Abstract
Malicious insiders often pose a danger to information security systems, which can be a crucial challenge to tackle. Existing technological solutions attempt to identify potential threats via their anomalous system interactions, however, fully fail to suppress the rise in costly data breaches, initiated by trusted users who exploit their authorised access for unauthorised means. Although alternative proposals incorporate a psychosocial angle by utilising correlations between real-world insider cases and their emotional state, personality type or predispositions, they also pose several limitations. In order to mitigate the challenges, this work builds on such profiling methodologies but directly harnesses language as a behavioural indicator, by applying the Natural Language Processing technique of sentiment analysis. It offers a novel approach to lowering the risk of potential insiders and thus taking advantage of the wealth of discourse made public by social media sites to focus on one trait of the narcissist, lack of empathy, and another with a negative correlation with narcissism and compassion. It demonstrates how the careful choice of social media topics can act as a catalyst for language indicating low levels of empathy and compassion, and facilitating the detection of malicious insiders, via their proven tendency towards narcissism.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Almehmadi, A.: Micromovement behavior as an intention detection measurement for preventing insider threats. IEEE Access 6, 40626–40637 (2018)
Ariani, D.W.: The relationship between employee engagement, organizational citizenship behavior, and counterproductive work behavior. Int. J. Bus. Adm. 4(2), 46 (2013)
Bishop, M., Gates, C.: Defining the insider threat. In: Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead, pp. 1–3 (2008)
CERT: 2010 Cybersecurity Watch Survey: Cybercrime Increasing Faster Than Some Company Defenses (2010). https://resources.sei.cmu.edu/asset_files/News/2010_100_001_53454.pdf
EU-Parliament: Eu guidelines on ethics in artificial intelligence: Context and implementation (2019). https://www.europarl.europa.eu/RegData/etudes/BRIE/2019/640163/EPRS_BRI(2019)640163_EN.pdf
Gallagher, M., Pitropakis, N., Chrysoulas, C., Papadopoulos, P., Mylonas, A., Katsikas, S.: Investigating machine learning attacks on financial time series models. Comput. Secur. 123, 102933 (2022). https://doi.org/10.1016/j.cose.2022.102933, https://www.sciencedirect.com/science/article/pii/S016740482200325X
Goodwin, M., Milazzo, C.: Taking back control? Investigating the role of immigration in the 2016 vote for Brexit. Br. J. Polit. Int. Relat. 19(3), 450–464 (2017)
Greitzer, F.L., Kangas, L.J., Noonan, C.F., Dalton, A.C., Hohimer, R.E.: Identifying at-risk employees: modeling psychosocial precursors of potential insider threats. In: 2012 45th Hawaii International Conference on System Sciences, pp. 2392–2401. IEEE (2012)
Gurucul: 2021 insider threat report (2021). https://gurucul.com/2021-insider-threat-report
Heuer, R.J., Herbig, K.: The insider espionage threat. Res. Mitigat. Insider Threat Inf. Syst. 2 (2001)
Homoliak, I., Toffalini, F., Guarnizo, J., Elovici, Y., Ochoa, M.: Insight into insiders and it: a survey of insider threat taxonomies, analysis, modeling, and countermeasures. ACM Comput. Surv. (CSUR) 52(2), 1–40 (2019)
Iyengar, R., Morrow, A.: Elon musk says twitter deal can’t happen until bot account dispute is resolved (2022). https://edition.cnn.com/2022/05/16/tech/elon-musk-twitter-spam-bots-parag/index.html
Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., Gritzalis, D.: An insider threat prediction model. In: Katsikas, S., Lopez, J., Soriano, M. (eds.) TrustBus 2010. LNCS, vol. 6264, pp. 26–37. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15152-1_3
