Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats

The insider threats have always been one of the most severe challenges to cybersecurity. It can lead to the destruction of the organisation’s internal network system and information leakage, which seriously threaten the confidentiality, integrity and availability of data. To make matters worse, since the attacker has authorized access to the internal network, they can launch the attack from the inside and erase their attack trace, which makes it challenging to track and forensics. A blockchain traceability system for insider threats is proposed in this paper to mitigate the issue. First, this paper constructs an insider threat model of the internal network from a different perspective: insider attack forensics and prevent insider attacker from escaping. Then, we analyze why it is difficult to track attackers and obtain evidence when an insider threat has occurred. After that, the blockchain traceability system is designed in terms of data structure, transaction structure, block structure, consensus algorithm, data storage algorithm, and query algorithm, while using differential privacy to protect user privacy. We deployed this blockchain traceability system and conducted experiments, and the results show that it can achieve the goal of mitigating insider threats.

Download Full-text

INSIDER THREAT MANAGEMENT AS AN ELEMENT OF THE CORPORATE ECONOMIC SECURITY

Financial and credit activity problems of theory and practice ◽

10.18371/fcaptp.v1i36.227690 ◽

2021 ◽

Vol 1 (36) ◽

pp. 149-158

Author(s):

D. Zatonatskiy ◽

V. Marhasova ◽

N. Korogod

Keyword(s):

Personal Information ◽

Information Leakage ◽

Economic Security ◽

High Tech ◽

Insider Threat ◽

Insider Threats ◽

External Threats ◽

Insider Attack ◽

Medical Institutions ◽

Threat Management

This paper considers the insider threats in the companies from different sectors and various methods of their assessment. The problem of information leakage is becoming increasingly important for companies in all areas of economic activity. The problem of insider threats is becoming increasingly important, as the company may incur losses not only due to the leakage of information about its inventions, but also through lawsuits in case of theft of personal information of the customers, contractors and more. This means that in order to gain access to the international markets, Ukrainian companies must have an appropriate level of protection not only of the company’s confidential information, but also of the data on customers, contractors, etc. The objective of the article is to analyze the existing methodological approaches to the assessment of insider threats in the enterprise as a component of personnel and economic security. We came to the conclusion that different industries have different vulnerabilities to insider threats and different approaches to insider threat management. It was determined that information leaks are a serious threat to the company’s economic and personnel security. It was discovered that firms have achieved significant improvements and developed effective procedures for counteracting external threats, however, protection against insider attacks remains rather low. In the course of the research, the concept of an insider attacker was defined, the types of insider threats were established, and the main actions of the personnel prior to the insider attack were outlined. It was proved that the degree of insider threat is determined by the type of activity of the company and the liquidity of information that may be leaked. Most leaks are observed in high-tech companies and medical institutions, while the most liquid is the information of banks, financial institutions, industrial and commercial companies.

Download Full-text

An Insider Data Leakage Detection Using One-Hot Encoding, Synthetic Minority Oversampling and Machine Learning Techniques

Entropy ◽

10.3390/e23101258 ◽

2021 ◽

Vol 23 (10) ◽

pp. 1258

Author(s):

Taher Al-Shehari ◽

Rakan A. Alsowail

Keyword(s):

Machine Learning ◽

Detection System ◽

Machine Learning Algorithms ◽

Machine Learning Techniques ◽

Sensitive Period ◽

Insider Threat ◽

Leakage Detection ◽

Insider Threats ◽

Insider Attack ◽

Proposed Model

Insider threats are malicious acts that can be carried out by an authorized employee within an organization. Insider threats represent a major cybersecurity challenge for private and public organizations, as an insider attack can cause extensive damage to organization assets much more than external attacks. Most existing approaches in the field of insider threat focused on detecting general insider attack scenarios. However, insider attacks can be carried out in different ways, and the most dangerous one is a data leakage attack that can be executed by a malicious insider before his/her leaving an organization. This paper proposes a machine learning-based model for detecting such serious insider threat incidents. The proposed model addresses the possible bias of detection results that can occur due to an inappropriate encoding process by employing the feature scaling and one-hot encoding techniques. Furthermore, the imbalance issue of the utilized dataset is also addressed utilizing the synthetic minority oversampling technique (SMOTE). Well known machine learning algorithms are employed to detect the most accurate classifier that can detect data leakage events executed by malicious insiders during the sensitive period before they leave an organization. We provide a proof of concept for our model by applying it on CMU-CERT Insider Threat Dataset and comparing its performance with the ground truth. The experimental results show that our model detects insider data leakage events with an AUC-ROC value of 0.99, outperforming the existing approaches that are validated on the same dataset. The proposed model provides effective methods to address possible bias and class imbalance issues for the aim of devising an effective insider data leakage detection system.

