Modeling human behavior to anticipate insider attacks via system dynamics
Article No.: 3, Pages 1 - 6
Abstract
The problem of insider threats to computer networks overseen by the company's Information Technologies (IT) department is complex and involves many variables; the most complex variable presented is human behavior. In an operational context many fields of study come into play, the security analyst's job is to interpret the data and draw conclusions of a possible malicious threat. Patterns are to be perceived and recognized within the relevant data. Forensic software and a number of other analyst tools are used to determine suspicious activities within and outside the network. After suspicious activities are revealed alerts must be sent out to induce action to prevent attacks. The goal of this paper is to predict an inside attack derived from behavioral, computer and psycho-social risk factors by using the System Dynamics methodology and its relation to solving the problem. A stock-flow diagram is used with Vensim to model the system. The model represents probabilistic human behavior of the attacker and deterministic behavior of the system.
References
[1]
P. A. Legg, N. Moffat, J. R. Nurse, J. Happa, I. Agrafiotis, M. Goldsmith and S. Creese, "Towards a Conceptual Model and Reasoning Structure for Insider Threat Detection," JoWUA, vol. 4, no. 4, pp. 20--37, 2013.
[2]
C. Magazine, "E-Crime Watch Survey," 2004.
[3]
F. L. Greitzer, A. P. Moore, D. M. Cappelli, D. H. Andrews, L. A. Carroll and T. D. Hull, "Combating the insider cyber threat," Security and Privacy, IEEE, vol. 6, no. 1, pp. 61--64, 2008.
[4]
F. L. Greitzer and D. A. Frincke, "Combining traditional cyber security audit data with psychosocial data: towards predictive modeling for insider threat mitigation," Springer, pp. 85--113, 2010.
[5]
F. L. Greitzer and R. E. Hohimer, "Modeling human behavior to anticipate insider attacks," Journal of Strategic Security, vol. 4, no. 2, p. 25, 2011.
[6]
J. R. Nurse, O. Buckley, P. A. Legg, M. Goldsmith, S. Creese, G. R. Wright and M. Whitty, "Understanding insider threat: A framework for characterising attacks," Security and Privacy Workshops (SPW), 2014 IEEE, pp. 214--228, 2014.
[7]
S. M. Furnell, N. Clarke, E. D. Frangopoulos, M. M. Eloff and L. M. Venter, "Psychosocial risks: Can their effects on the security of information systems really be ignored?," Information Management and Computer Security, vol. 21, no. 1, pp. 53--65, 2013.
[8]
M. R. Randazzo, M. Keeney, E. Kowalski, D. Cappelli and A. Moore, "Insider threat study: Illicit cyber activity in the banking and finance sector," CERT Coordination Center, Software Engineering Institute, Carnegie Mellon University (PA, USA), 2005.
[9]
W. Baker, A. Hylender, C. D. Pamula, J. Porter and C. Spitler, "2011 data breach investigations report," Verizon RISK Team, Available: www.verizonbusiness.com/resources/reports/rp\_databreach-investigationsreport-2011\_en\_xg.pdf, pp. 1--72, 2011.
[10]
F. L. Greitzer, L. J. Kangas, C. F. Noonan, A. C. Dalton and R. E. Hohimer, "Identifying at-risk employees: Modeling psychosocial precursors of potential insider threats," System Science (HICSS), 2012 45th Hawaii International Conference on, pp. 2392--2401, 2012.
[11]
P. Vensim, "Ventana Systems, Inc.," 2010.
Index Terms
- Modeling human behavior to anticipate insider attacks via system dynamics
Recommendations
Characterizing Social Insider Attacks on Facebook
CHI '17: Proceedings of the 2017 CHI Conference on Human Factors in Computing SystemsFacebook accounts are secured against unauthorized access through passwords and device-level security. Those defenses, however, may not be sufficient to prevent social insider attacks, where attackers know their victims, and gain access to a victim's ...
System Dynamics Approach to Malicious Insider Cyber-Threat Modelling and Analysis
Human Aspects of Information Security, Privacy and TrustAbstractEnforcing cybersecurity controls against malicious insiders touches upon complex issues like people, process and technology. In large and complex systems, addressing the problem of insider cyber threat involves diverse solutions like compliance, ...
Enhancing challenge-based collaborative intrusion detection networks against insider attacks using blockchain
AbstractDue to the rapid growth of computer networks, intrusions have become more complicated and devastating. As an important solution, collaborative intrusion detection networks or systems (CIDNs or CIDSs) are considered and adopted by many ...
Comments
Information & Contributors
Information
Published In
April 2016
229 pages
ISBN:9781510823211
- Conference Chairs:
- Fernando Barros,
- Herbert Prähofer,
- Program Chairs:
- Xiaolin Hu,
- Joachim Denil
Publisher
Society for Computer Simulation International
San Diego, CA, United States
Publication History
Published: 03 April 2016
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 115Total Downloads
- Downloads (Last 12 months)19
- Downloads (Last 6 weeks)4
Reflects downloads up to 01 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in