Potential Malicious Insiders Detection Based on a Comprehensive Security Psychological Model

The insider threat continues to be a paramount cyber security challenge that threatens individuals, financial enterprises and governmental organizations. To deter insider threats, traditional detection, which mainly focuses on policy checks and anomaly detection for users' computers and network activities, has been studied widely. However, because insiders have intrinsic authorized access at attack under normal behavior profiles, it is necessary to integrate the attackers' psychological characteristics. This work proposes a novel detection approach for potential malicious insiders based on a comprehensive security psychological model derived from Big-5 and Dark Triad personality traits, overcoming the biased choice and equality hypothesis problems in previous work. Moreover, the threat confidence degree is proposed to identify pseudo abnormal users and to markedly reduce the false positive rate. The experimental results illustrate the effectiveness and feasibility of the proposed approach, which has a very low false negative rate, and lay the foundation for a promising insider threat detection approach that integrates the attackers' psychological traits with the attack-chain characteristics.

[1]  Dawn M. Cappelli,et al.  The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes , 2012 .

[2]  Jafar Adibi,et al.  The Enron Email Dataset Database Schema and Brief Statistical Report , 2004 .

[3]  Frank L. Greitzer,et al.  Predicting Insider Threat Risks through Linguistic Analysis of Electronic Communication , 2013, 2013 46th Hawaii International Conference on System Sciences.

[4]  D. Paulhus,et al.  The Dark Triad of personality: Narcissism, Machiavellianism, and psychopathy , 2002 .

[5]  Terry L. Boles,et al.  The role of personality in task and relationship conflict. , 2002, Journal of personality.

[6]  Deborah A. Frincke,et al.  Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation , 2010, Insider Threats in Cyber Security.

[7]  Tal Yarkoni Personality in 100,000 Words: A large-scale analysis of personality and word use among bloggers. , 2010, Journal of research in personality.

[8]  Deborah A. Frincke,et al.  Social/Ethical Issues in Predictive Insider Threat Monitoring , 2011 .

[9]  Scott C Roesch,et al.  Coping with Daily Stress: The Role of Conscientiousness. , 2011, Personality and individual differences.

[10]  Jason R. C. Nurse,et al.  Using Internet Activity Profiling for Insider-threat Detection , 2015, ICEIS.

[11]  T. Jørgensen,et al.  Association between the Five Factor personality traits and perceived stress: is the effect mediated by general self-efficacy? , 2011, Anxiety, stress, and coping.

[12]  Dawn M. Cappelli,et al.  Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis , 2006 .

[13]  Theodore Kaczynski Industrial Society and Its Future , 2013 .

[14]  J. H. Eggers,et al.  Five-Factor Theory of Personality , 2000 .

[15]  Malik Yousef,et al.  One-Class SVMs for Document Classification , 2002, J. Mach. Learn. Res..

[16]  Michele Maasberg,et al.  The Dark Side of the Insider: Detecting the Insider Threat through Examination of Dark Triad Personality Traits , 2015, 2015 48th Hawaii International Conference on System Sciences.

[17]  Sadie Creese,et al.  Understanding Insider Threat: A Framework for Characterising Attacks , 2014, 2014 IEEE Security and Privacy Workshops.

[18]  Dimitris Gritzalis,et al.  Stress level detection via OSN usage pattern and chronicity analysis: An OSINT threat intelligence module , 2017, Comput. Secur..

[19]  A. Furnham,et al.  The Dark Triad of Personality: A 10 Year Review , 2013 .

[20]  Frank L. Lars J. Christine F. Christopher R. Thomas Greitzer,et al.  Psychosocial Modeling of Insider Threat Risk Based on Behavioral and Word Use Analysis , 2013 .

[21]  Ed Madison News Narratives, Classified Secrets, Privacy, and Edward Snowden , 2014 .

[22]  Vincent Egan,et al.  Neuroticism and agreeableness differentiate emotional and narcissistic expressions of aggression , 2011 .

[23]  Sadie Creese,et al.  Towards a Conceptual Model and Reasoning Structure for Insider Threat Detection , 2013, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[24]  James W. Pennebaker,et al.  Linguistic Inquiry and Word Count (LIWC2007) , 2007 .