A Preliminary Model of Insider Theft of Intellectual Property

Moore, Andrew P.; Cappelli, Dawn M.; Caron, Thomas C.; Shaw, Eric; Spooner, Derrick; Trzeciak, Randall F.

doi:10.21236/ada589594

Cited by 40 publications

(39 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are several key features of this type of attack. First, the target tends to be product information, proprietary software and source code (these are clear targets in CMU-CERT studies [12]). Also, attacks appear more likely to be conducted by technical personnel (e.g., scientists and engineers) [6] and using technical means (54% of insiders used either email, remote access channel or network file transfer [11]) rather than physical theft of prototypes, for example.…”

Section: Types Of Insider Threatmentioning

confidence: 99%

“…Also, attacks appear more likely to be conducted by technical personnel (e.g., scientists and engineers) [6] and using technical means (54% of insiders used either email, remote access channel or network file transfer [11]) rather than physical theft of prototypes, for example. Finally, a majority of these thefts are committed by employees with legitimate access to the stolen IP; almost 75% stole material they had authorized access to [12]. Although 75% is a strong statistic and it is therefore very tempting to monitor only these individuals for this attack, yet as other articles have highlighted (e.g., the case of the foreign national who stole Ford secrets worth in excess of $50 million [13]), insiders with no legitimate access are also causing a great deal of harm.…”

Section: Types Of Insider Threatmentioning

confidence: 99%

“…Turner and Gelles [20], for instance, believe the following types of behavioural indicators need to be considered when examining insider risk: selfcentredness, arrogance, risk-taking, manipulativeness, coldness, self-deception and defensiveness. Others have suggested that insider threats score high on the personality traits that make up the 'Dark triad': narcissism, Machiavellianism and psychopathy [11,12,14,20]. The UK's Centre for the Protection of National Infrastructure (CPNI) have identified a number of other personality characteristics they believe are typical of an insider, including: immaturity, low self-esteem, amoral and unethical perspective, superficiality, proneness to fantasy, restlessness and impulsivity, and lack of conscientiousness [21].…”

Section: The Psychology Of the Insidermentioning

confidence: 99%

See 2 more Smart Citations

A Critical Reflection on the Threat from Human Insiders – Its Nature, Industry Perceptions, and Detection Approaches

Nurse

Legg

Buckley

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Organisations today operate in a world fraught with threats, including "script kiddies", hackers, hacktivists and advanced persistent threats. Although these threats can be harmful to an enterprise, a potentially more devastating and anecdotally more likely threat is that of the malicious insider. These trusted individuals have access to valuable company systems and data, and are well placed to undermine security measures and to attack their employers. In this paper, we engage in a critical reflection on the insider threat in order to better understand the nature of attacks, associated human factors, perceptions of threats, and detection approaches. We differentiate our work from other contributions by moving away from a purely academic perspective, and instead focus on distilling industrial reports (i.e., those that capture practitioners' experiences and feedback) and case studies in order to truly appreciate how insider attacks occur in practice and how viable preventative solutions may be developed.

show abstract

Section: Types Of Insider Threatmentioning

confidence: 99%

Section: Types Of Insider Threatmentioning

confidence: 99%

Section: The Psychology Of the Insidermentioning

confidence: 99%

See 1 more Smart Citation

A Critical Reflection on the Threat from Human Insiders – Its Nature, Industry Perceptions, and Detection Approaches

Nurse

Legg

Buckley

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…We believe that there is a single distinguishing characteristic in many of these cases: as a preparation to exfiltrating data, insiders will collect it on a single system, typically a workstation under their control [2]. As such, the storage profile of this workstation changes in significant ways.…”

Section: Introductionmentioning

confidence: 99%

Detecting threatening insiders with lightweight media forensics

Garfinkel¹,

Beebe

Liu

et al. 2013

2013 IEEE International Conference on Technologies for Homeland Security (HST)

View full text Add to dashboard Cite

Abstract-This research uses machine learning and outlier analysis to detect potentially hostile insiders through the automated analysis of stored data on cell phones, laptops, and desktop computers belonging to members of an organization. Whereas other systems look for specific signatures associated with hostile insider activity, our system is based on the creation of a "storage profile" for each user and then an automated analysis of all the storage profiles in the organization, with the purpose of finding storage outliers. Our hypothesis is that malicious insiders will have specific data and concentrations of data that differ from their colleagues and coworkers. By exploiting these differences, we can identify potentially hostile insiders.Our system is based on a combination of existing open source computer forensic tools and datamining algorithms. We modify these tools to perform a "lightweight" analysis based on statistical sampling over time. In this, our approach is both efficient and privacy sensitive. As a result, we can detect not just individuals that differ from their co-workers, but also insiders that differ from their historic norms. Accordingly, we should be able to detect insiders that have been "turned" by events or outside organizations. We should also be able to detect insider accounts that have been taken over by outsiders.Our project, now in its first year, is a three-year project funded by the Department of Homeland Security, Science and Technology Directorate, Cyber Security Division. In this paper we describe the underlying approach and demonstrate how the storage profile is created and collected using specially modified open source tools. We also present the results of running these tools on a 500GB corpus of simulated insider threat data created by the Naval Postgraduate School in 2008 under grant from the National Science Foundation.

show abstract

“…Here feedback encryption is an encryption technique, in which a computational result of an encryption round R is fed back to the encryption mechanism for the next encryption round, i.e., Round R+1, as a part of (R+1)'s inputs, thereby increasing the unpredictability of ciphertext. The three-dimensional operation, referring to three different computations, includes an addition (+) [8,9], exclusive-or (⊕), and exclusive-and (⊙), when encrypting a plaintext block. The purpose is to increase the encryption complexity so as to reduce the probability of cracking the encryption process by hackers.…”

Section: Introductionmentioning

confidence: 99%

A Secure Data Encryption Method by Employing a Feedback Encryption Mechanism and Three-Dimensional Operation

Huang¹,

Leu²,

Dai³

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Currently, electronic documents are commonly exchanged between/among government offices in many countries. When a government office would like to transmit a high-security-level-electronic document to another office, the sending end officer needs to encrypt it so as to protect the document from being known to hackers. AES and DES have been commonly and widely invoked to protect documents in recent years. However, the two algorithms have so far faced the threats of Brute-Force cracks. To avoid the threats, in this study, we proposed a new data encryption approach, called the Secure Data Encryption Method (SeDEM for short), in which plaintext and system keys are encrypted by using a sequential-logic style encryption approach which further employs a three-dimensional operation and a feedback encryption mechanism to effectively protect encrypted data from brute-force and cryptanalysis attacks. The feedback encryption mechanism is a feedback process in which each of its calculation iteration generates three internally-used dynamic feedback keys for the next calculation iteration. The purpose is to effectively improve the security level and unpredictability of generated ciphertext. The three-dimensional operation is employed to further increase the computational complexity of the encryption technique so as to enhance the security level of the ciphertext, and difficulty of cracking the keys.

show abstract

A Preliminary Model of Insider Theft of Intellectual Property

Cited by 40 publications

References 12 publications

A Critical Reflection on the Threat from Human Insiders – Its Nature, Industry Perceptions, and Detection Approaches

A Critical Reflection on the Threat from Human Insiders – Its Nature, Industry Perceptions, and Detection Approaches

Detecting threatening insiders with lightweight media forensics

A Secure Data Encryption Method by Employing a Feedback Encryption Mechanism and Three-Dimensional Operation

Contact Info

Product

Resources

About