Gapped Networking Using a Novel Machine Learning Approach

Author

Muhammad Sulaiman, Awais Khan, Addisu Negash Ali, Ghaylen Laouini, and Fahad Sameer Alshammari

Subjects
SEIQV model, insider threat, artificial neural networks, machine learning, system of differential equations, surrogate solutions, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Researchers and practitioners in the fields of science and engineering encounter significant challenges when it comes to mitigating the proliferation of computer worms, owing to their rapid spread within computer and communication networks. This study delves into a comprehensive analysis of the mathematical model governing the hazard of worm propagation in such networks. Specifically, the mathematical framework employed herein encompasses a system of ordinary differential equations. In numerous instances, mathematical models have been employed to quantitatively investigate the propagation patterns of worms across computer networks. In this scholarly article, we present an enhanced Susceptible-Exposed-Infected-Quarantined-Vaccinated (SEIQV) model, denoted as Susceptible-Exposed-Infected-Quarantined-Patched (SEIQP), which effectively captures the dissemination dynamics of an insider threat within a network featuring air gaps. To facilitate the study, we leverage the power of feedforward neural networks that are trained using the backpropagated Levenberg-Marquardt optimization algorithm. These neural networks serve as surrogate tools, providing solutions to the SEIQP model. To evaluate the efficacy of our approach, we meticulously assess their performance across three distinct scenarios. Additionally, the stability of the mathematical model is examined by manipulating the probability of an insider threat removing a patch from the host, denoted as $\eta $ . Our empirical findings conclusively establish the effectiveness of the proposed approach in addressing the intricate challenges associated with insider threats within network environments.

Published
2023
Full Text
View/download PDF

48. A Secure and Privacy-Preserving E-Government Framework Using Blockchain and Artificial Immunity

Author

Noe Elisa, Longzhi Yang, Fei Chao, Nitin Naik, and Tossapon Boongoen

Subjects
E-Government, blockchain, artificial immune system, insider threat, privacy-preserving, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

Electronic Government (e-Government) systems constantly provide greater services to people, businesses, organisations, and societies by offering more information, opportunities, and platforms with the support of advances in information and communications technologies. This usually results in increased system complexity and sensitivity, necessitating stricter security and privacy-protection measures. The majority of the existing e-Government systems are centralised, making them vulnerable to privacy and security threats, in addition to suffering from a single point of failure. This study proposes a decentralised e-Government framework with integrated threat detection features to address the aforementioned challenges. In particular, the privacy and security of the proposed e-Government system are realised by the encryption, validation, and immutable mechanisms provided by Blockchain. The insider and external threats associated with blockchain transactions are minimised by the employment of an artificial immune system, which effectively protects the integrity of the Blockchain. The proposed e-Government system was validated and evaluated by using the framework of Ethereum Visualisations of Interactive, Blockchain, Extended Simulations (i.e. eVIBES simulator) with two publicly available datasets. The experimental results show the efficacy of the proposed framework in that it can mitigate insider and external threats in e-Government systems whilst simultaneously preserving the privacy of information.

Published
2023
Full Text
View/download PDF

49. Data adjusting strategy and optimized XGBoost algorithm for novel insider threat detection model.

Author

Kan, Xiu, Fan, Yixuan, Zheng, Jinjie, Chi, Chi-hung, Song, Wanqing, and Kudreyko, Aleksey

Subjects
*BEHAVIORAL assessment, *RANDOM noise theory, *RECORDS management
Abstract

With the growth of access to internal system resources, the insider threat problem is emerging and can bring immeasurable losses to enterprises. In order to detect the hidden threats and guide the formulation of enterprise management strategy, it is important to analyze and understand the employee behavior. Thus, we suggest a user behavior analysis system framework, which mainly includes data processing, user behavior modeling and results analysis. Data Adjusting (DA) strategy and optimized eXtreme Gradient Boosting (XGBoost) model are utilized with the aim of full analysis small amount of feature information. The strategy for detecting suspicious behavior can be the following. Firstly, select initial suspicious data, misclassification data retention and combination sampling. Secondly, for further behavior model construction, an improved Particle Swarm Optimization algorithm based on ethnic randomized particles (ERPSO), which introduces Gaussian white noise with adjustable intensity into acceleration coefficients is given for searching the optimal XGBoost parameters. In addition, based on the designed DA strategy and the proposed ERPSO algorithm, we have also compared the results of the proposed methods with the current state-of-the-art methods. Experimental results show that the XGBoost optimized by the ERPSO (ERPSO-XGBoost) model has comprehensive performance, which proves the rationality and effectiveness of the insider behavior analysis system framework. Through a comprehensive understanding of insider behavior, the obvious characteristic behavior is found to adjust the management strategy and guide the behavior modeling, so as to prevent more losses in time. [ABSTRACT FROM AUTHOR]

Published
2023
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results