Proactive insider threat detection through social media: the YouTube case

Insider threat is a major issue in cyber and corporate security. In this paper we study the psychosocial perspective of the insider via social media, Open Source Intelligence, and user generated content classification. Inductively, we propose a prediction method by evaluating the predisposition towards law enforcement and authorities, a personal psychosocial trait closely connected to the manifestation of malevolent insiders. We propose a methodology to detect users holding a negative attitude towards authorities. For doing so we facilitate the use of machine learning techniques and of a dictionary-based approach, so as to detect comments expressing negative attitude. Thus, we can draw conclusions over a user behavior and beliefs via the content the user generated within the limits a social medium. We also use an assumption free flat data representation technique in order to decide over the user's attitude. Furthermore, we compare the results of each method and highlight the common behavior manifested by the users. The demonstration is applied on a crawled community of users on YouTube.

[1]  Alan R. Simon,et al.  Network security , 1994 .

[2]  Dimitris Gritzalis A baseline security policy for distributed healthcare information systems , 1997, Comput. Secur..

[3]  Dimitris Gritzalis,et al.  Embedding privacy in IT applications development , 2004, Inf. Manag. Comput. Secur..

[4]  Evangelos A. Kiountouzis,et al.  The insider threat to information systems and the effectiveness of ISO17799 , 2005, Comput. Secur..

[5]  Frank L. Greitzer,et al.  Identifying At-Risk Employees: Modeling Psychosocial Precursors of Potential Insider Threats , 2012, 2012 45th Hawaii International Conference on System Sciences.

[6]  D A Gritzalis,et al.  Enhancing security and improving interoperability in healthcare information systems. , 1998, Medical informatics = Medecine et informatique.

[7]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector , 2005 .

[8]  Martin Hershkowitz The “Insider” Threat , 2007 .

[9]  Steven Furnell,et al.  Insider Threat Prediction Tool: Evaluating the probability of IT misuse , 2002, Comput. Secur..

[10]  L. Lanza-Kaduce,et al.  Social learning and deviant behavior: a specific test of a general theory. , 1979, American sociological review.

[11]  Dieter Gollmann,et al.  Insider Threats in Cyber Security , 2010, Insider Threats in Cyber Security.

[12]  Lilian Mitrou,et al.  Insiders Trapped in the Mirror Reveal Themselves in Social Media , 2013, NSS.

[13]  Lilian Mitrou,et al.  Smartphone sensor data as digital evidence , 2013, Comput. Secur..

[14]  Panayiotis Kotzanikolaou,et al.  Risk assessment methodology for interdependent critical infrastructures , 2011 .

[15]  Dimitris Gritzalis,et al.  A SIP-oriented SPIT Management Framework , 2008, Comput. Secur..

[16]  Keven G. Ruby,et al.  The Insider Threat to Information Systems , 2022 .

[17]  Josette Chen,et al.  'Which side are you on?' , 2001, Nature.

[18]  Marianthi Theoharidou,et al.  Insider Threat and Information Security Management , 2010, Insider Threats in Cyber Security.

[19]  Lilian Mitrou The impact of communications data retention on fundamental rights and democracy – the case of the EU Data Retention Directive , 2010 .

[20]  Fabrizio Sebastiani,et al.  Machine learning in automated text categorization , 2001, CSUR.

[21]  Dimitris Gritzalis,et al.  Exploitation of auctions for outsourcing security-critical projects , 2011, 2011 IEEE Symposium on Computers and Communications (ISCC).

[22]  Dimitris Gritzalis,et al.  An Insider Threat Prediction Model , 2010, TrustBus.

[23]  T. Geoghegan Which Side Are You On?: Trying to Be For Labor When It's Flat On Its Back , 1991 .

[24]  C T Dinardo,et al.  Computers and security , 1986 .

[25]  Lucila Ohno-Machado,et al.  Logistic regression and artificial neural network classification models: a methodology review , 2002, J. Biomed. Informatics.

[26]  Marc Rogers,et al.  Self-reported Deviant Computer Behavior: A Big-5, Moral Choice, and Manipulative Exploitive Behavior Analysis , 2006 .

[27]  Oliver Brdiczka,et al.  Proactive Insider Threat Detection through Graph Learning and Psychological Context , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[28]  Dimitris Gritzalis,et al.  The Insider Threat in Cloud Computing , 2011, CRITIS.

[29]  Hinrich Schütze,et al.  Introduction to information retrieval , 2008 .

[30]  Lilian Mitrou,et al.  Smartphone Forensics: A Proactive Investigation Scheme for Evidence Acquisition , 2012, SEC.

[31]  Jintae Lee,et al.  A holistic model of computer abuse within organizations , 2002, Inf. Manag. Comput. Secur..

[32]  Lilian Mitrou,et al.  Which side are you on? A new Panopticon vs. privacy , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[33]  Yair Amichai-Hamburger,et al.  Social network use and personality , 2010, Comput. Hum. Behav..

[34]  Steven Furnell,et al.  Towards an insider threat prediction specification language , 2006, Inf. Manag. Comput. Secur..