Towards a data-driven behavioral approach to prediction of insider-threat

Insider threats pose a challenge to all companies and organizations. Identification of culprit after an attack is often too late and result in detrimental consequences for the organization. Majority of past research on insider threat has focused on post-hoc personality analysis of known insider threats to identify personality vulnerabilities. It has been proposed that certain personality vulnerabilities place individuals to be at risk to perpetuating insider threats should the environment and opportunity arise. To that end, this study utilizes a gamebased approach to simulate a scenario of intellectual property theft and investigate behavioral and personality differences of individuals who exhibit insider-threat related behavior. Features were extracted from games, text collected through implicit and explicit measures, simultaneous facial expression recordings, and personality variables (HEXACO, Dark Triad and Entitlement Attitudes) calculated from questionnaire. We applied ensemble machine learning algorithms and show that they produce an acceptable balance of precision and recall. Our results showcase the possibility of harnessing personality variables, facial expressions and linguistic features in the modeling and prediction of insider-threat.

[1]  Amos Azaria,et al.  Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data , 2014, IEEE Transactions on Computational Social Systems.

[2]  M. Żemojtel-Piotrowska,et al.  Agency, communion and entitlement. , 2016, International journal of psychology : Journal international de psychologie.

[3]  Merrill Warkentin,et al.  Beyond Deterrence: An Expanded View of Employee Computer Abuse , 2013, MIS Q..

[4]  Amanda B. Clinton,et al.  Materialism, Subjective Well-Being, and Entitlement , 2013 .

[5]  Russell E. Johnson,et al.  We (sometimes) know not how we feel: Predicting job performance with an implicit measure of trait affectivity. , 2010 .

[6]  Athul Harilal,et al.  TWOS: A Dataset of Malicious Insider Threat Behavior Based on a Gamified Competition , 2017, MIST@CCS.

[7]  Daniel McDuff,et al.  Affectiva-MIT Facial Expression Dataset (AM-FED): Naturalistic and Spontaneous Facial Expressions Collected "In-the-Wild" , 2013, 2013 IEEE Conference on Computer Vision and Pattern Recognition Workshops.

[8]  Deborah A. Frincke,et al.  Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation , 2010, Insider Threats in Cyber Security.

[9]  Oliver Brdiczka,et al.  Proactive Insider Threat Detection through Graph Learning and Psychological Context , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[10]  Michele Maasberg,et al.  The Dark Side of the Insider: Detecting the Insider Threat through Examination of Dark Triad Personality Traits , 2015, 2015 48th Hawaii International Conference on System Sciences.

[11]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[12]  Rachel M. Calogero,et al.  Measurement of Psychological Entitlement in 28 Countries , 2017 .

[13]  D. Paulhus,et al.  The Dark Triad of personality: Narcissism, Machiavellianism, and psychopathy , 2002 .

[14]  Magy Seif El-Nasr,et al.  Detecting Betrayers in Online Environments Using Active Indicators , 2018, SBP-BRiMS.

[15]  R. Searle,et al.  Assessing and mitigating the impact of organisational change on counterproductive work behaviour: An operational (dis)trust based framework.: Full Report , 2018 .

[16]  Sadie Creese,et al.  Understanding Insider Threat: A Framework for Characterising Attacks , 2014, 2014 IEEE Security and Privacy Workshops.

[17]  M. Ashton,et al.  The HEXACO personality factors in the indigenous personality lexicons of English and 11 other languages. , 2008, Journal of personality.

[18]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[19]  Mike Burmester,et al.  Demystifying Insider Threat: Language-Action Cues in Group Dynamics , 2016, 2016 49th Hawaii International Conference on System Sciences (HICSS).

[20]  Coral J. Dando,et al.  Detecting insider threats through language change. , 2013, Law and human behavior.

[21]  R. D. Vries,et al.  The HEXACO and 5DPT models of personality: a comparison and their relationships with psychopathy, egoism, pretentiousness, immorality, and Machiavellianism. , 2010 .

[22]  Dawn M. Cappelli,et al.  The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes , 2012 .

[23]  Ryan L. Boyd,et al.  The Development and Psychometric Properties of LIWC2015 , 2015 .

[24]  Dawn M. Cappelli,et al.  A Preliminary Model of Insider Theft of Intellectual Property , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..