Skip to main content
SpringerLink
Log in

Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation

  • Chapter
  • First Online:
Insider Threats in Cyber Security

Part of the book series: Advances in Information Security ((ADIS,volume 49))

Abstract

The purpose of this chapter is to motivate the combination of traditional cyber security audit data with psychosocial data, to support a move from an insider threat detection stance to one that enables prediction of potential insider presence. Twodistinctiveaspects of the approach are the objectiveof predicting or anticipating potential risksandthe useoforganizational datain additiontocyber datato support the analysis. The chapter describes the challenges of this endeavor and reports on progressin definingausablesetof predictiveindicators,developingaframeworkfor integratingthe analysisoforganizationalandcyber securitydatatoyield predictions about possible insider exploits, and developing the knowledge base and reasoning capabilityof the system.We also outline the typesof errors that oneexpectsina predictive system versus a detection system and discuss how those errors can affect the usefulness of the results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aleman-Meza, B., Burns, P., Eavenson, M., Palaniswami, D., Sheth, A.P.: An ontological approach to the document access problem of insider threat. In: Proceedigs of the IEEE International Conference on Intelligence and Security Informatics (ISI 2005), pp. 486–491 (2005)

    Google Scholar 

  2. Band, S.R., Cappelli, D., Fischer, L.F., Moore, A.P., Shaw, E.D., Trzeciak, R.F.: Comparing insider IT sabotage and espionage: A model-based analysis. Tech. rep., Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania, U.S.A. (2006)

    Google Scholar 

  3. Barbosa, R., Silva, N., Duraes, J., Madeira, H.: Verification and validation of (real time) COTS products using fault injection techniques. In: Proceedings of the Sixth International IEEE Conference on Commercial-off-the-Shelf (COTS)-Based Software Systems (ICCBSS ’07), pp. 233–242. IEEE Computer Society, Washington, DC, USA (2007)

    Google Scholar 

  4. Brown, W.S.: Technology, workplace privacy and personhood. Journal of Business Ethics 15(11), 1237–1248 (1996)

    Article  Google Scholar 

  5. Butts, J.W., Mills, R.F., Baldwin, R.O.: Developing an insider threat model using functional decomposition. In: Proceedings of the Third International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security (MMM-ACNS 2005), pp. 412–417 (2005)

    Google Scholar 

  6. Cappelli, D.M., Desai, A.G., Moore, A.P., Shimeall, T.J., Weaver, E.A., Willke, B.J.: Management and education of the risk of insider threat (MERIT): Mitigating the risk of sabotage to employers? information, systems, or networks. Tech. rep., Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania (2006)

    Google Scholar 

  7. Cappelli, D.M., Moore, A.P., Trzeciak, R.F., Shimeall, T.J.: Common sense guide to prevention and detection of insider threats. Tech. rep., Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania (2009). 3rd edition, version 301. Available at http: //www.cert.org/archive/pdf/CSG-V3.pdf.

    Google Scholar 

  8. Chinchani, R., Iyer, A., Ngo, H.Q., Upadhyaya, S.J.: Towards a theory of insider threat assessment. In: Proceedings of The International Conference on Dependable Systems and Networks (DSN 2005), pp. 108–117 (2005)

    Google Scholar 

  9. Costa, P.C.G., Laskey, K.B., Revankar, M., Mirza, S., Alghamdi, G., Barbar, D., Shakelford, T., Wright, E.J.: DTB project: A behavioral model for detecting insider threats. In: Proceedings of the 2005 International Conference on Intelligence Analysis. The Mitre Corporation (2005)

    Google Scholar 

  10. Doucette, P.J., Harvey, W.J., Hohimer, R.E., Martucci, L.M., Paulson, P.R., Petrie, G.M., Pike, B.A., Seedahmed, G.H.: Characterizing motion in video streams using supple knowledge. Tech. Rep. PNNL-16518, Pacific Northwest National Laboratory, Richland, Washington (2007)

    Google Scholar 

  11. Gabrielson, B., Goertzel, K.M., Hoenicke, B., Kleiner, D., Winograd, T.: The insider threat to information systems. State-of-the-art report. Tech. rep., Information Assurance Technology Analysis Center, Herndon, Virginia (2008)

    Google Scholar 

  12. Gelles, M.: Exploring the mind of the spy. In: Employees’ Guide to Security Responsibilities. Texas A&M University Research Foundation, College Station, Texas (2005)

