Follow
Publications: 74 | Followers: 0

_

Publish on Category: Birds 0

OverviewThis research attempts to characterize the insider by drawing on prominent theories from the fields of behavioral theory and psychology to create an insider personality profile. This profile will allow us to understand an insider’s motives and actions. Only then can effective technology solutions be designed to combat the insider threat.
Personality TheoryAt an individual level, the basis for personality proofing can be drawn from large body of research in the field of psychology. Research here delves into personality characteristics such as Locus of Control, Attribution Style, Self Efficacy, and Neuroticism. The key however is to begin to look at these traits not as individual characteristics, but as pieces to a whole puzzle. Numerous studies have been conducted in personality psychology. These studies however have focused on examining each trait individually and have largely ignored the commonality and relationship between traits (Judge et al., 2002). It is this author’s belief that the key to successful profiling of insider threats lies in the identifying patterns that emerge by focusing on the relationships between a wider ranges of personality traits.
Behavioral TheoryMuch of the published information on insider threat has been compiled in case studies that focus on who insiders are, why they commit their crimes, and how they commit their crimes. The question then remains, why can’t insiders be stopped? To answer this question, researchers examine insiders from the aspect of several prominent behavioral theories such as general deterrence theory, social learning theory, social bond theory, and the theory of planned behavior. These theories focus on the behavior and motivation of insiders and help identify patterns of behavior at the organizational level. Understanding and insight at an organizational level helps to shape company policies and procedures to combat the insider threat.
Future WorkAcquire and evaluate several COTS insider threat systems and evaluate their capabilities in reference to this proposed model.Integrate behavioral theories to identify which data to mine and how to evaluate this information to assess an individual risk.Research the legal perspectives of taking action on personality assessment in the workplace and the privacy concerns of data mining solutions.
Acknowledgements:Advisor: David L. Hall, Ph.D.| Sponsor: Lockheed Martin Corporation| PrincipleInvestigator: Isaac Brewer, Ph.D.
ReferencesAnderson, G.F., Selby, D.A., and Ramsey, M. "Insider attack and real-time data mining of user behavior," IBMJournal of Research and Development (51:3) 2007, pp 465-476.Baek, E., Kim, Y., Sung, J., and Lee, S. "The design of framework for detecting an insider's leak of confidential information," Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, Brussels, Belgium, 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop, 2008.Bradford, P., and Hu, N. "A layered approach to insider threat detection and proactive forensics," Proceedings of the Twenty-First Annual Computer Security Applications Conference (Technology Blitz), 2005.Chinchani, R.,Iyer, A., Ngo, H., andUpadhyaya, S. "A Target-Centric Formal Model For Insider Threat and More."Chinchani, R.,Iyer, A., Ngo, H.Q., andUpadhyaya, S. "Towards a theory of insider threat assessment," 2005 International Conference on Dependable Systems and Networks (DSN'05), 2005, pp. 108–117.Gaonjur, P., andBokhoree, C. "Risk of Insider Threats in Information Technology Outsourcing: Can deceptive techniques be applied," School of Business Informatics, University of Technology, Mauritius) 2006.Holsopple, J., Yang, S.J., andSudit, M. "TANDI: threat assessment of network data and information," Proceedings of SPIE, Defense and Security Symposium, 2006, pp. 211-222.Kerschbaum, F.,Spafford, E.H., andZamboni, D. "Using embedded sensors for detecting network attacks," Proceedings of the 1st ACM Workshop on Intrusion Detection Systems (Nov.), 2000.Liu, A., Martin, C., Hetherington, T., andMatzner, S. "A comparison of system call feature representations for insider threat