Skip to main content

Malicious Insider Threat Detection Using Sentiment Analysis of Social Media Topics

  • Conference paper
  • First Online:
ICT Systems Security and Privacy Protection (SEC 2024)

Abstract

Malicious insiders often pose a danger to information security systems, which can be a crucial challenge to tackle. Existing technological solutions attempt to identify potential threats via their anomalous system interactions, however, fully fail to suppress the rise in costly data breaches, initiated by trusted users who exploit their authorised access for unauthorised means. Although alternative proposals incorporate a psychosocial angle by utilising correlations between real-world insider cases and their emotional state, personality type or predispositions, they also pose several limitations. In order to mitigate the challenges, this work builds on such profiling methodologies but directly harnesses language as a behavioural indicator, by applying the Natural Language Processing technique of sentiment analysis. It offers a novel approach to lowering the risk of potential insiders and thus taking advantage of the wealth of discourse made public by social media sites to focus on one trait of the narcissist, lack of empathy, and another with a negative correlation with narcissism and compassion. It demonstrates how the careful choice of social media topics can act as a catalyst for language indicating low levels of empathy and compassion, and facilitating the detection of malicious insiders, via their proven tendency towards narcissism.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Almehmadi, A.: Micromovement behavior as an intention detection measurement for preventing insider threats. IEEE Access 6, 40626–40637 (2018)

    Article  Google Scholar 

  2. Ariani, D.W.: The relationship between employee engagement, organizational citizenship behavior, and counterproductive work behavior. Int. J. Bus. Adm. 4(2), 46 (2013)

    Google Scholar 

  3. Bishop, M., Gates, C.: Defining the insider threat. In: Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research: Developing Strategies to Meet the Cyber Security and Information Intelligence Challenges Ahead, pp. 1–3 (2008)

    Google Scholar 

  4. CERT: 2010 Cybersecurity Watch Survey: Cybercrime Increasing Faster Than Some Company Defenses (2010). https://resources.sei.cmu.edu/asset_files/News/2010_100_001_53454.pdf

  5. EU-Parliament: Eu guidelines on ethics in artificial intelligence: Context and implementation (2019). https://www.europarl.europa.eu/RegData/etudes/BRIE/2019/640163/EPRS_BRI(2019)640163_EN.pdf

  6. Gallagher, M., Pitropakis, N., Chrysoulas, C., Papadopoulos, P., Mylonas, A., Katsikas, S.: Investigating machine learning attacks on financial time series models. Comput. Secur. 123, 102933 (2022). https://doi.org/10.1016/j.cose.2022.102933, https://www.sciencedirect.com/science/article/pii/S016740482200325X

  7. Goodwin, M., Milazzo, C.: Taking back control? Investigating the role of immigration in the 2016 vote for Brexit. Br. J. Polit. Int. Relat. 19(3), 450–464 (2017)

    Article  Google Scholar 

  8. Greitzer, F.L., Kangas, L.J., Noonan, C.F., Dalton, A.C., Hohimer, R.E.: Identifying at-risk employees: modeling psychosocial precursors of potential insider threats. In: 2012 45th Hawaii International Conference on System Sciences, pp. 2392–2401. IEEE (2012)

    Google Scholar 

  9. Gurucul: 2021 insider threat report (2021). https://gurucul.com/2021-insider-threat-report

  10. Heuer, R.J., Herbig, K.: The insider espionage threat. Res. Mitigat. Insider Threat Inf. Syst. 2 (2001)

    Google Scholar 

  11. Homoliak, I., Toffalini, F., Guarnizo, J., Elovici, Y., Ochoa, M.: Insight into insiders and it: a survey of insider threat taxonomies, analysis, modeling, and countermeasures. ACM Comput. Surv. (CSUR) 52(2), 1–40 (2019)

    Article  Google Scholar 

  12. Iyengar, R., Morrow, A.: Elon musk says twitter deal can’t happen until bot account dispute is resolved (2022). https://edition.cnn.com/2022/05/16/tech/elon-musk-twitter-spam-bots-parag/index.html

  13. Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., Gritzalis, D.: An insider threat prediction model. In: Katsikas, S., Lopez, J., Soriano, M. (eds.) TrustBus 2010. LNCS, vol. 6264, pp. 26–37. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15152-1_3

    Chapter  Google Scholar 

  14. Kandias, M., Stavrou, V., Bozovic, N., Mitrou, L., Gritzalis, D.: Can we trust this user? Predicting insider’s attitude via YouTube usage profiling. In: 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing, pp. 347–354. IEEE (2013)

