Insider Attack Analysis in Building Effective Cyber Security for an Organization

Cyber Law, Privacy, and Security ◽

10.4018/978-1-5225-8897-9.ch070 ◽

2019 ◽

pp. 1408-1425

Author(s):

Sunita Vikrant Dhavale

Keyword(s):

Cyber Security ◽

Cyber Attacks ◽

Recent Survey ◽

Insider Threat ◽

Confidential Information ◽

Insider Threats ◽

Insider Attack ◽

Organizational Information ◽

Future Challenges ◽

Information Assets

Recent studies have shown that, despite being equipped with highly secure technical controls, a broad range of cyber security attacks were carried out successfully on many organizations to reveal confidential information. This shows that the technical advancements of cyber defence controls do not always guarantee organizational security. According to a recent survey carried out by IBM, 55% of these cyber-attacks involved insider threat. Controlling an insider who already has access to the company's highly protected data is a very challenging task. Insider attacks have great potential to severely damage the organization's finances as well as their social credibility. Hence, there is a need for reliable security frameworks that ensure confidentiality, integrity, authenticity, and availability of organizational information assets by including the comprehensive study of employee behaviour. This chapter provides a detailed study of insider behaviours that may hinder organization security. The chapter also analyzes the existing physical, technical, and administrative controls, their objectives, their limitations, insider behaviour analysis, and future challenges in handling insider threats.

Download Full-text

Insider Attack Analysis in Building Effective Cyber Security for an Organization

Advances in Digital Crime, Forensics, and Cyber Terrorism - Psychological and Behavioral Examinations in Cyber Security ◽

10.4018/978-1-5225-4053-3.ch013 ◽

2018 ◽

pp. 222-238

Author(s):

Sunita Vikrant Dhavale

Keyword(s):

Cyber Security ◽

Cyber Attacks ◽

Recent Survey ◽

Insider Threat ◽

Confidential Information ◽

Insider Threats ◽

Insider Attack ◽

Organizational Information ◽

Future Challenges ◽

Information Assets

Download Full-text

An Insider Data Leakage Detection Using One-Hot Encoding, Synthetic Minority Oversampling and Machine Learning Techniques

Entropy ◽

10.3390/e23101258 ◽

2021 ◽

Vol 23 (10) ◽

pp. 1258

Author(s):

Taher Al-Shehari ◽

Rakan A. Alsowail

Keyword(s):

Machine Learning ◽

Detection System ◽

Machine Learning Algorithms ◽

Machine Learning Techniques ◽

Sensitive Period ◽

Insider Threat ◽

Leakage Detection ◽

Insider Threats ◽

Insider Attack ◽

Proposed Model

Insider threats are malicious acts that can be carried out by an authorized employee within an organization. Insider threats represent a major cybersecurity challenge for private and public organizations, as an insider attack can cause extensive damage to organization assets much more than external attacks. Most existing approaches in the field of insider threat focused on detecting general insider attack scenarios. However, insider attacks can be carried out in different ways, and the most dangerous one is a data leakage attack that can be executed by a malicious insider before his/her leaving an organization. This paper proposes a machine learning-based model for detecting such serious insider threat incidents. The proposed model addresses the possible bias of detection results that can occur due to an inappropriate encoding process by employing the feature scaling and one-hot encoding techniques. Furthermore, the imbalance issue of the utilized dataset is also addressed utilizing the synthetic minority oversampling technique (SMOTE). Well known machine learning algorithms are employed to detect the most accurate classifier that can detect data leakage events executed by malicious insiders during the sensitive period before they leave an organization. We provide a proof of concept for our model by applying it on CMU-CERT Insider Threat Dataset and comparing its performance with the ground truth. The experimental results show that our model detects insider data leakage events with an AUC-ROC value of 0.99, outperforming the existing approaches that are validated on the same dataset. The proposed model provides effective methods to address possible bias and class imbalance issues for the aim of devising an effective insider data leakage detection system.

Download Full-text

Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses

Electronics ◽

10.3390/electronics9091460 ◽

2020 ◽

Vol 9 (9) ◽

pp. 1460

Author(s):

Neetesh Saxena ◽

Emma Hayes ◽

Elisa Bertino ◽

Patrick Ojo ◽

Kim-Kwang Raymond Choo ◽

...

Keyword(s):

Cyber Security ◽

Critical Infrastructure ◽

Mitigation Strategies ◽

Security Requirements ◽

Future Research ◽

Insider Threat ◽

Open Problems ◽

Insider Threats ◽

Private Sector Organizations ◽

Public And Private Sector

The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed.

Download Full-text

Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats

Sensors ◽

10.3390/s20185297 ◽

2020 ◽

Vol 20 (18) ◽

pp. 5297

Author(s):

Teng Hu ◽

Bangzhou Xin ◽

Xiaolei Liu ◽

Ting Chen ◽

Kangyi Ding ◽

...

