Eye Tracking Metrics for Insider Threat Detection in a Simulated Work Environment

Insider Threats (ITs) are hard to identify because of their knowledge of the organization and motivation to avoid detection. One approach to detecting ITs utilizes Active Indicators (AI), stimuli that elicit a characteristic response from the insider. The present research implemented this approach within a simulation of financial investigative work. A sequence of AIs associated with accessing a locked file was introduced into an ongoing workflow. Participants allocated to an insider role accessed the file illicitly. Eye tracking metrics were used to differentiate insiders and control participants performing legitimate role. Data suggested that ITs may show responses suggestive of strategic concealment of interest and emotional stress. Such findings may provide the basis for a cognitive engineering approach to IT detection.

[1]  Lina Zhou,et al.  Eye Gazing Behaviors in Online Deception , 2013, AMCIS.

[2]  Lauren Reinerman-Jones,et al.  Developing an Insider Threat Training Environment , 2016 .

[3]  Jay F. Nunamaker,et al.  Autonomous Scientifically Controlled Screening Systems for Detecting Information Purposely Concealed by Individuals , 2014, J. Manag. Inf. Syst..

[4]  Aldert Vrij,et al.  Eliciting information and detecting lies in intelligence interviewing: an overview of recent research , 2014 .

[5]  Jacques Ophoff,et al.  A Descriptive Literature Review and Classification of Insider Threat Research , 2014 .

[6]  Bruno Verschuere,et al.  Memory detection: theory and application of the concealed information test , 2011 .

[7]  Manolis Tsiknakis,et al.  Stress and anxiety detection using facial cues from videos , 2017, Biomed. Signal Process. Control..

[8]  Christian W. Probst,et al.  Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[9]  J. Staab,et al.  The influence of anxiety on ocular motor control and gaze. , 2014, Current opinion in neurology.

[10]  R. Schleicher,et al.  Blinks and saccades as indicators of fatigue in sleepiness warners: looking tired? , 2022 .

[11]  J Peter Rosenfeld,et al.  A mock terrorism application of the P300-based concealed information test. , 2011, Psychophysiology.

[12]  Sadie Creese,et al.  Understanding Insider Threat: A Framework for Characterising Attacks , 2014, 2014 IEEE Security and Privacy Workshops.

[13]  M. Zuckerman Verbal and nonverbal communication of deception , 1981 .

[14]  Douglas J. Hacker,et al.  Lyin' eyes: ocular-motor measures of reading reveal deception. , 2012, Journal of experimental psychology. Applied.