    Google Scholar 

  13. Greitzer, F.L., Frincke, D.A., Zabriskie, M.M.: Social/ethical issues in predictive insider threat monitoring. In: M.J. Dark (ed.) Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives. IGI Global, Hershey, Pennsylvania (in press)

    Google Scholar 

  14. Greitzer, F.L., Moore, A.P., Cappelli, D.M., Andrews, D.H., Carroll, L.A., Hull, T.D.: Combating the insider cyber threat. IEEE Security and Privacy 6, 61–64 (2008)

    Article  Google Scholar 

  15. Greitzer, F.L., Paulson, P.R., Kangas, L.J., Edgar, T., Zabriskie, M.M., Franklin, L.R., Frincke, D.A.: Predictive modeling for insider threat mitigation. Tech. Rep. PNNL-SA-60737, Pacific Northwest National Laboratory, Richland, Washington (2008)

    Google Scholar 

  16. Infosec Research Council: Hard problem list (2005). Available from http://www. infosec - research.org/docs_public/2 0 05113 0- IRC-HPL-FINAL.pdf. Accessed January 11, 2010.

  17. Keeney, M., Kowalski, E., Cappelli, D.M., Moore, A.P., Shimeall, T.J., Rogers, S.: Insider threat study: Computer system sabotage in critical infrastructure sectors. Tech. rep., U.S. Secret Service and CERT Coordination Center, Washington, D.C., Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania (2005). Available from http:// www.secretservice.gov/ntac/its%5Freport%5F050516.pdf. Accessed August 14, 2009

    Google Scholar 

  18. Kramer, L.A., Jr., R.J.H., Crawford, K.S.: Technological, social, and economic trends that are increasing u.s. vulnerability to insider espionage. Tech. Rep. 05-10, Personnel Security Research Center (PERSEREC), Monterey, California (2005)

    Google Scholar 

  19. Krofcheck, J.L., Gelles, M.G.: Behavioral Consultation in Personnel Security: Training and Reference Manual for Personnel Security Professionals. Yarrow Associates, Fairfax, Virginia (2005)

    Google Scholar 

  20. Lane, F.S.I.: The Naked Employee: How Technology is Compromising Workplace Privacy. American Management Association (AMACOM) (2003)

    Google Scholar 

  21. Magklaras, G.B., Furnell, S.M.: Insider threat prediction tool: Evaluating the probability of it misuse. Computers & Security 21(1), 62–73 (2002)

    Article  Google Scholar 

  22. Magklaras, G.B., Furnell, S.M.: A preliminary model of end user sophistication for insider threat prediction in it systems. Computers & Security 24(5), 371–380 (2005)

    Article  Google Scholar 

  23. Maybury, M., Chase, P., Cheikes, B., Brackney, D., Matzner, S., Hetherington, T., Wood, B., Sibley, C., Marin, J., Longstaff, T., Spitzner, L., Haile, J., Copeland, J., Lewandowski, S.: Analysis and detection of malicious insiders. In: Proceedings of the 2005 International Conference on Intelligence Analysis. The MITRE Corporation (2005)

    Google Scholar 

  24. Mayer, R.C., Davis, J.H., Schoorman, F.D.: An integrative model of organizational trust. Academy of Management Review 20(3), 709–734 (1995)

    Article  Google Scholar 

  25. Moore, A.P., Cappelli, D.M., Trzeciak, R.F.: The "big picture" of insider it sabotage across u.s. critical infrastructures. Tech. rep., Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania (2008)

    Google Scholar 

  26. Nardi, D., Brachman, R.J.: An introduction to description logics. In: F. Baader, D. Calvanese, D.L. McGuinness, D. Nardi, P.F. Patel-Schnieder (eds.) The Description Logic Handbook: Theory, Implementation, and Applications, pp. 5–44. Cambridge University Press, Cambridge, United Kingdom (2003)

    Google Scholar 

  27. Parker, D.B.: Fighting Computer Crime: A New Framework for Protecting Information. John Wiley & Sons, New York (1998)

    Google Scholar 

  28. Pearl, J.: Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann, San Francisco, California (1988)

    Google Scholar 

  29. Rosenberg, R.S.: The workplace on the verge of the 21st century. Journal of Business Ethics 22(1), 3–14 (1999)

    Article  Google Scholar 

  30. Schultz, E.E.: A framework for understanding and predicting insider attacks. Computers & Security 21(6), 526–531 (2002)

    Article  Google Scholar 

  31. Shaw, E.D., Fischer, L.F.: Ten tales of betrayal: The threat to corporate infrastructure by information technology insiders analysis and observations. Tech. rep., Personnel Security Research Center (PERSEREC), Monterey, California (2005). Available from http: //handle.dtic.mil/100.2/ADA4 412 93. Accessed August 14, 2009.

