Prediction and Detection of Malicious Insiders' Motivation Based on Sentiment Profile on Webpages and Emails

Recent high profile data breaches have highlighted the importance of insider threat detection research for cyber security. Anomaly based insider detection approaches are generally associated with high false positives; thus, there has been increased focus on including prediction of user psychology and attack motivations. However, data relating to psychological profile and personality trait of employees are challenging to collect, and do not generally adequately capture attack motivations such as disgruntlement (e.g. towards certain behavior). Therefore, in this paper, we demonstrate how one can build a user psychological profile based on the sentiment analysis of their network browsing and email content. We then evaluate our approach using real-world datasets, and the findings suggest that our approach can proactively and accurately detect malicious insiders with extreme or negative emotional tendencies. This is the first work to build user profile and predict insider threats using sentiment analysis of their browsing and email content.

[1]  Jung Hoon Baeg,et al.  Insider Threat: Language-action Cues in Group Dynamics , 2015, CPR.

[2]  Mudita Singhal,et al.  Supervised and Unsupervised methods to detect Insider Threat from Enterprise Social and Online Activity Data , 2015, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[3]  Ted E. Senator,et al.  Insider Threat Detection in PRODIGAL , 2017, HICSS.

[4]  Joshua Glasser,et al.  Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data , 2013, 2013 IEEE Security and Privacy Workshops.

[5]  Serdar Boztas,et al.  Web access patterns reveal insiders behavior , 2015, 2015 Seventh International Workshop on Signal Design and its Applications in Communications (IWSDA).

[6]  Ram Dantu,et al.  Towards Insider Threat Detection Using Psychophysiological Signals , 2015, MIST@CCS.

[7]  Dimitris Gritzalis,et al.  Stress level detection via OSN usage pattern and chronicity analysis: An OSINT threat intelligence module , 2017, Comput. Secur..

[8]  Chao Liu,et al.  FEPDF: A Robust Feature Extractor for Malicious PDF Detection , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[9]  Jason R. C. Nurse,et al.  Using Internet Activity Profiling for Insider-threat Detection , 2015, ICEIS.

[10]  Salvatore J. Stolfo,et al.  Anomaly Detection at Multiple Scales (ADAMS) , 2011 .

[11]  Sadie Creese,et al.  Automated Insider Threat Detection System Using User and Role-Based Profile Assessment , 2017, IEEE Systems Journal.

[12]  Frank L. Greitzer,et al.  Predicting Insider Threat Risks through Linguistic Analysis of Electronic Communication , 2013, 2013 46th Hawaii International Conference on System Sciences.

[13]  Chao Liu,et al.  A Deep Learning Based Online Malicious URL and DNS Detection Scheme , 2017, SecureComm.

[14]  Ted E. Senator,et al.  Detecting Unknown Insider Threat Scenarios , 2014, 2014 IEEE Security and Privacy Workshops.

[15]  Dawn M. Cappelli,et al.  Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors , 2005 .

[16]  Ananthram Swami,et al.  Stealthy attacks with insider information: A game theoretic model with asymmetric feedback , 2016, MILCOM 2016 - 2016 IEEE Military Communications Conference.

[17]  Oliver Brdiczka,et al.  Proactive Insider Threat Detection through Graph Learning and Psychological Context , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[18]  William R. Claycomb,et al.  Chronological Examination of Insider Threat Sabotage: Preliminary Observations , 2012, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..