Inside the Mind of the Insider: Towards Insider Threat Detection Using Psychophysiological Signals

Insider threat is a great challenge for most organizations in today’s digital world. It has received substantial research attention as a significant source of information security threat that could cause more financial losses and damages than any other threats. However, designing an effective monitoring and detection framework is a very challenging task. In this paper, we examine the use of human bio-signals to detect the malicious activities and show that its applicability for insider threats detection. We employ a combination of the electroencephalography (EEG) and the electrocardiogram (ECG) signals to provide a framework for insider threat monitoring and detection. We empirically tested the framework with ten subjects and used several activities scenarios. We found that our framework able to achieve up to 90% detection accuracy of the malicious activities when using the electroencephalography (EEG) signals alone. We then examined the effectiveness of adding the electrocardiogram (ECG) signals to our framework and results show that by adding the ECG the accuracy of detecting the malicious activity increases by about 5%. Thus, our framework shows that human brain and heart signals can reveal valuable knowledge about the malicious behaviors and could be an effective solution for detecting insider threats.

[1]  Bao-Liang Lu,et al.  Emotional state classification from EEG data using machine learning approach , 2014, Neurocomputing.

[2]  Joshua Glasser,et al.  Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data , 2013, 2013 IEEE Security and Privacy Workshops.

[3]  M. Murugappan,et al.  Classification of emotional states from electrocardiogram signals: a non-linear approach based on hurst , 2013, BioMedical Engineering OnLine.

[4]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[5]  Thierry Pun,et al.  Valence-arousal evaluation using physiological signals in an emotion recall paradigm , 2007, 2007 IEEE International Conference on Systems, Man and Cybernetics.

[6]  Malek Ben Salem,et al.  Monitoring Technologies for Mitigating Insider Threats , 2010, Insider Threats in Cyber Security.

[7]  Heng Tao Shen,et al.  Principal Component Analysis , 2009, Encyclopedia of Biometrics.

[8]  Ram Dantu,et al.  Towards Insider Threat Detection Using Psychophysiological Signals , 2015, MIST@CCS.

[9]  Howard Jay Chizeck,et al.  Privacy by Design in Brain-Computer Interfaces , 2013 .

[10]  Salvatore J. Stolfo,et al.  Software decoys for insider threat , 2012, ASIACCS '12.

[11]  Paul Thompson,et al.  Weak models for insider threat detection , 2004, SPIE Defense + Commercial Sensing.

[12]  Christian W. Probst,et al.  Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[13]  K. H. Kim,et al.  Emotion recognition system using short-term monitoring of physiological signals , 2004, Medical and Biological Engineering and Computing.

[14]  Stefan Haufe,et al.  The Berlin Brain–Computer Interface: Non-Medical Uses of BCI Technology , 2010, Front. Neurosci..

[15]  Tamara Bonaci Privacy by Design in Brain-Computer Interfaces , 2013 .

[16]  Elisa Bertino,et al.  Towards mechanisms for detection and prevention of data exfiltration by insiders: keynote talk paper , 2011, ASIACCS '11.

[17]  Anthony J. Rissling,et al.  Electroencephalography (EEG) and Event‐Related Potentials (ERPs) with Human Participants , 2010, Current protocols in neuroscience.

[18]  Merrill Warkentin,et al.  Beyond Deterrence: An Expanded View of Employee Computer Abuse , 2013, MIS Q..

[19]  Michitaka Hirose,et al.  Brain-Computer Interfaces, Virtual Reality, and Videogames , 2008, Computer.

[20]  Houston H. Carr,et al.  Threats to Information Systems: Today's Reality, Yesterday's Understanding , 1992, MIS Q..

[21]  Malek Ben Salem,et al.  Masquerade Attack Detection Using a Search-Behavior Modeling Approach , 2009 .

[22]  Thomas Koch,et al.  Cybercrime: protecting against the growing threat , 2011 .

[23]  Hassan Takabi,et al.  Toward an Insider Threat Detection Framework Using Honey Permissions , 2015, J. Internet Serv. Inf. Secur..

[24]  Khalil El-Khatib,et al.  On the Possibility of Insider Threat Detection Using Physiological Signal Monitoring , 2014, SIN.

[25]  M. Arthanari,et al.  ECG Feature Extraction Techniques - A Survey Approach , 2010, ArXiv.

[26]  Frank L. Greitzer,et al.  Identifying At-Risk Employees: Modeling Psychosocial Precursors of Potential Insider Threats , 2012, 2012 45th Hawaii International Conference on System Sciences.

[27]  Taeyoung Kim,et al.  An Application of Data Leakage Prevention System based on Biometrics Signals Recognition Technology , 2014 .