Professor Phil Legg Phil.Legg@uwe.ac.uk
Professor in Cyber Security
Towards a conceptual model and reasoning structure for insider threat detection
Legg, Philip; Moffat, Nick; Nurse, Jason; Happa, Jassim; Agrafiotis, Ioannis; Goldsmith, Michael; Creese, Sadie
Authors
Nick Moffat
Jason Nurse
Jassim Happa
Ioannis Agrafiotis
Michael Goldsmith
Sadie Creese
Abstract
The insider threat faced by corporations and governments today is a real and significant problem, and one that has become increasingly difficult to combat as the years have progressed. From a technology standpoint, traditional protective measures such as intrusion detection systems are largely inadequate given the nature of the ‘insider’ and their legitimate access to prized organisational data and assets. As a result, it is necessary to research and develop more sophisticated approaches for the accurate recognition, detection and response to insider threats. One way in which this may be achieved is by understanding the complete picture of why an insider may initiate an attack, and the indicative elements along the attack chain. This includes the use of behavioural and psychological observations about a potential malicious insider in addition to technological monitoring and profiling techniques. In this paper, we propose a framework for modelling the insider-threat problem that goes beyond traditional technological observations and incorporates a more complete view of insider threats, common precursors, and human actions and behaviours. We present a conceptual model for insider threat and a reasoning structure that allows an analyst to make or draw hypotheses regarding a potential insider threat based on measurable states from real-world observations.
Citation
Legg, P., Moffat, N., Nurse, J., Happa, J., Agrafiotis, I., Goldsmith, M., & Creese, S. (2013). Towards a conceptual model and reasoning structure for insider threat detection
Journal Article Type | Article |
---|---|
Publication Date | Dec 1, 2013 |
Deposit Date | Jun 23, 2015 |
Journal | Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications |
Print ISSN | 2093−5382 |
Peer Reviewed | Peer Reviewed |
Volume | 4 |
Issue | 4 |
Pages | 20-37 |
Keywords | insider threat, conceptual model, reasoning structure |
Public URL | https://uwe-repository.worktribe.com/output/925508 |
Publisher URL | http://isyou.info/jowua/abstracts/jowua-v4n4-2.htm |
You might also like
Analyst-driven XAI for time series forecasting: Analytics for telecoms maintenance
(2024)
Conference Proceeding
Improving search space analysis of fuzzing mutators using cryptographic structures
(2023)
Conference Proceeding
Longitudinal risk-based security assessment of docker software container images
(2023)
Journal Article
Teaching offensive and defensive cyber security in schools using a Raspberry Pi Cyber Range
(2023)
Journal Article
Downloadable Citations
About UWE Bristol Research Repository
Administrator e-mail: repository@uwe.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search