Risk aware intelligent system for insider threat detection

Information security risk assessment has a major role in assessing the security posture of any organisation. Risk assessment is mostly performed with focus on the external threats to the information assets rather than the insider threats. Insider attacks are caused by the insiders with privileged access rights to the information assets. Traditional security controls like encryption and policy-based access control used in organisations fail to identify the malicious insider activity. Therefore, fighting insider threats is a tough task for organisations since it is important to have a balance between the grant of required privileges to the users, and identification of malicious access by them. This paper proposes an intelligent risk aware decision support system that identifies the presence insider threats and their intensity in an organisation by quantifying the risk to assets and behaviour monitoring of users who access those assets.

[1]  Takayuki Sasaki,et al.  A Framework for Detecting Insider Threats using Psychological Triggers , 2012, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[2]  Weiqing Sun,et al.  I-RBAC: Isolation enabled role-based access control , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[3]  Bhavani M. Thuraisingham,et al.  Supervised Learning for Insider Threat Detection Using Stream Mining , 2011, 2011 IEEE 23rd International Conference on Tools with Artificial Intelligence.

[4]  James H. Graham,et al.  Anomaly Instruction Detection of Masqueraders and Threat Evaluation Using Fuzzy Logic , 2006, 2006 IEEE International Conference on Systems, Man and Cybernetics.

[5]  Dipankar Dasgupta,et al.  Classification of Insider Threat Detection Techniques , 2016, CISRC.

[6]  Paul Thompson,et al.  Weak models for insider threat detection , 2004, SPIE Defense + Commercial Sensing.

[7]  Ted E. Senator,et al.  Detecting Unknown Insider Threat Scenarios , 2014, 2014 IEEE Security and Privacy Workshops.

[8]  James B. D. Joshi,et al.  An adaptive risk management and access control framework to mitigate insider threats , 2013, Comput. Secur..

[9]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[10]  Bradley Malin,et al.  Detecting Anomalous Insiders in Collaborative Information Systems , 2012, IEEE Transactions on Dependable and Secure Computing.

[11]  Christian W. Probst,et al.  Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[12]  Deborah A. Frincke,et al.  Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation , 2010, Insider Threats in Cyber Security.