Towards a conceptual model and reasoning structure for insider threat detection

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications

Volumn 4, Issue 4, 2013, Pages 20-37

  Legg, Philip ^a   Moffat, Nick ^a   Nurse, Jason R C ^a   Happa, Jassim ^a   Agrafiotis, Ioannis ^a   Goldsmith, Michael ^a   Creese, Sadie ^a  

^a UNIVERSITY OF OXFORD   (United Kingdom)

Author keywords

Conceptual model; Insider threat; Reasoning structure

Indexed keywords

EID: 84890952452     PISSN: 20935374     EISSN: 20935382     Source Type: Journal    
DOI: None     Document Type: Article

References (39)

1. CSO Magazine, CERT Program (Carnegie Mellon University) and Deloitte, "CyberSecurity Watch Survey: Organizations Need More Skilled Cyber Professionals To Stay Secure, " 2011, http://www.sei.cmu.edu/ newsitems/cybersecurity watch survey 2011.cfm.
2. Kroll and Economist Intelligence Unit, "Annual Global Fraud Survey. 2011/2012, " 2012.
3. PricewaterhouseCoopers LLP, "Cybercrime: Protecting against the growing threat-Events and Trends, " 2012.
4. FBI, "Robert Philip Hanssen Espionage Case, " 2001, http://www.fbi.gov/about-us/history/famous-cases/ robert-hanssen.
5. Guardian, "Bradley manning prosecutors say soldier 'leaked sensitive information', " 2013, http://www. guardian.co.uk/world/2013/jun/11/bradley-manning-wikileaks-trial-prosecution.
6. BBC News, "Profile: Edward Snowden, " 2013, http://www.bbc.co.uk/news/world-us-canada-22837100.
7. R. Anderson, T. Bozek, T. Longstaff, W. Meitzler, M. Skroch, and K. Van Wyk, "Research on Mitigating the Insider Threat to Information Systems, " in Proceedings of the Insider Workshop, August 2000.
8. F. L. Greitzer, A. P. Moore, D. M. Cappelli, D. H. Andrews, L. A. Carroll, and T. D. Hull, "Combating the Insider Cyber Threat, " IEEE Security & Privacy, vol. 6, no. 1, pp. 61-64, 2007.
9. D. M. Cappelli, A. P. Moore, and R. F. Trzeciak, The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes, 1st ed. Addison-Wesley Professional, 2012.
10. L. Spitzner, "Honeypots: catching the insider threat, " in Proc. of the 19th IEEE Annual Computer Security Applications Conference (ACSAC'03), Las Vegas, Nevada, USA, December 2003, pp. 170-179.
11. E. E. Schultz, "A framework for understanding and predicting insider attacks, " Computers and Security, vol. 21, no. 6, pp. 526-531, 2002. [Online]. Available: http://www.sciencedirect.com/science/article/pii/ S016740480201009X
12. B. Wood, "An insider threat model for adversary simulation, " SRI International, Research on Mitigating the Insider Threat to Information Systems, vol. 2, 2000.
13. G. B. Magklaras and S. M. Furnell, "Insider Threat Prediction Tool: Evaluating the probability of IT misuse, " Computers and Security, vol. 21, no. 1, pp. 62-73, 2002.
14. J. Butts, R. Mills, and R. Baldwin, "Developing an Insider Threat Model Using Functional Decomposition, " in Proc. of the 3rd International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security (MMM-ACNS'05), St. Petersburg, Russia, LNCS, vol. 3685. Springer-Verlag, September 2005, pp. 412-417.
15. M. Maybury, P. Chase, B. Cheikes, D. Brackney, S. Matzner, T. Hetherington, B. Wood, C. Sibley, J. Marin, T. Longstaff, L. Spitzner, J. Haile, J. Copeland, and S. Lewandowski, "Analysis and Detection of Malicious Insiders, " in Proc. of the 2005 International Conference on Intelligence Analysis, McLean, Viginia, USA. MITRE, May 2005.
16. Q. Althebyan and B. Panda, "A Knowledge-Base Model for Insider Threat Prediction, " in Proc. of the 2007 IEEE Information Assurance and Security Workshop (IAW'07), West Point, New York, USA. IEEE, June 2007, pp. 239-246.
17. J. Eom, M. Park, S. Park, and T. Chung, "A framework of defense system for prevention of insider's malicious behaviors, " in Proc. of the 13th International Conference on Advanced Communication Technology (ICAT'11), Phoenix Park, Gangwon-Do, Korea. IEEE, February 2011, pp. 982-987.
18. C. Nithiyanandam, D. Tamilselvan, S. Balaji, and V. Sivaguru, "Advanced framework of defense system for prevetion of insider's malicious behaviors, " in Proc. of the 2012 International Conference on Recent Trends In Information Technology (ICRTIT'12), Chennai, Tamil Nadu, India, April 2012, pp. 434-438.
