Insider Threat Risk Prediction based on Bayesian Network

Elmrabit, Nebrase; Yang, Shuang; Yang, Lili; Zhou, Huiyu

doi:10.1016/j.cose.2020.101908

Cited by 22 publications

(19 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Data mining algorithms have been used to detect intrusions for Smart grids [23], and the use of Ramdom Forest for intrusion classification is also extensive [24]. Finally, Bayesian networks have been used to predict the risk of internal attacks [25], as well as to detect anomalies for IoT technology [26].…”

Section: Related Workmentioning

confidence: 99%

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

et al. 2021

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

et al. 2021

View full text Add to dashboard Cite

“…BNs are used for developing medical decision support systems (Curiac et al 2009;Kahn et al 2001;Kahn Jr et al 1997;Luciani et al 2003;Milho and Fred 2001;Onisko et al 1999). Furthermore, BNs are also used in fault diagnosis (Cai et al 2014;Huang et al 2008;Zhao et al 2013), cyber security (Alile 2018; Apukhtin 2011; Axelrad et al 2013;Elmrabit et al 2020;Greitzer et al 2010;Greitzer et al 2012;Herland et al 2016;Holm et al 2015;Ibrahimović and Bajgorić 2016;Kornecki et al 2013;Kwan et al 2009;Kwan et al 2008;Mo et al 2009;Pappaterra 2021;Pecchia et al 2011;Shin et al 2015;Wang and Guo 2010;Zhou et al 2018).…”

Section: Related Workmentioning

confidence: 99%

“…ICSs were originally designed for isolated environments (Effendi and Davis 2015). Such systems were mainly susceptible to technical failures.…”

Section: Introductionmentioning

confidence: 99%

Bayesian network model to distinguish between intentional attacks and accidental technical failures: a case study of floodgates

et al. 2021

View full text Add to dashboard Cite

Water management infrastructures such as floodgates are critical and increasingly operated by Industrial Control Systems (ICS). These systems are becoming more connected to the internet, either directly or through the corporate networks. This makes them vulnerable to cyber-attacks. Abnormal behaviour in floodgates operated by ICS could be caused by both (intentional) attacks and (accidental) technical failures. When operators notice abnormal behaviour, they should be able to distinguish between those two causes to take appropriate measures, because for example replacing a sensor in case of intentional incorrect sensor measurements would be ineffective and would not block corresponding the attack vector. In the previous work, we developed the attack-failure distinguisher framework for constructing Bayesian Network (BN) models to enable operators to distinguish between those two causes, including the knowledge elicitation method to construct the directed acyclic graph and conditional probability tables of BN models. As a full case study of the attack-failure distinguisher framework, this paper presents a BN model constructed to distinguish between attacks and technical failures for the problem of incorrect sensor measurements in floodgates, addressing the problem of floodgate operators. We utilised experts who associate themselves with the safety and/or security community to construct the BN model and validate the qualitative part of constructed BN model. The constructed BN model is usable in water management infrastructures to distinguish between intentional attacks and accidental technical failures in case of incorrect sensor measurements. This could help to decide on appropriate response strategies and avoid further complications in case of incorrect sensor measurements.

show abstract

“…It also informs that insider attacks are one of the most difficult to detect and that is what most of the organizations feel. Since the insider attacks are not easy to detect and most of the organizations feel vulnerable to it, it has become one of the major challenges for the organization 2‐5 …”

Section: Introductionmentioning

confidence: 99%

“…Since the insider attacks are not easy to detect and most of the organizations feel vulnerable to it, it has become one of the major challenges for the organization. [2][3][4][5] With the advancement in cryptographic technique, the block-chain was first introduced in a crypto-currency framework such as Bit-coin. 6 In last decade, block-chain-based framework plans have progressed significantly, and found effective in different de-centralized applications.…”

Section: Introductionmentioning

confidence: 99%

Event‐driven data alteration detection using block‐chain

Srivastava

Mohit

Kumar

et al. 2021

Security and Privacy

View full text Add to dashboard Cite

With the rapid development of Internet and Internet‐based applications, accessing of the file become easy from various locations at the same time around the globe, however, maintaining of data integrity turn into a challenging issue. In order to maintain a data integrity in a large database(s), database file is being kept to secure with the presence of control policies and firewalls, which basically limit the outside users with more strict control policies. Despite these control policies, there still lies a threat to the security of the data through an insider attack. An insider attack refers to someone who is a part of the organization and can have access to the resources (network, system, etc.) with inside knowledge of the system or knows the administrative rights, and thus interferes with the data, now become one of the most critical challenging issues for the organization as such attacks are hard to notice. An insider attacker is more crucial to the organization as they can perform espionage, embezzlement, theft of the intellectual property, disclosing of the research, and development being carried out in the organization, and sabotage. Therefore, to highlight this, an Event‐Driven Data Alteration Detection technique using the tamper resistance property of Block‐chain technology is being presented in this paper. The model has been tested and found that if any unauthorized alteration in the database is being made then it can be detected using the Block‐chain Database API. To make it robust to insider attacks we have implemented and tested the model on a web‐based application. A machine learning based technique will be considered for detection in the future scope of this paper. The results obtained after experiments show the performance of the proposed architecture and the comparison outcome shows that the proposed architecture is better than related models.

show abstract

Insider Threat Risk Prediction based on Bayesian Network

Cited by 22 publications

References 43 publications

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

Intrusion Detection System Based on Integrated System Calls Graph and Neural Networks

Bayesian network model to distinguish between intentional attacks and accidental technical failures: a case study of floodgates

Event‐driven data alteration detection using block‐chain

Contact Info

Product

Resources

About