Download Full-text

Insider Attack Analysis in Building Effective Cyber Security for an Organization

Cyber Law, Privacy, and Security ◽

10.4018/978-1-5225-8897-9.ch070 ◽

2019 ◽

pp. 1408-1425

Author(s):

Sunita Vikrant Dhavale

Keyword(s):

Cyber Security ◽

Cyber Attacks ◽

Recent Survey ◽

Insider Threat ◽

Confidential Information ◽

Insider Threats ◽

Insider Attack ◽

Organizational Information ◽

Future Challenges ◽

Information Assets

Recent studies have shown that, despite being equipped with highly secure technical controls, a broad range of cyber security attacks were carried out successfully on many organizations to reveal confidential information. This shows that the technical advancements of cyber defence controls do not always guarantee organizational security. According to a recent survey carried out by IBM, 55% of these cyber-attacks involved insider threat. Controlling an insider who already has access to the company's highly protected data is a very challenging task. Insider attacks have great potential to severely damage the organization's finances as well as their social credibility. Hence, there is a need for reliable security frameworks that ensure confidentiality, integrity, authenticity, and availability of organizational information assets by including the comprehensive study of employee behaviour. This chapter provides a detailed study of insider behaviours that may hinder organization security. The chapter also analyzes the existing physical, technical, and administrative controls, their objectives, their limitations, insider behaviour analysis, and future challenges in handling insider threats.

Download Full-text

Insider Attack Analysis in Building Effective Cyber Security for an Organization

Advances in Digital Crime, Forensics, and Cyber Terrorism - Psychological and Behavioral Examinations in Cyber Security ◽

10.4018/978-1-5225-4053-3.ch013 ◽

2018 ◽

pp. 222-238

Author(s):

Sunita Vikrant Dhavale

Keyword(s):

Cyber Security ◽

Cyber Attacks ◽

Recent Survey ◽

Insider Threat ◽

Confidential Information ◽

Insider Threats ◽

Insider Attack ◽

Organizational Information ◽

Future Challenges ◽

Information Assets

Download Full-text

A Multi-Tiered Framework for Insider Threat Prevention

Electronics ◽

10.3390/electronics10091005 ◽

2021 ◽

Vol 10 (9) ◽

pp. 1005

Author(s):

Rakan A. Alsowail ◽

Taher Al-Shehari

Keyword(s):

Real World ◽

Relevant Literature ◽

Security And Privacy ◽

Insider Threat ◽

Unified Framework ◽

Insider Threats ◽

Public And Private ◽

Private Organizations ◽

Confidential Data ◽

Real Value

As technologies are rapidly evolving and becoming a crucial part of our lives, security and privacy issues have been increasing significantly. Public and private organizations have highly confidential data, such as bank accounts, military and business secrets, etc. Currently, the competition between organizations is significantly higher than before, which triggers sensitive organizations to spend an excessive volume of their budget to keep their assets secured from potential threats. Insider threats are more dangerous than external ones, as insiders have a legitimate access to their organization’s assets. Thus, previous approaches focused on some individual factors to address insider threat problems (e.g., technical profiling), but a broader integrative perspective is needed. In this paper, we propose a unified framework that incorporates various factors of the insider threat context (technical, psychological, behavioral and cognitive). The framework is based on a multi-tiered approach that encompasses pre, in and post-countermeasures to address insider threats in an all-encompassing perspective. It considers multiple factors that surround the lifespan of insiders’ employment, from the pre-joining of insiders to an organization until after they leave. The framework is utilized on real-world insider threat cases. It is also compared with previous work to highlight how our framework extends and complements the existing frameworks. The real value of our framework is that it brings together the various aspects of insider threat problems based on real-world cases and relevant literature. This can therefore act as a platform for general understanding of insider threat problems, and pave the way to model a holistic insider threat prevention system.

Download Full-text

The Role of Education and Awareness in Tackling Insider Threats

Cybersecurity Education for Awareness and Compliance - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-7847-5.ch003 ◽

2019 ◽

pp. 33-52

Author(s):

Shaun Joseph Smyth ◽

Kevin Curran ◽

Nigel McKelvey

Keyword(s):

Insider Threat ◽

Insider Threats ◽

The Future ◽

Awareness Programs ◽

Education And Awareness ◽

Access Data

Insider threats present a major concern for organizations worldwide. As organizations need to provide employees with authority to access data to enable them to complete their daily tasks, they leave themselves open to insider attacks. This chapter looks at those who fall into the category which can be referred to as insiders and highlights the activity of outsourcing which is employed by many organizations and defines the term insider threat while pointing out what differentiates an accidental threat from a malicious threat. The discussion also considers various methods of dealing with insider threats before highlighting the role education and awareness plays in the process, the importance of tailoring awareness programs, and what the future holds for insider threats within organizations.

