Skip to main content
SpringerLink
Log in

A Simulation-Based Approach to Development of a New Insider Threat Detection Technique: Active Indicators

  • Conference paper
  • First Online:
Advances in Human Factors in Cybersecurity (AHFE 2018)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 782))

Included in the following conference series:

Abstract

Current cybersecurity research on insider threats has focused on finding clues to illicit behavior, or “passive indicators”, in existing data resources. However, a more proactive view of detection could preemptively uncover a potential threat, mitigating organizational damage. Active Indicator Probes (AIPs) of insider threats are stimuli placed into the workflow to trigger differential psychophysiological responses. This approach requires defining a library of AIPs and identifying eye tracking metrics to detect diagnostic responses. Since studying true insider threats is unrealistic and current research on deception uses controlled environments which may not generalize to the real world, it is crucial to utilize simulated environments to develop these new countermeasures. This study utilized a financial work environment simulation, where participants became employees reconstructing incomplete account information, under two conditions: permitted and illicit cyber tasking. Using eye tracking, reactions to AIPs placed in work environment were registered to find metrics for insider threat.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mohammed, D.: Cybersecurity compliance in the financial sector. J. Internet Bank. Commer. 20(1), 1–11 (2015)

    Google Scholar 

  2. Beer, W.: Cybercrime. Protecting against the growing threat. Global Economic Crime Survey, 30 February 2012

    Google Scholar 

  3. Silowash, G., Cappelli, D., Moore, A., Trzeciak, R., Shimeall, T.J., Flynn, L.: Common Sense Guide to Mitigating Insider Threats, 4th edition. DTIC Document (2012)

    Google Scholar 

  4. Wall, D.S.: Enemies within: redefining the insider threat in organizational security policy. Secur. J. 26(2), 107–124 (2013)

    Article  Google Scholar 

  5. Leschnitzer, D.: Cyber Security Lecture Series: The CERT Insider Threat Guide (2013)

    Google Scholar 

  6. Whitman, R.L.: Brain Betrayal: A Neuropsychological Categorization of Insider Attacks (2016)

    Google Scholar 

  7. Silowash, G.: Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources

    Google Scholar 

  8. Greitzer, F.L., et al.: Developing an ontology for individual and organizational sociotechnical indicators of insider threat risk. In: STIDS, pp. 19–27 (2016)

    Google Scholar 

  9. Meijer, E., Verschuere, B., Ben-Shakhar, G.: Practical guidelines for developing a CIT. In: Verschuere, B., Ben-Shakhar, G., Meijer, E. (eds.) Memory Detection, pp. 293–302. Cambridge University Press, Cambridge (2011)

    Chapter  Google Scholar 

  10. Verschuere, B., Ben-Shakhar, G., Meijer, E. (eds.): Memory Detection: Theory and Application of the Concealed Information Test. Cambridge University Press, Cambridge (2011)

    Google Scholar 

  11. Ekman, P., Friesen, W.V.: Nonverbal leakage and clues to deception. Psychiatry 32(1), 88–106 (1969)

    Article  Google Scholar 

  12. Emm, D., Garnaeva, M., Ivanov, A., Makrushin, D., Unuchek, R.: IT Threat Evolution in Q2 2015. Russ. Fed, Kaspersky Lab HQ (2015)

    Google Scholar 

  13. Hashem, Y., Takabi, H., GhasemiGol, M., Dantu, R.: Towards Insider Threat Detection Using Psychophysiological Signals, pp. 71–74 (2015)

    Google Scholar 

  14. Neuman, Y., Assaf, D., Israeli, N.: Identifying the location of a concealed object through unintentional eye movements. Front. Psychol. 6 (2015)

    Google Scholar 

  15. Synnott, J., Dietzel, D., Ioannou, M.: A review of the polygraph: history, methodology and current status. Crime Psychol. Rev. 1(1), 59–83 (2015)

    Article  Google Scholar 

  16. Twyman, N.W., Lowry, P.B., Burgoon, J.K., Nunamaker, J.F.: Autonomous scientifically controlled screening systems for detecting information purposely concealed by individuals. J. Manag. Inf. Syst. 31(3), 106–137 (2014)

    Article  Google Scholar 

  17. Derrick, D.C., Moffitt, K., Nunamaker, J.F.: Eye gaze behavior as a guilty knowledge test: initial exploration for use in automated, kiosk-based screening. Presented at the Hawaii International Conference on System Sciences, Poipu, HI (2010)

    Google Scholar 

  18. Schwedes, C., Wentura, D.: The revealing glance: eye gaze behavior to concealed information. Mem. Cogn. 40(4), 642–651 (2012)

    Article  Google Scholar 

  19. Ekman, P.: Mistakes-when-deceiving. Ann. N. Y. Acad. Sci. 364, 269–278 (1981)

    Article  Google Scholar 

  20. Bhuvaneswari, P., Kumar, J.S.: A note on methods used for deception analysis and influence of thinking stimulus in deception detection. Int. J. Eng. Technol. 7(1), 109–116 (2015)

    Google Scholar 

  21. Matthews, G., Reinerman-Jones, L.E., Barber, D.J., Abich IV, J.: The psychometrics of mental workload: Multiple measures are sensitive but divergent. Hum. Fact. J. Hum. Fact. Ergon. Soc. 57(1), 125–143 (2015)

    Article  Google Scholar 

  22. Staab, J.P.: The influence of anxiety on ocular motor control and gaze. Curr. Opin. Neurol. 27(1), 118–124 (2014)

    Article  Google Scholar 

  23. Ortiz, E., Reinerman-Jones, L., Matthews, G.: Developing an Insider Threat Training Environment. In: Nicholson, D. (ed.) Advances in Human Factors in Cybersecurity, vol. 501, pp. 267–277. Springer, Cham (2016)

    Chapter  Google Scholar 

  24. Schleicher, R., Galley, N., Briest, S., Galley, L.: Blinks and saccades as indicators of fatigue in sleepiness warnings: looking tired? Ergonomics 51(7), 982–1010 (2008)

    Article  Google Scholar 

Download references

Acknowledgements

The research is based upon work supported by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Projects Activity (IARPA), via IARPA R&D Contracts, contract number 2016-16031500006. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the ODNI, IARPA, or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation thereon.

Author information

Authors and Affiliations

  1. University of Central Florida, 4000 Central Blvd, Orlando, FL, 32816, USA

    Valarie A. Yerdon, Ryan W. Wohleber, Gerald Matthews & Lauren E. Reinerman-Jones

Authors
  1. Valarie A. Yerdon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ryan W. Wohleber
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gerald Matthews
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lauren E. Reinerman-Jones
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Valarie A. Yerdon .

Editor information

Editors and Affiliations

  1. University of Central Florida, Orlando, Florida, USA

    Tareq Z. Ahram

  2. Soar Technology Inc., Orlando, Florida, USA

    Denise Nicholson

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yerdon, V.A., Wohleber, R.W., Matthews, G., Reinerman-Jones, L.E. (2019). A Simulation-Based Approach to Development of a New Insider Threat Detection Technique: Active Indicators. In: Ahram, T., Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. AHFE 2018. Advances in Intelligent Systems and Computing, vol 782. Springer, Cham. https://doi.org/10.1007/978-3-319-94782-2_1

Download citation

Publish with us

Policies and ethics

Search

Navigation