Skip to main content
SpringerLink
Log in

Insiders Trapped in the Mirror Reveal Themselves in Social Media

  • Conference paper
Book cover Network and System Security (NSS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7873))

Included in the following conference series:

Abstract

Social media have widened society’s opportunities for communication, while they offer ways to perform employees’ screening and profiling. Our goal in this paper is to develop an insider threat prediction method by (e)valuating a users’ personality trait of narcissism, which is deemed to be closely connected to the manifestation of malevolent insiders. We utilize graph theory tools in order to detect influence of and usage deviation. Then, we categorize the users according to a proposed taxonomy. Thus we detect individuals with narcissistic characteristics and manage to test groups of people under the prism of group homogeneity. Furthermore, we compare and classify users to larger sub-communities consisting of people of the same profession. The analysis is based on an extensive crawling of Greek users of Twitter. As the application of this method may lead to infringement of privacy rights, its use should be reserved for exceptional cases, such as the selection of security officers or of critical infrastructures decision-making staff.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CSO magazine in cooperation with the U.S. Secret Services, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte: Cybersecurity watch survey: Cybercrime increasing faster than computes and defenses (2010), http://www.cert.org/blogs/insider_threat/2010/10/interesting_insider_threat_statistics.html

  2. Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E.: The insider threat to information systems and the effectiveness of ISO17799. Computers & Security 24(6), 472–484 (2005)

    Article  Google Scholar 

  3. Theoharidou, M., Gritzalis, D.: A Common Body of Knowledge for Information Security. IEEE Security & Privacy 4(2), 64–67 (2007)

    Article  Google Scholar 

  4. Liu, A., Martin, C., Hetherington, T., Matzner, S.: A comparison of system call feature representations for insider threat detection. In: Proceedings from the 6th Annual IEEE SMC Information Assurance Workshop, IAW 2005, pp. 340–347. IEEE (June 2005)

    Google Scholar 

  5. Kalutarage, H., Shaikh, S., Qin Zhou, A., James, A.: Sensing for suspicion at scale: A Bayesian approach for cyber conflict attribution and reasoning. In: 4th International Conference on Cyber Conflict (CYCON), pp. 1–19. IEEE (June 2012)

    Google Scholar 

  6. Magklaras, G., Furnell, S., Papadaki, M.: LUARM: An audit engine for insider misuse detection. International Journal of Digital Crime and Forensics (IJDCF) 3(3), 37–49 (2011)

    Article  Google Scholar 

  7. Spitzner, L.: Honeypots: Catching the insider threat. In: Proceedings of 19th Annual Computer Security Applications Conference, pp. 170–179. IEEE (December 2003)

    Google Scholar 

  8. Bowen, B.M., Ben Salem, M., Hershkop, S., Keromytis, A., Stolfo, S.J.: Designing host and network sensors to mitigate the insider threat. IEEE Security & Privacy 7(6), 22–29 (2009)

    Article  Google Scholar 

  9. Magklaras, G.B., Furnell, S.M.: Insider threat prediction tool: Evaluating the probability of IT misuse. Computers & Security 21(1), 62–73 (2001)

    Article  Google Scholar 

  10. Magklaras, G., Furnell, S., Brooke, P.: Towards an insider threat prediction specification language. Information Management & Computer Security 14(4), 361–381 (2006)

    Article  Google Scholar 

  11. Yaseen, Q., Panda, B.: Knowledge acquisition and insider threat prediction in relational database systems. In: International Conference on Computational Science and Engineering (CSE), pp. 450–455. IEEE (August 2009)

    Google Scholar 

  12. Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., Gritzalis, D.: An insider threat prediction model. In: Katsikas, S., Lopez, J., Soriano, M. (eds.) TrustBus 2010. LNCS, vol. 6264, pp. 26–37. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  13. Greitzer, F., Kangas, L., Noonan, C., Dalton, A., Hohimer, R.: Identifying At-Risk Employees: Modeling Psychosocial Precursors of Potential Insider Threats. In: 45th Hawaii International Conference on System Science (HICSS), pp. 2392–2401. IEEE (January 2012)

    Google Scholar 

  14. Brdiczka, O., Liu, J., Price, B., Shen, J., Patil, A., Chow, R., Ducheneaut, N.: Proactive Insider Threat Detection through Graph Learning and Psychological Context. In: IEEE Symposium on Security and Privacy Workshops (SPW), pp. 142–149. IEEE (May 2012)

    Google Scholar 

  15. Chen, Y., Nyemba, S., Zhang, W., Malin, B.: Leveraging social networks to detect anomalous insider actions in collaborative environments. In: IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 119–124. IEEE (July 2011)