19. I. J. Martinez-Moyano, S. H. Conrad, E. H. Rich, and D. F. Andersen, "Modeling the Emergence of Insider Threat Vulnerabilities, " in Proc. of the 38th Conference on Winter Simulation (WSC'06), Monterey, California, USA. IEEE, December 2006, pp. 562-568.
20. M. Bishop, S. Engle, S. Peisert, S. Whalen, and C. Gates, "We have met the enemy and he is us, " in Proc. of the 2008Workshop on New Security Paradigms (NSPW'08), Lake Tahoe, California, USA. ACM, September 2008, pp. 1-12.
21. M. Bishop, S. Engle, S. Peisert, S. Whalen, and C. Gates, "Case studies of an insider framework, " in Proc. of the 42nd Hawaii International Conference on System Sciences (HICSS'09), Waikoloa, Big Island, Hawaii, USA. IEEE, January 2009, pp. 1-10.
22. G. Doss and G. Tejay, "Developing insider attack detection model: a grounded approach, " in Proc. of the 2009 IEEE International Conference on Intelligence and Security Informatics (ISI'09), Dallas, Texas, USA. IEEE, June 2009, pp. 107-112.
23. S. L. Pfleeger, J. B. Predd, J. Hunker, and C. Bulford, "Insiders behaving badly: Addressing bad actors and their actions, " IEEE Transactions on Information Forensics and Security, vol. 5, no. 1, pp. 169-179, 2010.
24. J. Gonzalez and A. Sawicka, "A framework for human factors in information security, " in Proc. of the 2002 WSEAS International Conference on Information Security, Hardware/Software Codesign, E-Commerce and Computer Networks, Rio De Janeiro, Brazil, October 2002, pp. 1871-1877.
25. E. D. Shaw, "The role of behavioral research and profiling in malicious cyber insider investigations, " Digital Investigation, vol. 3, no. 1, pp. 20-31, 2006.
26. C. Colwill, "Human factors in information security: The insider threat-Who can you trust these days?" Information Security Technical Report, vol. 14, no. 4, pp. 186-196, 2009.
27. F. L. Greitzer and R. E. Hohimer, "Modeling Human Behavior to Anticipate Insider Attacks, " Journal of Strategic Security, vol. 4, no. 2, pp. 25-48, 2011.
28. M. Kandias, A. Mylonas, N. Virvilis, M. Theoharidou, and D. Gritzalis, "An insider threat prediction model, " in Proc. of the 7th international conference on Trust, Privacy and Security in Digital Business (TrustBus'10), Bilbao, Spain, LNCS, vol. 6264. Springer-Verlag, August 2010, pp. 26-37.
29. O. Brdiczka, J. Liu, B. Price, J. Shen, A. Patil, R. Chow, E. Bart, and N. Ducheneaut, "Proactive insider threat detection through graph learning and psychological context, " in Proc. of the 2012 IEEE Symposium on Security and Privacy Workshops (IEEE SPW'12), San Francisco, California, USA, May 2012, pp. 142-149.
30. T. Sasaki, "A framework for detecting insider threats using psychological triggers, " Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), vol. 3, no. 1/2, pp. 99-119, 2012.
31. S. Creese, M. H. Goldsmith, and A. O. Adetoye, "A logical high-level framework for critical infrastructure resilience and risk assessment, " in Proc. of the 3rd InternationalWorkshop on Cyberspace Safety and Security (CSS'11), Milan, Italy, September 2011, pp. 7-14.
32. J. S. Wiggings, The five factor model of personality: Theoretical perspectives. Guilford Press, 1996.
33. D. L. Paulhus and K. M. Williams, "The dark triad of personality: Narcissism, Machiavellianism, and psychopathy, " Journal of research in personality, vol. 36, no. 6, pp. 556-563, 2002.
34. MITRE, "Common Attack Pattern Enumeration and Classification, " http://capec.mitre.org/.
35. MITRE, "Common Vulnerabilities and Exposures, " http://cve.mitre.org/.
36. MITRE, "Common Weakness Enumeration, " http://cwe.mitre.org/.
37. A. P. Moore, D. M. Cappelli, and R. F. Trzeciak, "The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures, " Software Engineering Institute/Carnegie Mellon University, Tech. Rep. CMU/SEI-2008-TR-009, May 2008.
38. A. P. Moore, D. M. Cappelli, T. C. Caron, E. Shaw, D. Spooner, and R. Trzeciak, "A Preliminary Model of Insider Theft of Intellectual Property, " Software Engineering Institute, Carnegie Mellon University, Tech. Rep. CMU/SEI-2011-TN-013, June 2011.
39. M. Bishop, C. Gates, D. Frincke, and F. Greitzer, "AZALIA: an A to Z assessment of the likelihood of insider attack, " in Proc. of the IEEE 2009 Conference on Technologies for Homeland Security (HST'09), Boston, Massachusetts, USA. IEEE, May 2009, pp. 385-392.