Insiders Trapped in the Mirror Reveal Themselves in Social Media

  • Miltiadis Kandias
  • Konstantina Galbogini
  • Lilian Mitrou
  • Dimitris Gritzalis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7873)


Social media have widened society’s opportunities for communication, while they offer ways to perform employees’ screening and profiling. Our goal in this paper is to develop an insider threat prediction method by (e)valuating a users’ personality trait of narcissism, which is deemed to be closely connected to the manifestation of malevolent insiders. We utilize graph theory tools in order to detect influence of and usage deviation. Then, we categorize the users according to a proposed taxonomy. Thus we detect individuals with narcissistic characteristics and manage to test groups of people under the prism of group homogeneity. Furthermore, we compare and classify users to larger sub-communities consisting of people of the same profession. The analysis is based on an extensive crawling of Greek users of Twitter. As the application of this method may lead to infringement of privacy rights, its use should be reserved for exceptional cases, such as the selection of security officers or of critical infrastructures decision-making staff.


Insider Threat Social Media Twitter Narcissism Personality Profiling Usage Deviation Group Homogeneity Security Officer 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    CSO magazine in cooperation with the U.S. Secret Services, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte: Cybersecurity watch survey: Cybercrime increasing faster than computes and defenses (2010),
  2. 2.
    Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E.: The insider threat to information systems and the effectiveness of ISO17799. Computers & Security 24(6), 472–484 (2005)CrossRefGoogle Scholar
  3. 3.
    Theoharidou, M., Gritzalis, D.: A Common Body of Knowledge for Information Security. IEEE Security & Privacy 4(2), 64–67 (2007)CrossRefGoogle Scholar
  4. 4.
    Liu, A., Martin, C., Hetherington, T., Matzner, S.: A comparison of system call feature representations for insider threat detection. In: Proceedings from the 6th Annual IEEE SMC Information Assurance Workshop, IAW 2005, pp. 340–347. IEEE (June 2005)Google Scholar
  5. 5.
    Kalutarage, H., Shaikh, S., Qin Zhou, A., James, A.: Sensing for suspicion at scale: A Bayesian approach for cyber conflict attribution and reasoning. In: 4th International Conference on Cyber Conflict (CYCON), pp. 1–19. IEEE (June 2012)Google Scholar
  6. 6.
    Magklaras, G., Furnell, S., Papadaki, M.: LUARM: An audit engine for insider misuse detection. International Journal of Digital Crime and Forensics (IJDCF) 3(3), 37–49 (2011)CrossRefGoogle Scholar
  7. 7.
    Spitzner, L.: Honeypots: Catching the insider threat. In: Proceedings of 19th Annual Computer Security Applications Conference, pp. 170–179. IEEE (December 2003)Google Scholar
  8. 8.
    Bowen, B.M., Ben Salem, M., Hershkop, S., Keromytis, A., Stolfo, S.J.: Designing host and network sensors to mitigate the insider threat. IEEE Security & Privacy 7(6), 22–29 (2009)CrossRefGoogle Scholar
  9. 9.
    Magklaras, G.B., Furnell, S.M.: Insider threat prediction tool: Evaluating the probability of IT misuse. Computers & Security 21(1), 62–73 (2001)CrossRefGoogle Scholar
  10. 10.
    Magklaras, G., Furnell, S., Brooke, P.: Towards an insider threat prediction specification language. Information Management & Computer Security 14(4), 361–381 (2006)CrossRefGoogle Scholar
  11. 11.
    Yaseen, Q., Panda, B.: Knowledge acquisition and insider threat prediction in relational database systems. In: International Conference on Computational Science and Engineering (CSE), pp. 450–455. IEEE (August 2009)Google Scholar
  12. 12.
    Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., Gritzalis, D.: An insider threat prediction model. In: Katsikas, S., Lopez, J., Soriano, M. (eds.) TrustBus 2010. LNCS, vol. 6264, pp. 26–37. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Greitzer, F., Kangas, L., Noonan, C., Dalton, A., Hohimer, R.: Identifying At-Risk Employees: Modeling Psychosocial Precursors of Potential Insider Threats. In: 45th Hawaii International Conference on System Science (HICSS), pp. 2392–2401. IEEE (January 2012)Google Scholar
  14. 14.
    Brdiczka, O., Liu, J., Price, B., Shen, J., Patil, A., Chow, R., Ducheneaut, N.: Proactive Insider Threat Detection through Graph Learning and Psychological Context. In: IEEE Symposium on Security and Privacy Workshops (SPW), pp. 142–149. IEEE (May 2012)Google Scholar
  15. 15.