    Google Scholar 

  32. Siegel, S.: Nonparametric Statistics for the Behavioral Sciences. McGraw-Hill, New York (1956)

    MATH  Google Scholar 

  33. Tabak, F., Smith, W.P.: Privacy and electronic monitoring in the workplace: A model of managerial cognition and relational trust development. Employee Responsibilities and Rights Journal 17(3), 173–189 (2005)

    Article  Google Scholar 

  34. US-CERT/CERT Coordination Center: 2004 e-crime watch survey—summary of findings. Tech. rep., U.S. Secret Service and CERT Coordination Center, Washington, D.C. Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania (2004). Available from http://www.cert.org/archive/pdf/ecrimesurvey05.pdf. Accessed January 11, 2010.

  35. US-CERT/CERT Coordination Center: 2005 e-crime watch survey—survey results. Tech. rep., U.S. Secret Service and CERT Coordination Center, Washington, D.C. Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania (2005). Available from http:// www.cert.org/archive/pdf/ecrimesurvey06.pdf. Accessed January 11, 2010.

  36. US-CERT/CERT Coordination Center: 2006 e-crime watch survey—complete survey results. Tech. rep., U.S. Secret Service and CERT Coordination Center, Washington, D.C. Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania (2006). Available from http://www.cert.org/archive/pdf/ecrimesurvey0 6.pdf. Accessed January 11, 2010.

    Google Scholar 

  37. US-CERT/CERT Coordination Center: 2007 e-crime watch survey—complete survey results. Tech. rep., U.S. Secret Service and CERT Coordination Center, Washington, D.C. Carnegie Mellon Software Engineering Institute, Pittsburgh, Pennsylvania (2007). Available from http://www.cert.org/archive/pdf/ecrimesurvey07.pdf. Accessed January 11, 2010.

    Google Scholar 

  38. U.S. Department of Defense Office of the Inspector General (DoD): DoD management of information assurance efforts to protect automated information systems. Tech. Rep. 97-049, U.S. Department of Defense, Washington, D.C. (1997)

    Google Scholar 

  39. Wood, B.: An insider threat model for adversary simulation. In: Proceedings of the Research on Mitigating the Insider Threat on Information Systems. Arlington, Virginia (2000)

    Google Scholar 

  40. Zadeh, L.A.: Fuzzy sets. Information Control 8(3), 338–353 (1965)

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Pacific Northwest National Laboratory, 99352, Richland, WA, U.S.A.

    Frank L. Greitzer & Deborah A. Frincke

Authors
  1. Frank L. Greitzer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Deborah A. Frincke
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Frank L. Greitzer .

Editor information

Editors and Affiliations

  1. , Informatics & Mathematical Modelling, Technical University of Denmark, Richard Petersens Plads, Kongens Lyngby, DK-2800, Denmark

    Christian W. Probst

  2. Copeland St., Pittsburgh, 15232, USA

    Jeffrey Hunker

  3. Hamburg-Harburg, Institut für Sicherheit in verteilten, Technische Universitaet, Harburger Schlossstrasse 20, Hamburg-Harburg, 21079, Germany

    Dieter Gollmann

  4. , Department of Computer Science, University of California, Davis, Shields Ave. One, Davis, 95616-8562, USA

    Matt Bishop

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer Science+Business Media, LLC

About this chapter

Cite this chapter

Greitzer, F.L., Frincke, D.A. (2010). Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation . In: Probst, C., Hunker, J., Gollmann, D., Bishop, M. (eds) Insider Threats in Cyber Security. Advances in Information Security, vol 49. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-7133-3_5

Download citation

  • DOI: https://doi.org/10.1007/978-1-4419-7133-3_5

  • Published:

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-1-4419-7132-6

  • Online ISBN: 978-1-4419-7133-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation