Modeling Human Behavior to Anticipate Insider Attacks

Greitzer, Frank L.; Hohimer, Ryan E.

doi:10.5038/1944-0472.4.2.2

Cited by 82 publications

(69 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Greitzer et al [30,31] discuss the use of psychological factors for identifying potential insider threats. They propose a Bayesian Network model that consists of a variety of binary observable behaviours (e.g., engagement, accepting criticism, confrontation, performance, stress, absenteeism).…”

Section: State Of the Art In Researchmentioning

confidence: 99%

A Critical Reflection on the Threat from Human Insiders – Its Nature, Industry Perceptions, and Detection Approaches

Nurse

Legg

Buckley

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Organisations today operate in a world fraught with threats, including "script kiddies", hackers, hacktivists and advanced persistent threats. Although these threats can be harmful to an enterprise, a potentially more devastating and anecdotally more likely threat is that of the malicious insider. These trusted individuals have access to valuable company systems and data, and are well placed to undermine security measures and to attack their employers. In this paper, we engage in a critical reflection on the insider threat in order to better understand the nature of attacks, associated human factors, perceptions of threats, and detection approaches. We differentiate our work from other contributions by moving away from a purely academic perspective, and instead focus on distilling industrial reports (i.e., those that capture practitioners' experiences and feedback) and case studies in order to truly appreciate how insider attacks occur in practice and how viable preventative solutions may be developed.

show abstract

Section: State Of the Art In Researchmentioning

confidence: 99%

A Critical Reflection on the Threat from Human Insiders – Its Nature, Industry Perceptions, and Detection Approaches

Nurse

Legg

Buckley

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…For example, when the logs history show the user login into system with abnormal from actual, the user profiling method can be used to observe user behaviour and forecast possible threats. Greitzer and Hohimer [40] added that incorporating psychosocial (mental problem, espionage, disgruntlement) data along with cyber data (user behaviour activities) into the behavioural analysis that offers an additional dimension to assess potential threats.…”

Section: Mitigation Strategies For Information Leakagementioning

confidence: 99%

Mitigation Strategies for Unintentional Insider Threats on Information Leaks

Ismail¹,

Yusof²

2018

IJSIA

View full text Add to dashboard Cite

show abstract

“…The topic of an insider's psychology has received substantial research and practitioner emphasis over the last few years (e.g., [3,19,31]), after being somewhat overlooked in early enterprise-security work. Based on our research into these articles and the collected case data, we identify eight elements that may be especially useful in modelling and analysing this aspect of insider threats.…”

Section: A Understanding the Propensity To Attackmentioning

confidence: 99%

Identifying attack patterns for insider threat detection

Agrafiotis¹,

Nurse²,

Buckley³

et al. 2015

Computer Fraud & Security

View full text Add to dashboard Cite

Abstract-The threat that insiders pose to businesses, institutions and governmental organisations continues to be of serious concern. Recent industry surveys and academic literature provide unequivocal evidence to support the significance of this threat and its prevalence. Despite this, however, there is still no unifying framework to fully characterise insider attacks and to facilitate an understanding of the problem, its many components and how they all fit together. In this paper, we focus on this challenge and put forward a grounded framework for understanding and reflecting on the threat that insiders pose. Specifically, we propose a novel conceptualisation that is heavily grounded in insiderthreat case studies, existing literature and relevant psychology theory. The framework identifies several key elements within the problem space, concentrating not only on noteworthy events and indicators -technical and behavioural -of potential attacks, but also on attackers (e.g., the motivation behind malicious threats and the human factors related to benign ones), and on the range of attacks being witnessed. The real value of our framework is in its emphasis on bringing together and clearly defining the various aspects of insider threat, all based on real-world cases and pertinent literature. This can therefore act as a platform for general understanding of the threat, and also for reflection, modelling past attacks and looking for useful patterns.

show abstract

Modeling Human Behavior to Anticipate Insider Attacks

Cited by 82 publications

References 15 publications

A Critical Reflection on the Threat from Human Insiders – Its Nature, Industry Perceptions, and Detection Approaches

A Critical Reflection on the Threat from Human Insiders – Its Nature, Industry Perceptions, and Detection Approaches

Mitigation Strategies for Unintentional Insider Threats on Information Leaks

Identifying attack patterns for insider threat detection

Contact Info

Product

Resources

About