    Google Scholar 

  16. Skues, J., Williams, B., Wise, L.: The effects of personality traits, self-esteem, loneliness, and narcissism on Facebook use among university students. Computers in Human Behavior (2012)

    Google Scholar 

  17. Buffardi, L., Campbell, W.: Narcissism and social networking web sites. Personality and Social Psychology Bulletin 34(10), 1303–1314 (2008)

    Article  Google Scholar 

  18. Mehdizadeh, S.: Self-presentation 2.0: Narcissism and self-esteem on Facebook. In: Cyberpsychology Behavior Society Network, pp. 357–364 (2010)

    Google Scholar 

  19. Butts, J., Mills, R., Peterson, G.: A multidiscipline approach to mitigating the insider threat. In: International Conference on Information Warfare and Security, ICIW (March 2006)

    Google Scholar 

  20. Shaw, E., Ruby, K., Post, J.: The insider threat to information systems: The psychology of the dangerous insider. Security Awareness Bulletin 2(98), 1–10 (1998)

    Google Scholar 

  21. U.S. Department of Justice, Federal Bureau of Investigation: The insider threat, an introduction to detecting and deterring insider spy (2012), http://www.fbi.gov/about-us/investigate/counterintelligence/the-insider-threat

  22. Mislove, A., Marcon, M., Gummadi, K.P., Druschel, P., Bhattacharjee, B.: Measurement and analysis of online social networks. In: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, pp. 29–42. ACM (October 2007)

    Google Scholar 

  23. Travers, J., Milgram, S.: An experimental study of the small world problem. In: Sociometry, pp. 425–443 (1969)

    Google Scholar 

  24. Cha, M., Haddadi, H., Benevenuto, F., Gummadi, K.: Measuring user influence in Twitter: The million follower fallacy. In: 4th International AAAI Conference on Weblogs and Social Media (ICWSM), vol. 14(1), p. 8 (May 2010)

    Google Scholar 

  25. Quercia, D., Ellis, J., Capra, L., Crowcroft, J.: In the mood for being influential on twitter. In: Privacy, Security, Risk and Trust, IEEE 3rd International Conference on Social Computing (SOCIALCOM), pp. 307–314. IEEE (October 2011)

    Google Scholar 

  26. Watts, D., Strogatz, S.: The small world problem. In: Collective Dynamics of Small-World Networks, pp. 440–442 (1998)

    Google Scholar 

  27. Costa, L., Rodrigues, F., Travieso, G., Boas, P.: Characterization of complex networks: A survey of measurements. Advances in Physics 56(1), 167–242 (2007)

    Article  Google Scholar 

  28. Barabasi, A.: The origin of bursts and heavy tails in human dynamics. Nature 435(7039), 207–211 (2005)

    Article  Google Scholar 

  29. Ross, C., Orr, E., Sisic, M., Arseneault, J., Simmering, M., Orr, R.: Personality and motivations associated with Facebook use. Computers in Human Behavior 25, 578–586 (2009)

    Article  Google Scholar 

  30. Amichai-Hamburger, Y., Vinitzky, G.: Social network use and personality. Computers in Human Behavior 26, 1289–1295 (2010)

    Article  Google Scholar 

  31. Shaw, E., Fischer, L.: Ten tales of betrayal: The threat to corporate infrastructure by information technology insiders analysis and observations. Defense Personnel Security Research Center, USA (2005)

    Google Scholar 

  32. Shaw, E.: The role of behavioral research and profiling in malicious cyber insider investigations. Digital Investigation 3(1), 20–31 (2006)

    Article  Google Scholar 

  33. Frank, L., Hohimer, R.: Modeling human behavior to anticipate insider attacks. Journal of Strategic Security 4(2), 3 (2011)

    Google Scholar 

  34. International Working Group on Data Protection in Telecoms: Report and guidance on privacy in social network services. Rome Memorandum. 43rd Meeting, Rome, Italy (March 2008)

    Google Scholar 

  35. Mitrou, L., Karyda, M.: Employees’ privacy vs. employers’ security: Can they be balanced? Telematics and Informatics 23(3), 164–178 (2006)

    Article  Google Scholar 

  36. Fazekas, C.: 1984 is Still Fiction: Electronic Monitoring in the Workplace and US Privacy Law. Duke Law & Technology Review, 15 (2004)

    Google Scholar 

  37. Broughton, A., Higgins, T., Hicks, B., Cox, A.: Workplaces and Social Networking - The Implications for Employment Relations. Institute for Employment Studies, Brighton (2009)

