Skip to main content
SpringerLink
Log in
SpringerLink
Log in

An Insider Threat Prediction Model

  • Conference paper
Trust, Privacy and Security in Digital Business (TrustBus 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6264))

Abstract

Information systems face several security threats, some of which originate by insiders. This paper presents a novel, interdisciplinary insider threat prediction model. It combines approaches, techniques, and tools from computer science and psychology. It utilizes real time monitoring, capturing the user’s technological trait in an information system and analyzing it for misbehavior. In parallel, the model is using data from psychometric tests, so as to assess for each user the predisposition to malicious acts and the stress level, which is an enabler for the user to overcome his moral inhibitions, under the condition that the collection of such data complies with the legal framework. The model combines the above mentioned information, categorizes users, and identifies those that require additional monitoring, as they can potentially be dangerous for the information system and the organization.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Schultz, E.E.: A framework for understanding and predicting insider attacks. Comput. Secur. 21(6), 526–531 (2002)

    Article  Google Scholar 

  2. Wood, B.: An Insider Threat Model for Adversary Simulation. In: Anderson, R.H. (ed.) Research on Mitigating the Insider Threat to Information Systems-#2, RAND (2000)

    Google Scholar 

  3. Thompson, P.: Weak Models for Insider Threat Detection. In: Carapezza, E.M. (ed.) Sensors, & Command, Control, Communications, & Intelligence (C3I) Technologies for Homeland Security & Homeland Defense III, vol. 5403, pp. 40–48 (2004)

    Google Scholar 

  4. Shaw, E., Ruby, K.G., Post, J.M.: The Insider Threat to Information Systems, The Psychology of the Dangerous Insider. Sec. Awareness Bulletin 2, 98 (1998)

    Google Scholar 

  5. Caputo, D., Marcus, A., Maloof, M., Stephens, G.: Detecting Insider Theft of Trade Secrets. IEEE Secur. Privacy 7(6), 14–21 (2009)

    Article  Google Scholar 

  6. Magklaras, G.B., Furnell, S.M.: A preliminary model of end user sophistication for insider threat prediction in IT systems. Comput. Secur. 24(5), 371–380 (2004)

    Article  Google Scholar 

  7. Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E.: The insider threat to information systems and the effectiveness of ISO17799. Comput. Secur. 24(6), 472–484 (2005)

    Article  Google Scholar 

  8. Cappelli, D.M., Moore, A.P., Trzeciak, R.F., Shimeall, T.J.: Common Sense Guide to Prevention and Detection of Insider Threat, 3rd edn. Carnegie Mellon University, Pittsburgh (2009)

    Google Scholar 

  9. Bowen, B., Salem, M., Hershkop, S., Keromytis, A., Stolfo, S.: Designing Host and Network Sensors to Mitigate the Insider Threat. IEEE Secur. Privacy 7(6), 22–29 (2009)

    Article  Google Scholar 

  10. Duran, F., Conrad, S., Conrad, G., Duggan, D., Held, E.: Building A System For Insider Security. IEEE Secur. Privacy 7(6), 30–38 (2009)

    Article  Google Scholar 

  11. Liu, A., Martin, C., Hetherington, T., Matzner, S.: A comparison of system call feature for insider threat detection. In: Proc. of the 6th Annual IEEE Systems, Man & Cybernetics, Information Assurance Workshop, pp. 341–347 (2005)

    Google Scholar 

  12. Nguyen, N., Reiher, P., Kuenning, G.: Detecting Insider Threats by Monitoring System Call Activity. In: IEEE Workshop on Information Assurance. United States Military Academy, West Point (2003)

    Google Scholar 

  13. Spitzner, L.: Honeypots: Catching the Insider Threat. In: 19th Annual Computer Security Applications Conference, Las Vegas, Nevada (2003)

