Modeling Human Behavior to Anticipate Insider Attacks

The insider threat ranks among the most pressing cyber-security challenges that threaten government and industry information infrastructures. To date, no systematic methods have been developed that provide a complete and effective approach to prevent data leakage, espionage, and sabotage. Current practice is forensic in nature, relegating to the analyst the bulk of the responsibility to monitor, analyze, and correlate an overwhelming amount of data. We describe a predictive modeling framework that integrates a diverse set of data sources from the cyber domain, as well as inferred psychological/motivational factors that may underlie malicious insider exploits. This comprehensive threat assessment approach provides automated support for the detection of high-risk behavioral "triggers" to help focus the analyst's attention and inform the analysis. Designed to be domain-independent, the system may be applied to many different threat and warning analysis/sense-making problems.

[1]  Goldberg,et al.  Genetic algorithms , 1993, Robust Control Systems with Genetic Algorithms.

[2]  Agnar Aamodt,et al.  Case-Based Reasoning: Foundational Issues, Methodological Variations, and System Approaches , 1994, AI Commun..

[3]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[4]  E. Trist,et al.  Towards a Social Ecology: Contextual Appreciation of the Future in the Present , 1973 .

[5]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[6]  G. Klein,et al.  A recognition-primed decision (RPD) model of rapid decision making. , 1993 .

[7]  Daniele Nardi,et al.  An Introduction to Description Logics , 2003, Description Logic Handbook.

[8]  George Lawton,et al.  New Technology Prevents Data Leakage , 2008, Computer.

[9]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[10]  Deborah A. Frincke,et al.  Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation , 2010, Insider Threats in Cyber Security.

[11]  Ian D. Watson,et al.  An Introduction to Case-Based Reasoning , 1995, UK Workshop on Case-Based Reasoning.

[12]  Deborah A. Frincke,et al.  Social/Ethical Issues in Predictive Insider Threat Monitoring , 2011 .

[13]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector , 2005 .

[14]  Diego Calvanese,et al.  The Description Logic Handbook , 2007 .

[15]  Dawn M. Cappelli,et al.  Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis , 2006 .

[16]  Steven Bogaerts IUCBRF : A Framework For Rapid And Modular Case-Based Reasoning System Development Report Version 1 . 0 , 2001 .

[17]  E. Cole,et al.  Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft , 2005 .

[18]  Ian Horrocks,et al.  OWL Web Ontology Language Reference-W3C Recommen-dation , 2004 .

[19]  David E. Goldberg,et al.  Genetic Algorithms in Search Optimization and Machine Learning , 1988 .

[20]  H. Rittel,et al.  Dilemmas in a general theory of planning , 1973 .

[21]  Gary Klein,et al.  Streetlights and Shadows: Searching for the Keys to Adaptive Decision Making , 2009 .

[22]  Shahram Rahimi,et al.  Soft computing in intrusion detection: the state of the art , 2010, J. Ambient Intell. Humaniz. Comput..

[23]  Terry M. Gudaitis,et al.  The Missing Link in Information Security: Three Dimensional Profiling , 1998, Cyberpsychology Behav. Soc. Netw..