    Google Scholar 

  15. Magklaras, G.B., Furnell, S.: Insider threat prediction tool: evaluating the probability of it misuse. Comput. Secur. 21(1), 62–73 (2001)

    Article  Google Scholar 

  16. Nguyen, N., Reiher, P., Kuenning, G.H.: Detecting insider threats by monitoring system call activity. In: 2003 IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, pp. 45–52. IEEE (2003)

    Google Scholar 

  17. NLTK Project: NLTK \({:}{:}\) Natural Language Toolkit (2022). https://www.nltk.org/

  18. Padayachee, K.: A conceptual opportunity-based framework to mitigate the insider threat. In: 2013 Information Security for South Africa, pp. 1–8. IEEE (2013)

    Google Scholar 

  19. Partridge, J., Inman, P.: Hybrid working grew in great Britain even as COVID rules eased, data shows (2022). https://www.theguardian.com/business/2022/may/23/hybrid-working-grew-in-great-britain-even-as-covid-rules-eased-data-shows

  20. Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    Google Scholar 

  21. Pfleeger, S.L., Predd, J.B., Hunker, J., Bulford, C.: Insiders behaving badly: addressing bad actors and their actions. IEEE Trans. Inf. Forensics Secur. 5(1), 169–179 (2009)

    Article  Google Scholar 

  22. Pitropakis, N., Kokot, K., Gkatzia, D., Ludwiniak, R., Mylonas, A., Kandias, M.: Monitoring users’ behavior: anti-immigration speech detection on twitter. Mach. Learn. Knowl. Extract. 2(3), 192–215 (2020)

    Article  Google Scholar 

  23. Pitropakis, N., Lambrinoudakis, C., Geneiatakis, D.: Till all are one: towards a unified cloud IDS. In: Fischer-Hübner, S., Lambrinoudakis, C., Lopez, J. (eds.) TrustBus 2015. LNCS, vol. 9264, pp. 136–149. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22906-5_11

    Chapter  Google Scholar 

  24. Ponemon: 2022 cost of insider threats global report (2022). https://static.poder360.com.br/2022/01/pfpt-us-tr-the-cost-of-insider-threats-ponemon-report.pdf

  25. Python Core Team: tkinter - Python interface to TCL/TK. Python Software Foundation (2022). https://wiki.python.org/moin/TkInter

  26. Roesslein, J.: Tweepy: Twitter for python! (2022). https://github.com/tweepy/tweepy

  27. Schultz, E.E.: A framework for understanding and predicting insider attacks. Comput. Secur. 21(6), 526–531 (2002)

    Article  Google Scholar 

  28. Shaw, E.D., Ruby, K.G., Post, J.M.: The insider threat to information systems. Secur. Awareness Bull. 2(98), 1–10 (1998)

    Google Scholar 

  29. Suh, Y.A., Yim, M.S.: “High risk non-initiating insider’’ identification based on EEG analysis for enhancing nuclear security. Ann. Nucl. Energy 113, 308–318 (2018)

    Article  Google Scholar 

  30. Taylor, P.J., et al.: Detecting insider threats through language change. Law Hum Behav. 37(4), 267 (2013)

    Article  Google Scholar 

  31. Yerdon, V.A., Lin, J., Wohleber, R.W., Matthews, G., Reinerman-Jones, L., Hancock, P.: Eye-tracking active indicators of insider threats: detecting illicit activity during normal workflow. IEEE Trans. Eng. Manage. (2021)

    Google Scholar 

Download references

Funding

The research leading to these results has been partially supported by the Horizon Europe Project Trust & Privacy Preserving Computing Platform for Cross-Border Federation of Data (TRUSTEE), (GA 101070214). The content of this article does not reflect the official opinion of the European Union. Responsibility for the information and views expressed therein lies entirely with the authors.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Sarwar Sayeed .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2024 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kenny, M., Pitropakis, N., Sayeed, S., Chrysoulas, C., Mylonas, A. (2024). Malicious Insider Threat Detection Using Sentiment Analysis of Social Media Topics. In: Pitropakis, N., Katsikas, S., Furnell, S., Markantonakis, K. (eds) ICT Systems Security and Privacy Protection. SEC 2024. IFIP Advances in Information and Communication Technology, vol 710. Springer, Cham. https://doi.org/10.1007/978-3-031-65175-5_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-65175-5_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-65174-8

  • Online ISBN: 978-3-031-65175-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics