Insider Threat Behavior Factors: A Comparison of Theory with Reported Incidents

Munshi, Asmaa; Dell, Peter; Armstrong, H. L.

doi:10.1109/hicss.2012.326

Cited by 18 publications

(9 citation statements)

References 32 publications

(55 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…7 Motivated in part by known behavioral methods of assessing trustworthiness [Munshi et al 2012], we assume that both the project manager and her adversary know the distribution of a random variable representing the trustworthiness of each 7 The game was first introduced in a conference version of this research [Laszka et al 2013]. employee.…”

Section: Discussion and Concluding Remarksmentioning

confidence: 99%

Secure Team Composition to Thwart Insider Threats and Cyber-Espionage

Lászka

Johnson

Schöttle

et al. 2014

ACM Trans. Internet Technol.

View full text Add to dashboard Cite

We develop a formal nondeterministic game model for secure team composition to counter cyber-espionage and to protect organizational secrets against an attacker who tries to sidestep technical security mechanisms by offering a bribe to a project team member. The game captures the adversarial interaction between the attacker and the project manager who has a secret she wants to protect but must share with a team of individuals selected from within her organization. Our interdisciplinary work is important in the face of the multipronged approaches utilized by well-motivated attackers to circumvent the fortifications of otherwise well-defended targets.

show abstract

Section: Discussion and Concluding Remarksmentioning

confidence: 99%

Secure Team Composition to Thwart Insider Threats and Cyber-Espionage

Lászka

Johnson

Schöttle

et al. 2014

ACM Trans. Internet Technol.

View full text Add to dashboard Cite

show abstract

“…Politik motivasyonlar devlete veya kuruma zarar verme, terör yaratma, başka devlet veya şirket adına casusluk yapma gibi amaçları içerir. Kişisel motivasyonlar ise saldırganların şahsi hırsları, bilgi elde etme isteği veya hakkının yendiğini düşünüp intikam alma isteği gibi nedenlerdir [14]. İç saldırganın sahip olabileceği motivasyonlar Şekil 2'de gösterilmiştir.…”

Section: Kurum İçi Saldırının Unsurları Ve Veri Sızdırma Yöntemleri (Elements Of Insider Attacks and Data Leakage Methods)unclassified

Kurum İçi Saldırıların Tespiti ve Önlenmesi için Sunucu İzleme Uygulaması

Ulus

Demirci

2018

Gazi Üniversitesi Fen Bilimleri Dergisi Part C: Tasarım Ve Teknoloji

View full text Add to dashboard Cite

Although insider attacks have increased rapidly in recent years and cause enormous damages, there are very few academic studies that have investigated this problem and proposed a solution. Many of these attacks are kept private for reasons such as loss of prestige and advantage of competing companies. The main difference between insider attacks and external attacks is that in the former case, attackers are authorized users in the organization. This causes countermeasures against external attacks to be useless and facilitates the exploitation of weaknesses. In the detection of insider attacks, all unusual events need to be scrutinized. Therefore, risk assessment should be done first to determine vulnerabilities against insider attacks and necessary precautions should be taken in this direction. In this study, general insider attack features and past attacks were investigated, and a server monitoring application was developed to detect suspicious activities. Organizations using this system will be informed about their level of risk, and improve their level of preparation and ability to identify potential attackers by analyzing the collected data.

show abstract

“…These scenario-based detectors are then used in clustering algorithms to sort emails into classes (Young et al, 2014). According to various authors, there are three main types of insider threats, namely, insider it sabotage, insider intellectual property theft and insider fraud (Spooner et al, 2018;Claycomb et al, 2013;Cappelli et al, 2012;Munshi et al, 2012). Spooner et al (2018) used observable behaviours of the main insider threat types and studied various approaches to detect threats in organizations.…”

Section: Background and Related Workmentioning

confidence: 99%

Discovering “Insider IT Sabotage” based on human behaviour

Michael

Eloff

2020

ICS

View full text Add to dashboard Cite

Purpose Malicious activities conducted by disgruntled employees via an email platform can cause profound damage to an organization such as financial and reputational losses. This threat is known as an “Insider IT Sabotage” threat. This involves employees misusing their access rights to harm the organization. Events leading up to the attack are not technical but rather behavioural. The problem is that owing to the high volume and complexity of emails, the risk of insider IT sabotage cannot be diminished with rule-based approaches. Design/methodology/approach Malicious human behaviours that insiders within the insider IT sabotage category would possess are studied and mapped to phrases that would appear in email communications. A large email data set is classified according to behavioural characteristics of these employees. Machine learning algorithms are used to identify occurrences of this insider threat type. The accuracy of these approaches is measured. Findings It is shown in this paper that suspicious behaviour of disgruntled employees can be discovered, by means of machine intelligence techniques. The output of the machine learning classifier depends mainly on the depth and quality of the phrases and behaviour analysis, cleansing and number of email attributes examined. This process of labelling content in isolation could be improved if other attributes of the email data are included, such that a confidence score can be computed for each user. Originality/value This research presents a novel approach to show that the creation of a prototype that can automate the detection of insider IT sabotage within email systems to mitigate the risk within organizations.

show abstract

Insider Threat Behavior Factors: A Comparison of Theory with Reported Incidents

Cited by 18 publications

References 32 publications

Secure Team Composition to Thwart Insider Threats and Cyber-Espionage

Secure Team Composition to Thwart Insider Threats and Cyber-Espionage

Kurum İçi Saldırıların Tespiti ve Önlenmesi için Sunucu İzleme Uygulaması

Discovering “Insider IT Sabotage” based on human behaviour

Contact Info

Product

Resources

About