    Chen, Y., Nyemba, S., Zhang, W., Malin, B.: Leveraging social networks to detect anomalous insider actions in collaborative environments. In: IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 119–124. IEEE (July 2011)Google Scholar
  16. 16.
    Skues, J., Williams, B., Wise, L.: The effects of personality traits, self-esteem, loneliness, and narcissism on Facebook use among university students. Computers in Human Behavior (2012)Google Scholar
  17. 17.
    Buffardi, L., Campbell, W.: Narcissism and social networking web sites. Personality and Social Psychology Bulletin 34(10), 1303–1314 (2008)CrossRefGoogle Scholar
  18. 18.
    Mehdizadeh, S.: Self-presentation 2.0: Narcissism and self-esteem on Facebook. In: Cyberpsychology Behavior Society Network, pp. 357–364 (2010)Google Scholar
  19. 19.
    Butts, J., Mills, R., Peterson, G.: A multidiscipline approach to mitigating the insider threat. In: International Conference on Information Warfare and Security, ICIW (March 2006)Google Scholar
  20. 20.
    Shaw, E., Ruby, K., Post, J.: The insider threat to information systems: The psychology of the dangerous insider. Security Awareness Bulletin 2(98), 1–10 (1998)Google Scholar
  21. 21.
    U.S. Department of Justice, Federal Bureau of Investigation: The insider threat, an introduction to detecting and deterring insider spy (2012),
  22. 22.
    Mislove, A., Marcon, M., Gummadi, K.P., Druschel, P., Bhattacharjee, B.: Measurement and analysis of online social networks. In: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, pp. 29–42. ACM (October 2007)Google Scholar
  23. 23.
    Travers, J., Milgram, S.: An experimental study of the small world problem. In: Sociometry, pp. 425–443 (1969)Google Scholar
  24. 24.
    Cha, M., Haddadi, H., Benevenuto, F., Gummadi, K.: Measuring user influence in Twitter: The million follower fallacy. In: 4th International AAAI Conference on Weblogs and Social Media (ICWSM), vol. 14(1), p. 8 (May 2010)Google Scholar
  25. 25.
    Quercia, D., Ellis, J., Capra, L., Crowcroft, J.: In the mood for being influential on twitter. In: Privacy, Security, Risk and Trust, IEEE 3rd International Conference on Social Computing (SOCIALCOM), pp. 307–314. IEEE (October 2011)Google Scholar
  26. 26.
    Watts, D., Strogatz, S.: The small world problem. In: Collective Dynamics of Small-World Networks, pp. 440–442 (1998)Google Scholar
  27. 27.
    Costa, L., Rodrigues, F., Travieso, G., Boas, P.: Characterization of complex networks: A survey of measurements. Advances in Physics 56(1), 167–242 (2007)CrossRefGoogle Scholar
  28. 28.
    Barabasi, A.: The origin of bursts and heavy tails in human dynamics. Nature 435(7039), 207–211 (2005)CrossRefGoogle Scholar
  29. 29.
    Ross, C., Orr, E., Sisic, M., Arseneault, J., Simmering, M., Orr, R.: Personality and motivations associated with Facebook use. Computers in Human Behavior 25, 578–586 (2009)CrossRefGoogle Scholar
  30. 30.
    Amichai-Hamburger, Y., Vinitzky, G.: Social network use and personality. Computers in Human Behavior 26, 1289–1295 (2010)CrossRefGoogle Scholar
  31. 31.
    Shaw, E., Fischer, L.: Ten tales of betrayal: The threat to corporate infrastructure by information technology insiders analysis and observations. Defense Personnel Security Research Center, USA (2005)Google Scholar
  32. 32.
    Shaw, E.: The role of behavioral research and profiling in malicious cyber insider investigations. Digital Investigation 3(1), 20–31 (2006)CrossRefGoogle Scholar
  33. 33.
    Frank, L., Hohimer, R.: Modeling human behavior to anticipate insider attacks. Journal of Strategic Security 4(2), 3 (2011)Google Scholar
  34. 34.
    International Working Group on Data Protection in Telecoms: Report and guidance on privacy in social network services. Rome Memorandum. 43rd Meeting, Rome, Italy (March 2008)Google Scholar
  35. 35.
    Mitrou, L., Karyda, M.: Employees’ privacy vs. employers’ security: Can they be balanced? Telematics and Informatics 23(3), 164–178 (2006)CrossRefGoogle Scholar
  36. 36.
    Fazekas, C.: 1984 is Still Fiction: Electronic Monitoring in the Workplace and US Privacy Law. Duke Law & Technology Review, 15 (2004)Google Scholar
  37. 37.