Kandias, M., Stavrou, V., Bozovic, N., Mitrou, L., Gritzalis, D.: Can we trust this user? Predicting insider’s attitude via YouTube usage profiling. In: 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing, pp. 347–354. IEEE (2013)
Magklaras, G.B., Furnell, S.: Insider threat prediction tool: evaluating the probability of it misuse. Comput. Secur. 21(1), 62–73 (2001)
Nguyen, N., Reiher, P., Kuenning, G.H.: Detecting insider threats by monitoring system call activity. In: 2003 IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, pp. 45–52. IEEE (2003)
NLTK Project: NLTK \({:}{:}\) Natural Language Toolkit (2022). https://www.nltk.org/
Padayachee, K.: A conceptual opportunity-based framework to mitigate the insider threat. In: 2013 Information Security for South Africa, pp. 1–8. IEEE (2013)
Partridge, J., Inman, P.: Hybrid working grew in great Britain even as COVID rules eased, data shows (2022). https://www.theguardian.com/business/2022/may/23/hybrid-working-grew-in-great-britain-even-as-covid-rules-eased-data-shows
Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)
Pfleeger, S.L., Predd, J.B., Hunker, J., Bulford, C.: Insiders behaving badly: addressing bad actors and their actions. IEEE Trans. Inf. Forensics Secur. 5(1), 169–179 (2009)
Pitropakis, N., Kokot, K., Gkatzia, D., Ludwiniak, R., Mylonas, A., Kandias, M.: Monitoring users’ behavior: anti-immigration speech detection on twitter. Mach. Learn. Knowl. Extract. 2(3), 192–215 (2020)
Pitropakis, N., Lambrinoudakis, C., Geneiatakis, D.: Till all are one: towards a unified cloud IDS. In: Fischer-Hübner, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2015. LNCS, vol. 9264, pp. 136–149. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22906-5_11
Ponemon: 2022 cost of insider threats global report (2022). https://static.poder360.com.br/2022/01/pfpt-us-tr-the-cost-of-insider-threats-ponemon-report.pdf
Python Core Team: tkinter - Python interface to TCL/TK. Python Software Foundation (2022). https://wiki.python.org/moin/TkInter
Roesslein, J.: Tweepy: Twitter for python! (2022). https://github.com/tweepy/tweepy
Schultz, E.E.: A framework for understanding and predicting insider attacks. Comput. Secur. 21(6), 526–531 (2002)
Shaw, E.D., Ruby, K.G., Post, J.M.: The insider threat to information systems. Secur. Awareness Bull. 2(98), 1–10 (1998)
Suh, Y.A., Yim, M.S.: “High risk non-initiating insider’’ identification based on EEG analysis for enhancing nuclear security. Ann. Nucl. Energy 113, 308–318 (2018)
Taylor, P.J., et al.: Detecting insider threats through language change. Law Hum Behav. 37(4), 267 (2013)
Yerdon, V.A., Lin, J., Wohleber, R.W., Matthews, G., Reinerman-Jones, L., Hancock, P.: Eye-tracking active indicators of insider threats: detecting illicit activity during normal workflow. IEEE Trans. Eng. Manage. (2021)
Funding
The research leading to these results has been partially supported by the Horizon Europe Project Trust & Privacy Preserving Computing Platform for Cross-Border Federation of Data (TRUSTEE), (GA 101070214). The content of this article does not reflect the official opinion of the European Union. Responsibility for the information and views expressed therein lies entirely with the authors.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kenny, M., Pitropakis, N., Sayeed, S., Chrysoulas, C., Mylonas, A. (2024). Malicious Insider Threat Detection Using Sentiment Analysis of Social Media Topics. In: Pitropakis, N., Katsikas, S., Furnell, S., Markantonakis, K. (eds) ICT Systems Security and Privacy Protection. SEC 2024. IFIP Advances in Information and Communication Technology, vol 710. Springer, Cham. https://doi.org/10.1007/978-3-031-65175-5_19
Download citation
DOI: https://doi.org/10.1007/978-3-031-65175-5_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-65174-8
Online ISBN: 978-3-031-65175-5
eBook Packages: Computer ScienceComputer Science (R0)