A Practice of Detecting Insider Threats within a Network

Author(s):  
Jeong Yang ◽  
David Velez ◽  
Harry Staley ◽  
Navin Mathew ◽  
Daniel De Leon
Keyword(s):  
MIS Quarterly ◽  
2015 ◽  
Vol 39 (1) ◽  
pp. 91-112 ◽  
Author(s):  
Jingguo Wang ◽  
◽  
Manish Gupta ◽  
H. Raghav Rao ◽  
◽  
...  

Electronics ◽  
2021 ◽  
Vol 10 (9) ◽  
pp. 1005
Author(s):  
Rakan A. Alsowail ◽  
Taher Al-Shehari

As technologies are rapidly evolving and becoming a crucial part of our lives, security and privacy issues have been increasing significantly. Public and private organizations have highly confidential data, such as bank accounts, military and business secrets, etc. Currently, the competition between organizations is significantly higher than before, which triggers sensitive organizations to spend an excessive volume of their budget to keep their assets secured from potential threats. Insider threats are more dangerous than external ones, as insiders have a legitimate access to their organization’s assets. Thus, previous approaches focused on some individual factors to address insider threat problems (e.g., technical profiling), but a broader integrative perspective is needed. In this paper, we propose a unified framework that incorporates various factors of the insider threat context (technical, psychological, behavioral and cognitive). The framework is based on a multi-tiered approach that encompasses pre, in and post-countermeasures to address insider threats in an all-encompassing perspective. It considers multiple factors that surround the lifespan of insiders’ employment, from the pre-joining of insiders to an organization until after they leave. The framework is utilized on real-world insider threat cases. It is also compared with previous work to highlight how our framework extends and complements the existing frameworks. The real value of our framework is that it brings together the various aspects of insider threat problems based on real-world cases and relevant literature. This can therefore act as a platform for general understanding of insider threat problems, and pave the way to model a holistic insider threat prevention system.


Author(s):  
Andrew Stern ◽  
Huanyu Wang ◽  
Fahim Rahman ◽  
Farimah Farahmandi ◽  
Mark Tehranipoor

2020 ◽  
Vol 10 (1) ◽  
pp. 49-57
Author(s):  
Daniel Sektas-Bilusich ◽  
Rick A. Nunes-Vaz ◽  
Leung Chim ◽  
Steven Lord

Entropy ◽  
2021 ◽  
Vol 23 (10) ◽  
pp. 1258
Author(s):  
Taher Al-Shehari ◽  
Rakan A. Alsowail

Insider threats are malicious acts that can be carried out by an authorized employee within an organization. Insider threats represent a major cybersecurity challenge for private and public organizations, as an insider attack can cause extensive damage to organization assets much more than external attacks. Most existing approaches in the field of insider threat focused on detecting general insider attack scenarios. However, insider attacks can be carried out in different ways, and the most dangerous one is a data leakage attack that can be executed by a malicious insider before his/her leaving an organization. This paper proposes a machine learning-based model for detecting such serious insider threat incidents. The proposed model addresses the possible bias of detection results that can occur due to an inappropriate encoding process by employing the feature scaling and one-hot encoding techniques. Furthermore, the imbalance issue of the utilized dataset is also addressed utilizing the synthetic minority oversampling technique (SMOTE). Well known machine learning algorithms are employed to detect the most accurate classifier that can detect data leakage events executed by malicious insiders during the sensitive period before they leave an organization. We provide a proof of concept for our model by applying it on CMU-CERT Insider Threat Dataset and comparing its performance with the ground truth. The experimental results show that our model detects insider data leakage events with an AUC-ROC value of 0.99, outperforming the existing approaches that are validated on the same dataset. The proposed model provides effective methods to address possible bias and class imbalance issues for the aim of devising an effective insider data leakage detection system.


Author(s):  
Svetlana Symonenko ◽  
Elizabeth D. Liddy ◽  
Ozgur Yilmazel ◽  
Robert Del Zoppo ◽  
Eric Brown ◽  
...  

Sign in / Sign up

Export Citation Format

Share Document