    Broughton, A., Higgins, T., Hicks, B., Cox, A.: Workplaces and Social Networking - The Implications for Employment Relations. Institute for Employment Studies, Brighton (2009)Google Scholar
  38. 38.
    Abril-Sánchez, P., Levin, A., Del Riego, A.: Blurred Boundaries: Social Media Privacy and the 21st Century Employee. American Business Law Journal 49(1), 63–124 (2012)CrossRefGoogle Scholar
  39. 39.
    Castells, M.: Communication Power. Oxford University Press (2009)Google Scholar
  40. 40.
    Dumortier, F.: Facebook and Risks of “De-contextualization” of Information. In: Gutwirth, S., et al. (eds.) Data Protection in a Profiled World, pp. 119–137 (2010)Google Scholar
  41. 41.
    Nissenbaum, H.: Privacy as Contextual Integrity. Washington Law Review 79, 119–157 (2004)Google Scholar
  42. 42.
    Davison, K., Maraist, C., Hamilton, R., Bing, M.: To Screen or Not to Screen? Using the Internet for Selection Decisions. Employ Response Rights 24, 1–21 (2012)CrossRefGoogle Scholar
  43. 43.
    Smith, W., Kidder, D.: You’ve been tagged (Then again, maybe not): Employers and Facebook. Business Horizons 53, 491–499 (2010)CrossRefGoogle Scholar
  44. 44.
    Slovensky, R., Ross, W.: Should human resource managers use social media to screen job applicants? Managerial and Legal Issues in the USA 14(1), 55–69 (2012)Google Scholar
  45. 45.
    Simitis, S.: Reconsidering the premises of labour law: Prolegomena to an EU regulation on the protection of employees’ personal data. European Law Journal 5, 45–62 (1999)CrossRefGoogle Scholar
  46. 46.
    Lasprogata, G., King, N., Pillay, S.: Regulation of electronic employee monitoring: Identifying fundamental principles of employee privacy through a comparative study of data privacy legislation in the European Union, US and Canada. Stanford Technology Law Review 4 (2004),
  47. 47.
    UK Information Commissioner: The Employment Practices Data Protection Code (2003)Google Scholar
  48. 48.
    Data Protection Working Party. Opinion 8/2001 on the processing of personal data in the employment context (5062/01/Final) (2001)Google Scholar
  49. 49.
    Gritzalis, D.: A digital seal solution for deploying trust on commercial transactions. Information Management & Computer Security Journal 9(2), 71–79 (2001)CrossRefGoogle Scholar
  50. 50.
    Lambrinoudakis, C., Gritzalis, D., Tsoumas, V., Karyda, M., Ikonomopoulos, S.: Secure Electronic Voting: The current landscape. In: Gritzalis, D. (ed.) Secure Electronic Voting, pp. 101–122. Springer (2003)Google Scholar
  51. 51.
    Marias, J., Dritsas, S., Theoharidou, M., Mallios, J., Gritzalis, D.: SIP vulnerabilities and antispit mechanisms assessment. In: Proc. of the 16th IEEE International Conference on Computer Communications and Networks, pp. 597–604. IEEE Press (2007)Google Scholar
  52. 52.
    Mitrou, L., Gritzalis, D., Katsikas, S., Quirchmayr, G.: Electronic voting: Constitutional and legal requirements, and their technical implications. In: Gritzalis, D. (ed.) Secure Electronic Voting, pp. 43–60. Springer (2003)Google Scholar
  53. 53.
    Spinellis, D., Gritzalis, S., Iliadis, J., Gritzalis, D., Katsikas, S.: Trusted Third Party services for deploying secure telemedical applications over the web. Computers & Security 18(7), 627–639 (1999)CrossRefGoogle Scholar
  54. 54.
    Mitrou, L., Karyda, M.: Bridging the gap between employee’s surveillance and privacy protection. In: Social and Human Elements of Information Security: Emerging Trends and Countermeasures, pp. 283–300. IGI Global, New York (2009)Google Scholar
  55. 55.
    Mitrou, L.: The Commodification of the Individual in the Internet Era: Informational Self-determination or “Self-alienation”? In: Proceedings of 8th International Conference on Computer Ethics Philosophical Enquiry, pp. 466–485. INSEIT, Athens (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Miltiadis Kandias
    • 1
  • Konstantina Galbogini
    • 1
  • Lilian Mitrou
    • 1
  • Dimitris Gritzalis
    • 1
  1. 1.Information Security & Critical Infrastructure Protection Research Laboratory, Dept. of InformaticsAthens University of Economics & BusinessAthensGreece

Personalised recommendations