Abstract
Current cybersecurity research on insider threats has focused on finding clues to illicit behavior, or “passive indicators”, in existing data resources. However, a more proactive view of detection could preemptively uncover a potential threat, mitigating organizational damage. Active Indicator Probes (AIPs) of insider threats are stimuli placed into the workflow to trigger differential psychophysiological responses. This approach requires defining a library of AIPs and identifying eye tracking metrics to detect diagnostic responses. Since studying true insider threats is unrealistic and current research on deception uses controlled environments which may not generalize to the real world, it is crucial to utilize simulated environments to develop these new countermeasures. This study utilized a financial work environment simulation, where participants became employees reconstructing incomplete account information, under two conditions: permitted and illicit cyber tasking. Using eye tracking, reactions to AIPs placed in work environment were registered to find metrics for insider threat.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mohammed, D.: Cybersecurity compliance in the financial sector. J. Internet Bank. Commer. 20(1), 1–11 (2015)
Beer, W.: Cybercrime. Protecting against the growing threat. Global Economic Crime Survey, 30 February 2012
Silowash, G., Cappelli, D., Moore, A., Trzeciak, R., Shimeall, T.J., Flynn, L.: Common Sense Guide to Mitigating Insider Threats, 4th edition. DTIC Document (2012)
Wall, D.S.: Enemies within: redefining the insider threat in organizational security policy. Secur. J. 26(2), 107–124 (2013)
Leschnitzer, D.: Cyber Security Lecture Series: The CERT Insider Threat Guide (2013)
Whitman, R.L.: Brain Betrayal: A Neuropsychological Categorization of Insider Attacks (2016)
Silowash, G.: Insider Threat Control: Understanding Data Loss Prevention (DLP) and Detection by Correlating Events from Multiple Sources
Greitzer, F.L., et al.: Developing an ontology for individual and organizational sociotechnical indicators of insider threat risk. In: STIDS, pp. 19–27 (2016)
Meijer, E., Verschuere, B., Ben-Shakhar, G.: Practical guidelines for developing a CIT. In: Verschuere, B., Ben-Shakhar, G., Meijer, E. (eds.) Memory Detection, pp. 293–302. Cambridge University Press, Cambridge (2011)
Verschuere, B., Ben-Shakhar, G., Meijer, E. (eds.): Memory Detection: Theory and Application of the Concealed Information Test. Cambridge University Press, Cambridge (2011)
Ekman, P., Friesen, W.V.: Nonverbal leakage and clues to deception. Psychiatry 32(1), 88–106 (1969)
Emm, D., Garnaeva, M., Ivanov, A., Makrushin, D., Unuchek, R.: IT Threat Evolution in Q2 2015. Russ. Fed, Kaspersky Lab HQ (2015)
Hashem, Y., Takabi, H., GhasemiGol, M., Dantu, R.: Towards Insider Threat Detection Using Psychophysiological Signals, pp. 71–74 (2015)
Neuman, Y., Assaf, D., Israeli, N.: Identifying the location of a concealed object through unintentional eye movements. Front. Psychol. 6 (2015)
Synnott, J., Dietzel, D., Ioannou, M.: A review of the polygraph: history, methodology and current status. Crime Psychol. Rev. 1(1), 59–83 (2015)
Twyman, N.W., Lowry, P.B., Burgoon, J.K., Nunamaker, J.F.: Autonomous scientifically controlled screening systems for detecting information purposely concealed by individuals. J. Manag. Inf. Syst. 31(3), 106–137 (2014)
Derrick, D.C., Moffitt, K., Nunamaker, J.F.: Eye gaze behavior as a guilty knowledge test: initial exploration for use in automated, kiosk-based screening. Presented at the Hawaii International Conference on System Sciences, Poipu, HI (2010)
Schwedes, C., Wentura, D.: The revealing glance: eye gaze behavior to concealed information. Mem. Cogn. 40(4), 642–651 (2012)
Ekman, P.: Mistakes-when-deceiving. Ann. N. Y. Acad. Sci. 364, 269–278 (1981)
Bhuvaneswari, P., Kumar, J.S.: A note on methods used for deception analysis and influence of thinking stimulus in deception detection. Int. J. Eng. Technol. 7(1), 109–116 (2015)
Matthews, G., Reinerman-Jones, L.E., Barber, D.J., Abich IV, J.: The psychometrics of mental workload: Multiple measures are sensitive but divergent. Hum. Fact. J. Hum. Fact. Ergon. Soc. 57(1), 125–143 (2015)
Staab, J.P.: The influence of anxiety on ocular motor control and gaze. Curr. Opin. Neurol. 27(1), 118–124 (2014)
Ortiz, E., Reinerman-Jones, L., Matthews, G.: Developing an Insider Threat Training Environment. In: Nicholson, D. (ed.) Advances in Human Factors in Cybersecurity, vol. 501, pp. 267–277. Springer, Cham (2016)
Schleicher, R., Galley, N., Briest, S., Galley, L.: Blinks and saccades as indicators of fatigue in sleepiness warnings: looking tired? Ergonomics 51(7), 982–1010 (2008)
Acknowledgements
The research is based upon work supported by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Projects Activity (IARPA), via IARPA R&D Contracts, contract number 2016-16031500006. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the ODNI, IARPA, or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright annotation thereon.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Yerdon, V.A., Wohleber, R.W., Matthews, G., Reinerman-Jones, L.E. (2019). A Simulation-Based Approach to Development of a New Insider Threat Detection Technique: Active Indicators. In: Ahram, T., Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. AHFE 2018. Advances in Intelligent Systems and Computing, vol 782. Springer, Cham. https://doi.org/10.1007/978-3-319-94782-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-94782-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-94781-5
Online ISBN: 978-3-319-94782-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)