Keyword(s):

Data Storage ◽

Differential Privacy ◽

Information Leakage ◽

Consensus Algorithm ◽

Insider Threat ◽

User Privacy ◽

Insider Threats ◽

Traceability System ◽

Insider Attack ◽

Internal Network

The insider threats have always been one of the most severe challenges to cybersecurity. It can lead to the destruction of the organisation’s internal network system and information leakage, which seriously threaten the confidentiality, integrity and availability of data. To make matters worse, since the attacker has authorized access to the internal network, they can launch the attack from the inside and erase their attack trace, which makes it challenging to track and forensics. A blockchain traceability system for insider threats is proposed in this paper to mitigate the issue. First, this paper constructs an insider threat model of the internal network from a different perspective: insider attack forensics and prevent insider attacker from escaping. Then, we analyze why it is difficult to track attackers and obtain evidence when an insider threat has occurred. After that, the blockchain traceability system is designed in terms of data structure, transaction structure, block structure, consensus algorithm, data storage algorithm, and query algorithm, while using differential privacy to protect user privacy. We deployed this blockchain traceability system and conducted experiments, and the results show that it can achieve the goal of mitigating insider threats.

Download Full-text

Recommender System for Geo-Social Access Control Framework

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.b1013.1292s19 ◽

2019 ◽

Vol 9 (2S) ◽

pp. 685-690

Keyword(s):

Access Control ◽

Cyber Security ◽

Insider Threat ◽

Worst Case ◽

Malicious Attack ◽

Insider Attack ◽

Access Control Models ◽

Control Models ◽

Different Types ◽

Regular Work

A malicious attack or threat can happen within any organization, from their own employees, administrators, contractors or former employees, who pose the important resources of a company such as database, physical laboratories and financial resources. In an organization insider attacks are most common as well as most costly affair. According to United States cyber security 2018 statistics, insider threat holds the risk of 74% out of surveyed organizations. The insider threat has caused immense loss to data as well as monetary assets. Among the surveyed organization by US cyber securities, 53% of organization claimed their remediation cost was around $ 100000 and in 2018 the number raised to 66%. Higher number of organization claimed insider attackers were most costly attacks in comparison with external attacks. Some of the probable reasons, why it is difficult to stop an insider attack are, firstly insider threat may be unintentional and all of sudden. Second is distinguishing regular work by employee and malicious work is difficult. Third is most of the insider attackers are technologically sound to mask their intentional activities or easily erase the intentional activity signs from the system before anyone observes it. Lastly and the worst case is employees simply say their intentional act was by mistake and escape from scenario. To avoid such malicious insider attacks lots of research is done on access control. Access control is a method or technique to control the access of an insider to the organizations valuable resources. There are different types of access control models, having their own access control policies and criteria to grant the authority, to have an access to specific resources of an organization. In this paper we discuss the different types of technical access control models that have been developed with certain parameters and their advantages and limitations.

Download Full-text

Distance Measurement Methods for Improved Insider Threat Detection

Security and Communication Networks ◽

10.1155/2018/5906368 ◽

2018 ◽

Vol 2018 ◽

pp. 1-18 ◽

Cited By ~ 14

Author(s):

Owen Lo ◽

William J. Buchanan ◽

Paul Griffiths ◽

Richard Macfarlane

Keyword(s):

Cyber Security ◽

Insider Threat ◽

Levenshtein Distance ◽

Threat Detection ◽

Data Set ◽

Insider Threats ◽

Signature Detection ◽

Considerable Problem ◽

Cosine Distance ◽

Markov Method

Insider threats are a considerable problem within cyber security and it is often difficult to detect these threats using signature detection. Increasing machine learning can provide a solution, but these methods often fail to take into account changes of behaviour of users. This work builds on a published method of detecting insider threats and applies Hidden Markov method on a CERT data set (CERT r4.2) and analyses a number of distance vector methods (Damerau–Levenshtein Distance, Cosine Distance, and Jaccard Distance) in order to detect changes of behaviour, which are shown to have success in determining different insider threats.

Download Full-text

INSIDER THREAT MANAGEMENT AS AN ELEMENT OF THE CORPORATE ECONOMIC SECURITY

Financial and credit activity problems of theory and practice ◽

10.18371/fcaptp.v1i36.227690 ◽

2021 ◽

Vol 1 (36) ◽

pp. 149-158

Author(s):

D. Zatonatskiy ◽

V. Marhasova ◽

N. Korogod

Keyword(s):

Personal Information ◽

Information Leakage ◽

Economic Security ◽

High Tech ◽

Insider Threat ◽

Insider Threats ◽

External Threats ◽

Insider Attack ◽

Medical Institutions ◽

Threat Management

This paper considers the insider threats in the companies from different sectors and various methods of their assessment. The problem of information leakage is becoming increasingly important for companies in all areas of economic activity. The problem of insider threats is becoming increasingly important, as the company may incur losses not only due to the leakage of information about its inventions, but also through lawsuits in case of theft of personal information of the customers, contractors and more. This means that in order to gain access to the international markets, Ukrainian companies must have an appropriate level of protection not only of the company’s confidential information, but also of the data on customers, contractors, etc. The objective of the article is to analyze the existing methodological approaches to the assessment of insider threats in the enterprise as a component of personnel and economic security. We came to the conclusion that different industries have different vulnerabilities to insider threats and different approaches to insider threat management. It was determined that information leaks are a serious threat to the company’s economic and personnel security. It was discovered that firms have achieved significant improvements and developed effective procedures for counteracting external threats, however, protection against insider attacks remains rather low. In the course of the research, the concept of an insider attacker was defined, the types of insider threats were established, and the main actions of the personnel prior to the insider attack were outlined. It was proved that the degree of insider threat is determined by the type of activity of the company and the liquidity of information that may be leaked. Most leaks are observed in high-tech companies and medical institutions, while the most liquid is the information of banks, financial institutions, industrial and commercial companies.

Download Full-text

Design of a dynamic and self-adapting system, supported with artificial intelligence, machine learning and real-time intelligence for predictive cyber risk analytics in extreme environments – cyber risk in the colonisation of Mars

Safety in Extreme Environments ◽

10.1007/s42797-021-00025-1 ◽

2021 ◽

Author(s):

Petar Radanliev ◽

David De Roure ◽

Kevin Page ◽

Max Van Kleek ◽

Omar Santos ◽

...

Keyword(s):

Artificial Intelligence ◽

Machine Learning ◽

Real Time ◽

Cyber Security ◽

Extreme Environments ◽

Learning Technologies ◽

Cyber Attacks ◽

Edge Computing ◽

Mathematical Formulas ◽

Cyber Risk

AbstractMultiple governmental agencies and private organisations have made commitments for the colonisation of Mars. Such colonisation requires complex systems and infrastructure that could be very costly to repair or replace in cases of cyber-attacks. This paper surveys deep learning algorithms, IoT cyber security and risk models, and established mathematical formulas to identify the best approach for developing a dynamic and self-adapting system for predictive cyber risk analytics supported with Artificial Intelligence and Machine Learning and real-time intelligence in edge computing. The paper presents a new mathematical approach for integrating concepts for cognition engine design, edge computing and Artificial Intelligence and Machine Learning to automate anomaly detection. This engine instigates a step change by applying Artificial Intelligence and Machine Learning embedded at the edge of IoT networks, to deliver safe and functional real-time intelligence for predictive cyber risk analytics. This will enhance capacities for risk analytics and assists in the creation of a comprehensive and systematic understanding of the opportunities and threats that arise when edge computing nodes are deployed, and when Artificial Intelligence and Machine Learning technologies are migrated to the periphery of the internet and into local IoT networks.

Download Full-text

Cybersecurity Teamwork: A Review of Current Practices and Suggested Improvements

Proceedings of the Human Factors and Ergonomics Society Annual Meeting ◽

10.1177/1071181320641101 ◽

2020 ◽

Vol 64 (1) ◽

pp. 451-455

Author(s):

Richard J. Simonson ◽

Joseph R. Keebler ◽

Mathew Lessmiller ◽

Tyson Richards ◽

John C. Lee

Keyword(s):

Cyber Security ◽

Cyber Attacks ◽

Team Science ◽

The Past ◽

Insight Into ◽

Current Practices

As cyber-attacks and their subsequent responses have become more frequent and complex over the past decade, research into the performance and effectiveness of cybersecurity teams has gained an immense amount of traction. However, investigation of teamwork in this domain is lacking due to the exclusion of known team competencies and a lack of reliance on team science. This paper serves to provide insight into the benefit that can be gained from utilizing the extant teamwork literature to improve teams’ research and applications in the domain of cyber-security.

Download Full-text

A Multi-Tiered Framework for Insider Threat Prevention

Electronics ◽

10.3390/electronics10091005 ◽

2021 ◽

Vol 10 (9) ◽

pp. 1005

Author(s):

Rakan A. Alsowail ◽

Taher Al-Shehari

Keyword(s):

Real World ◽

Relevant Literature ◽

Security And Privacy ◽

Insider Threat ◽

Unified Framework ◽

Insider Threats ◽

Public And Private ◽

Private Organizations ◽

Confidential Data ◽

Real Value

As technologies are rapidly evolving and becoming a crucial part of our lives, security and privacy issues have been increasing significantly. Public and private organizations have highly confidential data, such as bank accounts, military and business secrets, etc. Currently, the competition between organizations is significantly higher than before, which triggers sensitive organizations to spend an excessive volume of their budget to keep their assets secured from potential threats. Insider threats are more dangerous than external ones, as insiders have a legitimate access to their organization’s assets. Thus, previous approaches focused on some individual factors to address insider threat problems (e.g., technical profiling), but a broader integrative perspective is needed. In this paper, we propose a unified framework that incorporates various factors of the insider threat context (technical, psychological, behavioral and cognitive). The framework is based on a multi-tiered approach that encompasses pre, in and post-countermeasures to address insider threats in an all-encompassing perspective. It considers multiple factors that surround the lifespan of insiders’ employment, from the pre-joining of insiders to an organization until after they leave. The framework is utilized on real-world insider threat cases. It is also compared with previous work to highlight how our framework extends and complements the existing frameworks. The real value of our framework is that it brings together the various aspects of insider threat problems based on real-world cases and relevant literature. This can therefore act as a platform for general understanding of insider threat problems, and pave the way to model a holistic insider threat prevention system.

Download Full-text