Elise T. Axelrad scite author profile

Brdiczka

et al. 2013

This paper introduces a Bayesian network model for the motivation and psychology of the malicious insider. First, an initial model was developed based on results in the research literature, highlighting critical variables for the prediction of degree of interest in a potentially malicious insider. Second, a survey was conducted to measure these predictive variables in a common sample of normal participants. Third, a structural equation model was constructed based on the original model, updated based on a split-half sample of the empirical survey data and validated against the other half of the dataset. Fourth, the Bayesian network was adjusted in light of the results of the empirical analysis. Fifth, the updated model was used to develop an upper bound on the quality of model predictions of its own simulated data. When empirical data regarding psychological predictors were input to the model, predictions of counterproductive behavior approached the upper bound of model predictiveness.

show abstract

Using dynamic models to support inferences of insider threat risk

Comput Math Organ Theory

2016

Inference enterprise models: An approach to organizational performance improvement

Buede

Brown

et al. 2018

WIREs Data Min & Knowl

intrusions based on the level and specific characteristics of network traffic. Similarly, an airport security organization infers the risk associated with a passenger by gathering and processing information about the passenger and his or her luggage. Policy organizations may also contain IEs to estimate the cost and effectiveness of policy changes. Finally, the underwriting group of a financial organization is an IE that predicts the likelihood that a borrower will repay a loan. In all of these cases, the IE might be interested in evaluating how well it is performing, or how its performance might change if it modified its procedures or obtained additional information. An inference enterprise model (IEM) is a tool for conducting this evaluation.An IEM is a model that uses information about the data collected by an IE, the kinds of inferences it makes, and the processes it uses to make them, to predict the performance of the IE. In this paper, we are specifically concerned with predicting the accuracy of inferences. A variety of accuracy measures might be used, depending on the types of variables about which the IE makes inferences, and on the relative impact of different types of inference errors. Usually there will be uncertainty in the predictions, so that the IEM will predict a distribution of accuracy scores. In addition, the predictions of the IEM can be assessed with several metrics addressing the central tendency and variance of the prediction.Although an IEM can be developed to assess the performance of any of a wide variety of IEs, this paper describes research to develop IEMs evaluating IEs that identify potentially threatening insiders based upon their behavior using an organization's internal information network. This domain is characterized by low probability events, low validity indicators, and incomplete information that must be augmented with elicited judgments from subject matter experts (SMEs).This research was performed as part of a competitive research program funded by the Intelligence Advanced Research Projects Agency (IARPA) that was titled as the Scientific advances to Continuous Insider Threat Evaluation (SCITE). As part of this IARPA SCITE research effort, three competing teams were given IEM challenge problems (CPs) on insider threat-related topics. IARPA selected an independent support contractor that performed three key functions within the SCITE competitive research program: (a) develop and distribute the CPs, (b) develop a baseline IEM used to generate independent estimates of the answers to CP questions and to benchmark the performance of competing teams on each CP, and (c) using specified evaluation measures, evaluate the performance of competing teams relative to either the ground truth or an independent estimate of the ground truth based on the independent support contractor's expert judgment if no ground truth was available. The competitors were given aggregated data or summary statistics for a population of individuals, within which there were individuals that exhibited behavio...

show abstract

Conversational Non-Player Characters for Virtual Training

Buede

2016

Simulating Organizational Data from Redacted Input for Inference Enterprise Modeling

Diaz

Axelrad³

et al. 2021

Digital Threats