A new taxonomy of insider threats: an initial step in understanding authorised attack

Insider threat represents one of the greatest challenges in the cyber security world. Insider attackers have more privileged and legitimate access to the information and facilities, compared to the outsider attackers. In fact, insider attacker has more accessibilities and higher potential to bring huge damage to the organisation. However, the behaviour of the insider attacker generates many questions to ponder before a new taxonomy is created. Therefore, the main objective of this paper is two-fold: a) to classify the insider threat for better understanding; b) propose a new taxonomy for insider threat with terminologies. To obtain the objective, the process starts with collecting and classifying the evident. Then, this study presents a hybrid insider threat classification based on combining insider threat access, motivation, indicator, types and actions, profile categorisation, methods, and detection techniques. With the insights afforded by looking more closely at conceptual understanding, we describe how classification of insider threat may effectively be used in insider threat detection.

[1]  Dawn M. Cappelli,et al.  The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes , 2012 .

[2]  Gilbert L. Peterson,et al.  A Scenario-Based Approach to Mitigating the Insider Threat , 2011 .

[3]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[4]  Joshua Nehinbe,et al.  A Review of Technical Issues on IDS and Alerts , 2018 .

[5]  Jun Zhang,et al.  Detecting and Preventing Cyber Insider Threats: A Survey , 2018, IEEE Communications Surveys & Tutorials.

[6]  Jacques Ophoff,et al.  A Descriptive Literature Review and Classification of Insider Threat Research , 2014 .

[7]  Thomas Bozek,et al.  Research on Mitigating the Insider Threat to Information Systems - #2 , 2000 .

[8]  Srikanta Tirthapura,et al.  Detecting Insider Threats Using RADISH: A System for Real-Time Anomaly Detection in Heterogeneous Data Streams , 2017, IEEE Systems Journal.

[9]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[10]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[11]  T. Gunasekhar,et al.  Understanding insider attack problem and scope in cloud , 2015, 2015 International Conference on Circuits, Power and Computing Technologies [ICCPCT-2015].

[12]  Yehuda Vardi,et al.  A Hybrid High-Order Markov Chain Model for Computer Intrusion Detection , 2001 .

[13]  David Biros,et al.  Identifying Common Characteristics of Malicious Insiders , 2015 .

[14]  Marianthi Theoharidou,et al.  Insider Threat and Information Security Management , 2010, Insider Threats in Cyber Security.

[15]  Serdar Boztas,et al.  Insider Threat Detection Through Attributed Graph Clustering , 2018, 2017 IEEE Trustcom/BigDataSE/ICESS.

[16]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector , 2005 .

[17]  Ram Dantu,et al.  Towards Insider Threat Detection Using Psychophysiological Signals , 2015, MIST@CCS.

[18]  Chih-Hung Hsieh,et al.  AD2: Anomaly detection on active directory log data for insider threat monitoring , 2015, 2015 International Carnahan Conference on Security Technology (ICCST).

[19]  Johnny Long,et al.  Techno Security's Guide to Managing Risks for IT Managers, Auditors and Investigators , 2007 .

[20]  Dieter Gollmann,et al.  Aspects of Insider Threats , 2010, Insider Threats in Cyber Security.

[21]  Kuheli Roy Sarkar Assessing insider threats to information security using technical, behavioural and organisational measures , 2010, Inf. Secur. Tech. Rep..

[22]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[23]  Muhammad Usman,et al.  Mobile Agent Based Hierarchical Intrusion Detection System in Wireless Sensor Networks , 2012 .

[24]  Christian W. Probst,et al.  Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[25]  Li Ling Ko,et al.  Insider threat detection and its future directions , 2017, Int. J. Secur. Networks.

[26]  Nong Ye Secure Computer and Network Systems: Modeling, Analysis and Design , 2008 .

[27]  Carl Colwill,et al.  Human factors in information security: The insider threat - Who can you trust these days? , 2009, Inf. Secur. Tech. Rep..

[28]  Malek Ben Salem,et al.  Designing Host and Network Sensors to Mitigate the Insider Threat , 2009, IEEE Security & Privacy.

[29]  Lundy Lewis,et al.  Insider threat detection using situation-aware MAS , 2008, 2008 11th International Conference on Information Fusion.

[30]  A. Piskozub,et al.  Real-Time Intrusion Prevention and Anomaly Analyze System for Corporate Networks , 2007, 2007 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications.

[31]  Biswanath Mukherjee,et al.  SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack , 2009 .

[32]  Malek Ben Salem,et al.  A Survey of Insider Attack Detection Research , 2008, Insider Attack and Cyber Security.

[33]  Naghmeh Moradpoor,et al.  Insider threat detection using principal component analysis and self-organising map , 2017, SIN.

[34]  Lance Spitzner,et al.  Honeypots: catching the insider threat , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[35]  E. Cole,et al.  Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft , 2005 .

[36]  Sadie Creese,et al.  Formalising Policies for Insider-threat Detection: A Tripwire Grammar , 2017, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[37]  Steven Furnell,et al.  Insider Threat Prediction Tool: Evaluating the probability of IT misuse , 2002, Comput. Secur..

[38]  Geoffrey H. Kuenning,et al.  Detecting insider threats by monitoring system call activity , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[39]  Chung-Ming Ou,et al.  Host-based intrusion detection systems adapted from agent-based artificial immune systems , 2012, Neurocomputing.

[40]  Dipankar Dasgupta,et al.  Classification of Insider Threat Detection Techniques , 2016, CISRC.

[41]  Sadie Creese,et al.  Automated Insider Threat Detection System Using User and Role-Based Profile Assessment , 2017, IEEE Systems Journal.