Abstract
Internal threat is an important issue for the information systems of an organization. To deal with this problem, organizations often formulate regulations and rules to regulate the behavior of employees and prevent them from causing production risks. However, how to effectively detect violations of the rules in the production process is challenging. In this paper, we propose an event based internal threat detection method. Firstly, we establish a detection model for regulation violation by representing rules and regulations as complex events and design a rule engine to detect if these complex events occur and discover the violations of rules. Then the logs generated during product are used for activating the rule reasoning. Finally, the rule violation will be reported to the supervisor for further investigation. The experiment on the real production processes shows the method is effective and efficient to detect internal threats and can be used at major production sites.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34(3), 523–548 (2010)
Dubois, E., Heymans, P., Mayer, N., Matulevičius, R.: A systematic approach to define the domain of information system security risk management. In: Intentional Perspectives on Information Systems Engineering, pp. 289–306. Springer, Berlin (2010)
Sandhu, R.S., Samarati, P.: Access control: principle and practice. IEEE Commun. Mag. 32(9), 40–48 (1994)
Rivest, R.L.: U.S. Patent No. 4,376,299. U.S. Patent and Trademark Office, Washington, DC (1983)
Warkentin, M., Willison, R.: Behavioral and policy issues in information systems security: the insider threat. Eur. J. Inf. Syst. 18(2), 101–105 (2009)
Colwill, C.: Human factors in information security: the insider threat who can you trust these days? Inf. Secur. Tech. Rep. 14(4), 186–196 (2009)
Doherty, N.F., Fulford, H.: Aligning the information security policy with the strategic information systems plan. Comput. Secur. 25(1), 55–63 (2006)
Herath, T., Rao, H.R.: Protection motivation and deterrence: a framework for security policy compliance in organisations. Eur. J. Inf. Syst. 18(2), 106–125 (2009)
Bishop, M., Gates, C.: Defining the insider threat. In: Workshop on Cyber Security & Information Intelligence Research: Developing Strategies to Meet the Cyber Security & Information Intelligence Challenges Ahead, p. 15. ACM (2008)
Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., Gritzalis, D.: An insider threat prediction model. In: International Conference on Trust, Privacy and Security in Digital Business, pp. 26–37. Springer, Berlin (2010)
van Kessel, P.: Cybersecurity regained: preparing to face cyber attacks, Ernst & Young Global Limited. Web. 17 November 2017. http://www.ey.com/Publication/vwLUAssets/ey-cybersecurity-regained-preparing-to-face-cyber-attacks/$FILE/ey-cybersecurity-regained-preparing-to-face-cyber-attacks.pdf
Hu, N., Bradford, P.G., Liu, J.: Applying role based access control and genetic algorithms to insider threat detection. In: ACM Southeast Regional Conference: Proceedings of the 44th Annual Southeast Regional Conference, vol. 2006, pp. 790–791, March 2006
Myers, J., Grimaila, M.R., Mills, R.F.: Towards insider threat detection using web server logs. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, p. 54. ACM, April 2009
Spitzner, L.: Honeypots: catching the insider threat. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 170–179. IEEE, December 2003
Eberle, W., Graves, J., Holder, L.: Insider threat detection using a graph-based approach. J. Appl. Secur. Res. 6(1), 32–81 (2010)
Rashid, T., Agrafiotis, I., Nurse, J.R.: A new take on detecting insider threats: exploring the use of Hidden Markov Models. In: Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats, pp. 47–56. ACM, October 2016
Stavrou, V., Kandias, M., Karoulas, G., Gritzalis, D.: Business process modeling for insider threat monitoring and handling. In: International Conference on Trust, Privacy and Security in Digital Business, pp. 119–131. Springer, Cham, September 2014
Luckham, D.: The Power of Events, vol. 4. Addison-Wesley, Reading (2002)
Rizvi, S.: Complex event processing beyond active databases: streams and uncertainties. TR EECS-200526 (2005)
Norman, T.L.: Electronic Access Control. Elsevier, Burlington (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Li, Z., Liu, K. (2020). An Event Based Detection of Internal Threat to Information System. In: Kim, J., Geem, Z., Jung, D., Yoo, D., Yadav, A. (eds) Advances in Harmony Search, Soft Computing and Applications. ICHSA 2019. Advances in Intelligent Systems and Computing, vol 1063. Springer, Cham. https://doi.org/10.1007/978-3-030-31967-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-31967-0_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-31966-3
Online ISBN: 978-3-030-31967-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)