Download Full-text

Privacy Information Leakage Prevention in Cognitive Social Mining Applications

Advances in Social Networking and Online Communities - Cognitive Social Mining Applications in Data Analytics and Forensics ◽

10.4018/978-1-5225-7522-1.ch010 ◽

2019 ◽

pp. 188-212

Author(s):

Suriya Murugan ◽

Anandakumar H.

Keyword(s):

Social Networks ◽

Social Relations ◽

Private Information ◽

Online Social Networks ◽

Information Leakage ◽

User Profile ◽

User Privacy ◽

Sensitive Data ◽

Data Set ◽

Secure Information

Online social networks, such as Facebook are increasingly used by many users and these networks allow people to publish and share their data to their friends. The problem is user privacy information can be inferred via social relations. This chapter makes a study and performs research on managing those confidential information leakages which is a challenging issue in social networks. It is possible to use learning methods on user released data to predict private information. Since the main goal is to distribute social network data while preventing sensitive data disclosure, it can be achieved through sanitization techniques. Then the effectiveness of those techniques is explored, and the methods of collective inference are used to discover sensitive attributes of the user profile data set. Hence, sanitization methods can be used efficiently to decrease the accuracy of both local and relational classifiers and allow secure information sharing by maintaining user privacy.

Download Full-text

Privacy Preserving Approaches for Online Social Network Data Publishing

Digital Transformation and Challenges to Data Security and Privacy - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-4201-9.ch007 ◽

2021 ◽

pp. 119-132

Author(s):

Kamalkumar Macwan ◽

Sankita Patel

Keyword(s):

Social Network ◽

Privacy Preservation ◽

Differential Privacy ◽

Online Social Network ◽

Data Publishing ◽

Network Data ◽

User Privacy ◽

Social Network Data ◽

Huge Data ◽

Popularity Prediction

Recently, the social network platforms have gained the attention of people worldwide. People post, share, and update their views freely on such platforms. The huge data contained on social networks are utilized for various purposes like research, market analysis, product popularity, prediction, etc. Although it provides so much useful information, it raises the issue regarding user privacy. This chapter discusses the various privacy preservation methods applied to the original social network dataset to preserve privacy against attacks. The two areas for privacy preservation approaches addressed in this chapter are anonymization in social network data publication and differential privacy in node degree publishing.

Download Full-text

A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations

Applied Sciences ◽

10.3390/app10155208 ◽

2020 ◽

Vol 10 (15) ◽

pp. 5208

Author(s):

Mohammed Nasser Al-Mhiqani ◽

Rabiah Ahmad ◽

Z. Zainal Abidin ◽

Warusia Yassin ◽

Aslinda Hassan ◽

...

Keyword(s):

Machine Learning ◽

Conceptual Understanding ◽

Machine Learning Techniques ◽

Insider Threat ◽

Threat Detection ◽

Insider Threats ◽

Fast Detection ◽

Detection Systems ◽

Learning Techniques ◽

Security Property

Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.

Download Full-text

BaDS: Blockchain-Based Architecture for Data Sharing with ABS and CP-ABE in IoT

Wireless Communications and Mobile Computing ◽

10.1155/2018/2783658 ◽

2018 ◽

Vol 2018 ◽

pp. 1-9 ◽

Cited By ~ 13

Author(s):

Yunru Zhang ◽

Debiao He ◽

Kim-Kwang Raymond Choo

Keyword(s):

Data Sharing ◽

Consensus Algorithm ◽

Byzantine Fault Tolerance ◽

Tolerance Mechanism ◽

User Privacy ◽

Fine Grained ◽

User Data ◽

Iot Devices ◽

And Storage ◽

Inform Decision Making

Internet of Things (IoT) and cloud computing are increasingly integrated, in the sense that data collected from IoT devices (generally with limited computational and storage resources) are being sent to the cloud for processing, etc., in order to inform decision making and facilitate other operational and business activities. However, the cloud may not be a fully trusted entity, like leaking user data or compromising user privacy. Thus, we propose a privacy-preserving and user-controlled data sharing architecture with fine-grained access control, based on the blockchain model and attribute-based cryptosystem. Also, the consensus algorithm in our system is the Byzantine fault tolerance mechanism, rather than Proof of Work.

Download Full-text