A Frame-Based Approach to Generating Insider Threat Test Suite on Cloud File-Sharing

  • Tsung-Ju Lee
  • Shian-Shyong Tseng
  • Hsing-Chung Chen
  • Sung-Chiang Lin
  • Chiun-How Kao
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 971)


Insider threat has attracted considerable attention in security industry. It is difficult to detect insiders, because they know organization’s security countermeasures and usually hide their tracks in their normal activities. For evaluating insider detection algorithm on specific organization, it is important to generate a test suite with the corresponding normal activities. However, it is costly and time consuming to generate tailor-made test suite. Due to the complexity of combining different insider attack technique with different organization’s audit data, the insider attack scenario modeling issue arises when adaptively generate test suite for insider threat detection. In this paper, we propose the insider attack frame hierarchy to describe stereotype features of insider attack scenario. The proposed frame-based approach has been combined with the RBAC technologies, and its instantiation property allow us generate the customized insider attack test suite with full test coverage. The evaluation results show that most of experts satisfy with our proposed system.


Frame-based approach Insider threat 



This study is conducted under the “III Innovative and Prospective Technologies Project (1/1)” of the Institute for Information Industry which is subsidized by the Ministry of Economic Affairs of the Republic of China. This work was partially supported by National Science Council of the Republic of China under contracts 106-2511-S-468-002-MY3 and 106-2511-S-468-004-MY2.


  1. 1.
    Kitts, B., et al.: Click fraud detection with bot signatures. In: 2013 IEEE International Conference on Intelligence and Security Informatics (2013)Google Scholar
  2. 2.
    Zhu, T.M., et al.: An insider threat detection method based on business process mining. Int. J. Bus. Data Commun. Netw. 13(2), 83–98 (2017)CrossRefGoogle Scholar
  3. 3.
    Yaseen, Q., et al.: An insider threat aware access control for cloud relational databases. Clust. Comput. J. Netw. Softw. Tools Appl. 20(3), 2669–2685 (2017)Google Scholar
  4. 4.
    Almehmadi, A., El-Khatib, K.: On the possibility of insider threat prevention using Intent-Based Access Control (IBAC). IEEE Syst. J. 11(2), 373–384 (2017)CrossRefGoogle Scholar
  5. 5.
    Bose, B., et al.: Detecting insider threats using RADISH: a system for real-time anomaly detection in heterogeneous data streams. IEEE Syst. J. 11(2), 471–482 (2017)CrossRefGoogle Scholar
  6. 6.
    Aleman-Meza, B., Burns, P., Eavenson, M., Palaniswami, D., Sheth, A.: An ontological approach to the document access problem of insider threat. In: Kantor, P., et al. (eds.) ISI 2005. LNCS, vol. 3495, pp. 486–491. Springer, Heidelberg (2005). Scholar
  7. 7.
    Zhang, N., et al.: Maintaining defender’s reputation in anomaly detection against insider attacks. IEEE Trans. Syst. Man Cybern. Part B-Cybern. 40(3), 597–611 (2010)CrossRefGoogle Scholar
  8. 8.
    Agrafiotis, I., et al.: Formalising policies for insider-threat detection: a tripwire grammar. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 8(1), 26–43 (2017)Google Scholar
  9. 9.
    Kammüller, F., et al.: Insider threats and auctions: formalization, mechanized proof, and code generation. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 8(1), 26–43 (2017)Google Scholar
  10. 10.
    Kammüller, F., et al.: Enhancing video surveillance with usage control and privacy-preserving solutions. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 7(4), 20–40 (2016)Google Scholar
  11. 11.
    Pandit, T., et al.: Attribute-based signcryption: signer privacy, strong unforgeability and IND-CCA security in adaptive-predicates model (extended version). J. Internet Serv. Inf. Secur. (JISIS) 6(3), 61–113 (2016)MathSciNetGoogle Scholar
  12. 12.
    Guerar, M., et al.: ClickPattern: a pattern lock system resilient to smudge and side-channel attacks. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 8(2), 64–78 (2017)Google Scholar
  13. 13.
    Ishida, T., et al.: Implementation of an integrated disaster information cloud system for disaster control. J. Internet Serv. Inf. Secur. (JISIS) 7(4), 1–20 (2017)MathSciNetGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Tsung-Ju Lee
    • 1
  • Shian-Shyong Tseng
    • 2
  • Hsing-Chung Chen
    • 2
  • Sung-Chiang Lin
    • 3
  • Chiun-How Kao
    • 4
  1. 1.National Penghu University of Science and TechnologyMagongTaiwan
  2. 2.Asia UniversityTaichungTaiwan
  3. 3.National Taipei University of EducationTaipeiTaiwan
  4. 4.National Taiwan University of Science and TechnologyTaipeiTaiwan

Personalised recommendations