    Google Scholar 

  14. Velpula, V.B., Gudipudi, D.: Behavior-Anomaly-Based System for Detecting Insider Attacks and Data Mining. Int. J. of Rec. Tr. in Eng. 1(2), 261–266 (2009)

    Google Scholar 

  15. Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical Report. James P Anderson Co., Fort Washington (1980)

    Google Scholar 

  16. Magklaras, G.B., Furnell, S.M.: Insider Threat Prediction Tool: Evaluating the probability of IT misuse. Comput. Secur. 21(1), 62–73 (2002)

    Article  Google Scholar 

  17. Cheswick, W.R., Bellovin, S.M.: Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley Publishing Company, Reading (1994)

    MATH  Google Scholar 

  18. Phyo, A.H., Furnell, S.M.: Detection-Oriented Classification of Insider IT Misuse. In: Proc. of the 3rd Security Conference, Las Vegas (2004)

    Google Scholar 

  19. Tuglular, T.: A Preliminary Structural Approach to Insider Computer Misuse Incidents. In: EICAR 2000 Best Paper Proceedings, pp. 105–125 (2000)

    Google Scholar 

  20. Hansman, S., Hunt, R.: A taxonomy of network and computer attacks. Comput. Secur. 24(1), 31–43 (2005)

    Article  Google Scholar 

  21. Mitrou, L., Karyda, M.: Employees’ privacy vs. employers’ security: Can they be balanced? Telematics Inf. 23(3), 164–178 (2006)

    Article  Google Scholar 

  22. Rogers, M.K.: A social learning theory and moral disengagement analysis of criminal computer behavior: an exploratory study. PHD Thesis. Dept. of Psychology, University of Manitoba (2001)

    Google Scholar 

  23. Heuer, R.J.: The insider espionage threat. In: Anderson, R.H. (ed.) Research on Mitigating the Insider Threat to Information Systems-#2, RAND (2000)

    Google Scholar 

  24. Puleo, A.J.: Mitigating insider threat using human behavior influence models. Master Thesis. Dept. of the Air Force, Air University Wright-Patterson Air Force Base, Ohio (2004)

    Google Scholar 

  25. Rasch, G.: Probabilistic models for some intelligence and attainment tests. Copenhagen, Danish Institute for Educational Research (1960)

    Google Scholar 

  26. Forrest, S., Hofmeyr, S.A., Somayaji, A.: A sense of self for unix processes. In: Proc. of the 1996 IEEE Symposium on Research in Security & Privacy, p. 0120 (1996)

    Google Scholar 

  27. Forrest, S., Hofmeyr, S.A., Somayaji, A.: Intrusion Detection Using Sequences of System Calls. J. of Comp. Sec. 6(3), 151–180 (1998)

    Google Scholar 

  28. Liao, Y., Vemuri, V.R.: Using Text Categorization Techniques for Intrusion Detection. In: Proc. of 11th USENIX Security Symposium, pp. 51–59 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security & Critical Infrastructure Protection Research Group, Dept. of Informatics, Athens University of Economics and Business, 76 Patission Ave., GR-10434, Athens, Greece

    Miltiadis Kandias, Alexios Mylonas, Nikos Virvilis, Marianthi Theoharidou & Dimitris Gritzalis

Authors
  1. Miltiadis Kandias
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexios Mylonas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nikos Virvilis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Marianthi Theoharidou
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dimitris Gritzalis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Digital Systems, University of Piraeus, 18534, Piraeus, Greece

    Sokratis Katsikas

  2. Computer Science Department, University of Malaga, 29071, Malaga, Spain

    Javier Lopez

  3. Department of Telematics Engineering, Technical University of Catalonia, 08034, Barcelona, Spain

    Miguel Soriano

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., Gritzalis, D. (2010). An Insider Threat Prediction Model. In: Katsikas, S., Lopez, J., Soriano, M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2010. Lecture Notes in Computer Science, vol 6264. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15152-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15152-1_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15151-4

  • Online ISBN: 978-3-642-15152-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation