Tesleem Fagade
System dynamics approach to malicious insider cyber-threat modelling and analysis
Fagade, Tesleem; Spyridopoulos, Theodoros; Albishry, Nabeel; Tryfonas, Theo
Authors
Theo Spyridopoulos Theo.Spyridopoulos@uwe.ac.uk
Occasional Associate Lecturer - CSCT FET
Nabeel Albishry
Theo Tryfonas
Contributors
Theo Tryfonas
Editor
Abstract
© Springer International Publishing AG 2017. Enforcing cybersecurity controls against malicious insiders touches upon complex issues like people, process and technology. In large and complex systems, addressing the problem of insider cyber threat involves diverse solutions like compliance, technical and procedural controls. This work applies system dynamics modelling to understand the interrelationships between three distinct indicators of a malicious insider, in order to determine the possibility of a security breach through developing trends and patterns. It combines observable behaviour of actors based on the well-established theory of planned behaviour; technical footprints from incident log information and social network profiling of personality traits, based on the ‘big five’ personality model. Finally, it demonstrates how system dynamics as a risk modelling approach can flag early signs of malicious insider threats by aggregating associative properties of different risk elements. Our initial findings suggest that key challenges to combating insider threats are uncertainty, irregular intervals between malicious activities and exclusion of different personality factors in the design of cyber-security protocols. Based on these insights we propose how this knowledge may help with mitigation controls in a secure environment.
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | 19th International Conference on Human-Computer Interaction |
| Start Date | Jul 9, 2017 |
| End Date | Jul 14, 2017 |
| Acceptance Date | Dec 6, 2016 |
| Publication Date | Jan 1, 2017 |
| Deposit Date | Jun 13, 2017 |
| Journal | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
| Print ISSN | 0302-9743 |
| Publisher | Springer Verlag |
| Peer Reviewed | Peer Reviewed |
| Volume | 10292 LNCS |
| Pages | 309-321 |
| Series Title | Lecture Notes in Computer Science |
| DOI | https://doi.org/10.1007/978-3-319-58460-7_21 |
| Keywords | system dynamics, insider cyber-threat |
| Public URL | https://uwe-repository.worktribe.com/output/888322 |
| Publisher URL | https://doi.org/10.1007/978-3-319-58460-7_21 |
| Additional Information | Title of Conference or Conference Proceedings : 19th International Conference on Human-Computer Interaction |
| Contract Date | Jun 13, 2017 |
You might also like
A Game Theoretical Method for Cost-Benefit Analysis of Malware Dissemination Prevention
(2015)
Journal Article
Critical infrastructure cyber-security risk management
(2017)
Book Chapter
Efficient and interpretable real-time malware detection using random-forest
(2019)
Presentation / Conference Contribution
Real-time monitoring of privacy abuses and intrusion detection in android system
(2015)
Presentation / Conference Contribution
Application of a game theoretic approach in smart sensor data trustworthiness problems
(2015)
Presentation / Conference Contribution
Downloadable Citations
About UWE Bristol Research Repository
Administrator e-mail: repository@uwe.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search