Navigating the Insider Threat Tool Landscape: Low Cost Technical Solutions to Jump Start an Insider Threat Program

Spooner, Derrick; Silowash, George J; Costa, Daniel L.; Albrethsen, Michael J

doi:10.1109/spw.2018.00040

Cited by 12 publications

(8 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Insider threats are mostly a deliberate, calculated and malicious breach of the system and its security, often carried out by persons with legitimate access who are usually authorized and trusted within the organization's basic and perimeter security. 25,29,30,[73][74][75][76] The impact of this could lead to significant harm or loss to the confidentiality, integrity, or availability (CIA) of the affected organizational system and its data. 26,75 Consequently, no IoT system has guaranteed security from attacks by insiders.…”

Section: Modeling Iot Insider Threatsmentioning

confidence: 99%

Edge‐based blockchain enabled anomaly detection for insider attack prevention in Internet of Things

Tukur

Thakker

Awan

2020

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Internet of Things (IoT) platforms are responsible for overall data processing in the IoT System. This ranges from analytics and big data processing to gathering all sensor data over time to analyze and produce long-term trends. However, this comes with prohibitively high demand for resources such as memory, computing power and bandwidth, which the highly resource constrained IoT devices lack to send data to the platforms to achieve efficient operations. This results in poor availability and risk of data loss due to single point of failure should the cloud platforms suffer attacks. The integrity of the data can also be compromised by an insider, such as a malicious system administrator, without leaving traces of their actions. To address these issues, we propose in this work an edge-based blockchain enabled anomaly detection technique to prevent insider attacks in IoT. The technique first employs the power of edge computing to reduce the latency and bandwidth requirements by taking processing closer to the IoT nodes, hence improving availability, and avoiding single point of failure. It then leverages some aspect of sequence-based anomaly detection, while integrating distributed edge with blockchain that offers smart contracts to perform detection and correction of abnormalities in incoming sensor data. Evaluation of our technique using real IoT system datasets showed that the technique remarkably achieved the intended purpose, while ensuring integrity and availability of the data which is critical to IoT success.

show abstract

Section: Modeling Iot Insider Threatsmentioning

confidence: 99%

Edge‐based blockchain enabled anomaly detection for insider attack prevention in Internet of Things

Tukur

Thakker

Awan

2020

Trans Emerging Tel Tech

View full text Add to dashboard Cite

show abstract

“…The insider threat has always been one of the most serious challenges to cybersecurity [ 5 , 6 ]. The attacker has legal access to the internal network system [ 7 ]. Furthermore, they possibly have a good understanding of the system’s security policies and means and thus can easily bypass the system’s security facilities [ 8 ].…”

Section: Background and Related Workmentioning

confidence: 99%

Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats

Xin

Liu

et al. 2020

Sensors

View full text Add to dashboard Cite

The insider threats have always been one of the most severe challenges to cybersecurity. It can lead to the destruction of the organisation’s internal network system and information leakage, which seriously threaten the confidentiality, integrity and availability of data. To make matters worse, since the attacker has authorized access to the internal network, they can launch the attack from the inside and erase their attack trace, which makes it challenging to track and forensics. A blockchain traceability system for insider threats is proposed in this paper to mitigate the issue. First, this paper constructs an insider threat model of the internal network from a different perspective: insider attack forensics and prevent insider attacker from escaping. Then, we analyze why it is difficult to track attackers and obtain evidence when an insider threat has occurred. After that, the blockchain traceability system is designed in terms of data structure, transaction structure, block structure, consensus algorithm, data storage algorithm, and query algorithm, while using differential privacy to protect user privacy. We deployed this blockchain traceability system and conducted experiments, and the results show that it can achieve the goal of mitigating insider threats.

show abstract

“…These scenario-based detectors are then used in clustering algorithms to sort emails into classes (Young et al, 2014). According to various authors, there are three main types of insider threats, namely, insider it sabotage, insider intellectual property theft and insider fraud (Spooner et al, 2018;Claycomb et al, 2013;Cappelli et al, 2012;Munshi et al, 2012). Spooner et al (2018) used observable behaviours of the main insider threat types and studied various approaches to detect threats in organizations.…”

Section: Background and Related Workmentioning

confidence: 99%

“…According to various authors, there are three main types of insider threats, namely, insider it sabotage, insider intellectual property theft and insider fraud (Spooner et al, 2018;Claycomb et al, 2013;Cappelli et al, 2012;Munshi et al, 2012). Spooner et al (2018) used observable behaviours of the main insider threat types and studied various approaches to detect threats in organizations. For example, user activity monitoring was found as a means to examinine emails and find evidence related to employee disgruntlement (Spooner et al, 2018).…”

Section: Background and Related Workmentioning

confidence: 99%

“…Spooner et al (2018) used observable behaviours of the main insider threat types and studied various approaches to detect threats in organizations. For example, user activity monitoring was found as a means to examinine emails and find evidence related to employee disgruntlement (Spooner et al, 2018). The focus of this work will be the category insider IT sabotage to restrict the results and because the harm caused by sabotage involves both technical and physical security layers (Claycomb et al, 2013).…”

Section: Background and Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Discovering “Insider IT Sabotage” based on human behaviour

Michael

Eloff

2020

ICS

View full text Add to dashboard Cite

Purpose Malicious activities conducted by disgruntled employees via an email platform can cause profound damage to an organization such as financial and reputational losses. This threat is known as an “Insider IT Sabotage” threat. This involves employees misusing their access rights to harm the organization. Events leading up to the attack are not technical but rather behavioural. The problem is that owing to the high volume and complexity of emails, the risk of insider IT sabotage cannot be diminished with rule-based approaches. Design/methodology/approach Malicious human behaviours that insiders within the insider IT sabotage category would possess are studied and mapped to phrases that would appear in email communications. A large email data set is classified according to behavioural characteristics of these employees. Machine learning algorithms are used to identify occurrences of this insider threat type. The accuracy of these approaches is measured. Findings It is shown in this paper that suspicious behaviour of disgruntled employees can be discovered, by means of machine intelligence techniques. The output of the machine learning classifier depends mainly on the depth and quality of the phrases and behaviour analysis, cleansing and number of email attributes examined. This process of labelling content in isolation could be improved if other attributes of the email data are included, such that a confidence score can be computed for each user. Originality/value This research presents a novel approach to show that the creation of a prototype that can automate the detection of insider IT sabotage within email systems to mitigate the risk within organizations.

show abstract

Navigating the Insider Threat Tool Landscape: Low Cost Technical Solutions to Jump Start an Insider Threat Program

Cited by 12 publications

References 4 publications

Edge‐based blockchain enabled anomaly detection for insider attack prevention in Internet of Things

Edge‐based blockchain enabled anomaly detection for insider attack prevention in Internet of Things

Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats

Discovering “Insider IT Sabotage” based on human behaviour

Contact Info

Product

Resources

About