detection," Sixth Annual IEEE SMC Information Assurance Workshop, 2005, 2005, pp. 340- 347.Magklaras, G.B., andFurnell, S.M. "Insider Threat Prediction Tool: Evaluating the probability of IT misuse," Computers & Security (21:1) 2001, pp 62-73.Maloof, M.A., and Stephens, G.D. "ELICIT: A System for Detecting Insiders Who Violate Need-to-Know," Recent Advances in Intrusion Detection (RAID), Springer-Verlag, 2007, pp. 146-166.Maybury, M., Chase, P.,Cheikes, B.,Brackney, D.,Matzner, S., Hetherington, T., Wood, B., Sibley, C., Marin, J., andLongstaff, T. "Analysis and Detection of Malicious Insiders," in: Proceedings of the 2005 International Conference on Intelligence Analysis, MITRE CORP BEDFORD MA, 2005.Mukherjee, B.,Heberlein, L.T., and Levitt, K.N. "Network intrusion detection," Network, IEEE (8:3) 1994, pp 26-41.Nguyen, N.,Reiher, P., andKuenning, G.H. "Detecting insider threats by monitoring system call activity," 2003, pp. 45-52.Shavlik, J.,Shavlik, M., andFahland, M. "Evaluating Software Sensors for Actively Profiling Windows 2000 Computer Users," Fourth International Symposium on Recent Advances in Intrusion Detection, 2001.Spafford, E.H., andZamboni, D. "Intrusion detection using autonomous agents," Computer Networks (34:4) 2000, pp 547-570.Spitzner, L., and Inc, H.T. "Honeypots: catching the insider threat," Computer Security Applications Conference, 2003, pp. 170-179.Symonenko, S.,Liddy, E.D.,Yilmazel, O., DelZoppo, R., Brown, E., and Downey, M. "Semantic Analysis for Monitoring Insider Threats," LECTURE NOTES IN COMPUTER SCIENCE (3073) 2004, pp 492-500. Thompson, H.H., Whittaker, J.A., and Andrews, M. "Intrusion detection Perspectives on the insider threat," Computer Fraud & Security (2004:1) 2004, pp 13-15.Wang, L., andJajodia, S. "An Approach to Preventing, Correlating, and Predicting Multi-Step Network Attacks," Intrusion Detection Systems) 2008.Yilmazel, O.,Symonenko, S.,Balasubramanian, N., andLiddy, E.D. "Leveraging One-Class SVM and Semantic Analysis to Detect Anomalous Content," ISI/IEEE (5) 2005.Zhang, R.,Qian, D.,Ba, C., Wu, W., andGuo, X. "Multi-agent based intrusion detection architecture," International Conference on Computer Networks and Mobile Computing, 2001, pp. 494-501.
An Evaluation of the TechnicalApproachesto the InsiderThreat
Nicklaus A.Giacobe
Personality TheoryAt an individual level, the basis for personality proofing can be drawn from large body of research in the field of psychology. Research here delves into personality characteristics such as Locus of Control, Attribution Style, Self Efficacy, and Neuroticism. The key however is to begin to look at these traits not as individual characteristics, but as pieces to a whole puzzle. Numerous studies have been conducted in personality psychology. These studies however have focused on examining each trait individually and have largely ignored the commonality and relationship between traits (Judge et al., 2002). It is this author’s belief that the key to successful profiling of insider threats lies in the identifying patterns that emerge by focusing on the relationships between a wider ranges of personality traits.
OverviewInsider threats to an organization have been reported in the mainstream media, technicalpress andin academic research. The costs of these types of attacks are more significant than the costsof attacksfrom outside of the organization. Proposals for dealing with the insider threatproblem includea number of technical solutions. Most of these solutions are simply re-purposedfrom defensivesystems used against hackers and threats that come from the outside.Unfortunately, theyare not effective against trusted network users who need to have access to thedata, informationand systems to do their jobs. The solutions proposed from the socialpsychology perspectiveinclude a variety of possibilities, but they are time intensive, costly and havelegal consequences. This research attempts to classify the different technical solutions presented inthe literature. Anassessmentis presentedto identify where the future ofinsider threatsystems should be focused.

0

Embed

Share

Upload

Make amazing presentation for free
_