Abstract
Information systems face several security threats, some of which originate by insiders. This paper presents a novel, interdisciplinary insider threat prediction model. It combines approaches, techniques, and tools from computer science and psychology. It utilizes real time monitoring, capturing the user’s technological trait in an information system and analyzing it for misbehavior. In parallel, the model is using data from psychometric tests, so as to assess for each user the predisposition to malicious acts and the stress level, which is an enabler for the user to overcome his moral inhibitions, under the condition that the collection of such data complies with the legal framework. The model combines the above mentioned information, categorizes users, and identifies those that require additional monitoring, as they can potentially be dangerous for the information system and the organization.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Schultz, E.E.: A framework for understanding and predicting insider attacks. Comput. Secur. 21(6), 526–531 (2002)
Wood, B.: An Insider Threat Model for Adversary Simulation. In: Anderson, R.H. (ed.) Research on Mitigating the Insider Threat to Information Systems-#2, RAND (2000)
Thompson, P.: Weak Models for Insider Threat Detection. In: Carapezza, E.M. (ed.) Sensors, & Command, Control, Communications, & Intelligence (C3I) Technologies for Homeland Security & Homeland Defense III, vol. 5403, pp. 40–48 (2004)
Shaw, E., Ruby, K.G., Post, J.M.: The Insider Threat to Information Systems, The Psychology of the Dangerous Insider. Sec. Awareness Bulletin 2, 98 (1998)
Caputo, D., Marcus, A., Maloof, M., Stephens, G.: Detecting Insider Theft of Trade Secrets. IEEE Secur. Privacy 7(6), 14–21 (2009)
Magklaras, G.B., Furnell, S.M.: A preliminary model of end user sophistication for insider threat prediction in IT systems. Comput. Secur. 24(5), 371–380 (2004)
Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E.: The insider threat to information systems and the effectiveness of ISO17799. Comput. Secur. 24(6), 472–484 (2005)
Cappelli, D.M., Moore, A.P., Trzeciak, R.F., Shimeall, T.J.: Common Sense Guide to Prevention and Detection of Insider Threat, 3rd edn. Carnegie Mellon University, Pittsburgh (2009)
Bowen, B., Salem, M., Hershkop, S., Keromytis, A., Stolfo, S.: Designing Host and Network Sensors to Mitigate the Insider Threat. IEEE Secur. Privacy 7(6), 22–29 (2009)
Duran, F., Conrad, S., Conrad, G., Duggan, D., Held, E.: Building A System For Insider Security. IEEE Secur. Privacy 7(6), 30–38 (2009)
Liu, A., Martin, C., Hetherington, T., Matzner, S.: A comparison of system call feature for insider threat detection. In: Proc. of the 6th Annual IEEE Systems, Man & Cybernetics, Information Assurance Workshop, pp. 341–347 (2005)
Nguyen, N., Reiher, P., Kuenning, G.: Detecting Insider Threats by Monitoring System Call Activity. In: IEEE Workshop on Information Assurance. United States Military Academy, West Point (2003)
Spitzner, L.: Honeypots: Catching the Insider Threat. In: 19th Annual Computer Security Applications Conference, Las Vegas, Nevada (2003)
Velpula, V.B., Gudipudi, D.: Behavior-Anomaly-Based System for Detecting Insider Attacks and Data Mining. Int. J. of Rec. Tr. in Eng. 1(2), 261–266 (2009)
Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical Report. James P Anderson Co., Fort Washington (1980)
Magklaras, G.B., Furnell, S.M.: Insider Threat Prediction Tool: Evaluating the probability of IT misuse. Comput. Secur. 21(1), 62–73 (2002)
Cheswick, W.R., Bellovin, S.M.: Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley Publishing Company, Reading (1994)
Phyo, A.H., Furnell, S.M.: Detection-Oriented Classification of Insider IT Misuse. In: Proc. of the 3rd Security Conference, Las Vegas (2004)
Tuglular, T.: A Preliminary Structural Approach to Insider Computer Misuse Incidents. In: EICAR 2000 Best Paper Proceedings, pp. 105–125 (2000)
Hansman, S., Hunt, R.: A taxonomy of network and computer attacks. Comput. Secur. 24(1), 31–43 (2005)
Mitrou, L., Karyda, M.: Employees’ privacy vs. employers’ security: Can they be balanced? Telematics Inf. 23(3), 164–178 (2006)
Rogers, M.K.: A social learning theory and moral disengagement analysis of criminal computer behavior: an exploratory study. PHD Thesis. Dept. of Psychology, University of Manitoba (2001)
Heuer, R.J.: The insider espionage threat. In: Anderson, R.H. (ed.) Research on Mitigating the Insider Threat to Information Systems-#2, RAND (2000)
Puleo, A.J.: Mitigating insider threat using human behavior influence models. Master Thesis. Dept. of the Air Force, Air University Wright-Patterson Air Force Base, Ohio (2004)
Rasch, G.: Probabilistic models for some intelligence and attainment tests. Copenhagen, Danish Institute for Educational Research (1960)
Forrest, S., Hofmeyr, S.A., Somayaji, A.: A sense of self for unix processes. In: Proc. of the 1996 IEEE Symposium on Research in Security & Privacy, p. 0120 (1996)
Forrest, S., Hofmeyr, S.A., Somayaji, A.: Intrusion Detection Using Sequences of System Calls. J. of Comp. Sec. 6(3), 151–180 (1998)
Liao, Y., Vemuri, V.R.: Using Text Categorization Techniques for Intrusion Detection. In: Proc. of 11th USENIX Security Symposium, pp. 51–59 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., Gritzalis, D. (2010). An Insider Threat Prediction Model. In: Katsikas, S., Lopez, J., Soriano, M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2010. Lecture Notes in Computer Science, vol 6264. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15152-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-15152-1_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15151-4
Online ISBN: 978-3-642-15152-1
eBook Packages: Computer ScienceComputer Science (R0)