A Probabilistic Analysis Framework for Malicious Insider Threats

  • Taolue Chen
  • Florian Kammüller
  • Ibrahim Nemli
  • Christian W. ProbstEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9190)


Malicious insider threats are difficult to detect and to mitigate. Many approaches for explaining behaviour exist, but there is little work to relate them to formal approaches to insider threat detection. In this work we present a general formal framework to perform analysis for malicious insider threats, based on probabilistic modelling, verification, and synthesis techniques. The framework first identifies insiders’ intention to perform an inside attack, using Bayesian networks, and in a second phase computes the probability of success for an inside attack by this actor, using probabilistic model checking.


  1. 1.
    Axelrad, E.T., Sticha, P.J., Brdiczka, O., Shen, J.: A bayesian network model for predicting insider threats. In: 2013 IEEE Security and Privacy Workshops, pp. 82–89. IEEE Computer Society, Los Alamitos (2013)Google Scholar
  2. 2.
    Boender, J., Ivanova, M.G., Kammüller, F., Primiero, G.: Modeling human behaviour with higher order logic: Insider threats. In: STAST 2014. IEEE (2014). co-located with CSF’14 in the Vienna Summer of LogicGoogle Scholar
  3. 3.
    Cappelli, D.M., Moore, A.P., Trzeciak, R.F.: The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). SEI Series in Software Engineering, 1st edn. Addison-Wesley Professional, Boston (2012)Google Scholar
  4. 4.
    Heckerman, D.: A tutorial on learning with bayesian networks. In: Jordan, M. (ed.) Learning in Graphical Models. MIT Press, Cambridge (1999)Google Scholar
  5. 5.
    Kissel, R.: Glossary of key information security terms. Technical report NISTIR 7298 Revision 2, National Institute of Standards and Technology (2013)Google Scholar
  6. 6.
    Koller, D., Friedman, N.: Probabilistic Graphical Models - Principles and Techniques. MIT Press, Cambridge (2009)Google Scholar
  7. 7.
    Lenin, A., Buldas, A.: Limiting adversarial budget in quantitative security assessment. In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 155–174. Springer, Heidelberg (2014) Google Scholar
  8. 8.
    Nemli, I.: Using acklaim and prism to model and analyse insider threats. Master’s thesis, DTU Copenhagen (2015).
  9. 9.
    Nurse, J.R.C., Buckley, O., Legg, P.A., Goldsmith, M., Creese, S., Wright, G.R.T., Whitty, M.: Understanding insider threat: a framework for characterising attacks. In: WRIT 2014. IEEE (2014)Google Scholar
  10. 10.
    Probst, C.W., Hansen, R.R.: An extensible analysable system model. Inf. Secur. Tech. Rep. 13(4), 235–246 (2008)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Taolue Chen
    • 1
  • Florian Kammüller
    • 1
  • Ibrahim Nemli
    • 2
  • Christian W. Probst
    • 2
    Email author
  1. 1.Middlesex University LondonLondonUK
  2. 2.Technical University DenmarkKongens LyngbyDenmark

Personalised recommendations