    Google Scholar 

  38. Abril-Sánchez, P., Levin, A., Del Riego, A.: Blurred Boundaries: Social Media Privacy and the 21st Century Employee. American Business Law Journal 49(1), 63–124 (2012)

    Article  Google Scholar 

  39. Castells, M.: Communication Power. Oxford University Press (2009)

    Google Scholar 

  40. Dumortier, F.: Facebook and Risks of “De-contextualization” of Information. In: Gutwirth, S., et al. (eds.) Data Protection in a Profiled World, pp. 119–137 (2010)

    Google Scholar 

  41. Nissenbaum, H.: Privacy as Contextual Integrity. Washington Law Review 79, 119–157 (2004)

    Google Scholar 

  42. Davison, K., Maraist, C., Hamilton, R., Bing, M.: To Screen or Not to Screen? Using the Internet for Selection Decisions. Employ Response Rights 24, 1–21 (2012)

    Article  Google Scholar 

  43. Smith, W., Kidder, D.: You’ve been tagged (Then again, maybe not): Employers and Facebook. Business Horizons 53, 491–499 (2010)

    Article  Google Scholar 

  44. Slovensky, R., Ross, W.: Should human resource managers use social media to screen job applicants? Managerial and Legal Issues in the USA 14(1), 55–69 (2012)

    Google Scholar 

  45. Simitis, S.: Reconsidering the premises of labour law: Prolegomena to an EU regulation on the protection of employees’ personal data. European Law Journal 5, 45–62 (1999)

    Article  Google Scholar 

  46. Lasprogata, G., King, N., Pillay, S.: Regulation of electronic employee monitoring: Identifying fundamental principles of employee privacy through a comparative study of data privacy legislation in the European Union, US and Canada. Stanford Technology Law Review 4 (2004), http://stlr.stanford.edu/STLR/Article?04_STLR_4

  47. UK Information Commissioner: The Employment Practices Data Protection Code (2003)

    Google Scholar 

  48. Data Protection Working Party. Opinion 8/2001 on the processing of personal data in the employment context (5062/01/Final) (2001)

    Google Scholar 

  49. Gritzalis, D.: A digital seal solution for deploying trust on commercial transactions. Information Management & Computer Security Journal 9(2), 71–79 (2001)

    Article  Google Scholar 

  50. Lambrinoudakis, C., Gritzalis, D., Tsoumas, V., Karyda, M., Ikonomopoulos, S.: Secure Electronic Voting: The current landscape. In: Gritzalis, D. (ed.) Secure Electronic Voting, pp. 101–122. Springer (2003)

    Google Scholar 

  51. Marias, J., Dritsas, S., Theoharidou, M., Mallios, J., Gritzalis, D.: SIP vulnerabilities and antispit mechanisms assessment. In: Proc. of the 16th IEEE International Conference on Computer Communications and Networks, pp. 597–604. IEEE Press (2007)

    Google Scholar 

  52. Mitrou, L., Gritzalis, D., Katsikas, S., Quirchmayr, G.: Electronic voting: Constitutional and legal requirements, and their technical implications. In: Gritzalis, D. (ed.) Secure Electronic Voting, pp. 43–60. Springer (2003)

    Google Scholar 

  53. Spinellis, D., Gritzalis, S., Iliadis, J., Gritzalis, D., Katsikas, S.: Trusted Third Party services for deploying secure telemedical applications over the web. Computers & Security 18(7), 627–639 (1999)

    Article  Google Scholar 

  54. Mitrou, L., Karyda, M.: Bridging the gap between employee’s surveillance and privacy protection. In: Social and Human Elements of Information Security: Emerging Trends and Countermeasures, pp. 283–300. IGI Global, New York (2009)

    Google Scholar 

  55. Mitrou, L.: The Commodification of the Individual in the Internet Era: Informational Self-determination or “Self-alienation”? In: Proceedings of 8th International Conference on Computer Ethics Philosophical Enquiry, pp. 466–485. INSEIT, Athens (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security & Critical Infrastructure Protection Research Laboratory, Dept. of Informatics, Athens University of Economics & Business, 76 Patission Ave., GR-10434, Athens, Greece

    Miltiadis Kandias, Konstantina Galbogini, Lilian Mitrou & Dimitris Gritzalis

Authors
  1. Miltiadis Kandias
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Konstantina Galbogini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lilian Mitrou
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dimitris Gritzalis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, ETSI Informatica, University of Malaga, Campus de Teatinos, 29071, Malaga, Spain

    Javier Lopez

  2. School of Mathematics and Computer Science, Fujian Normal University, No. 32 Shangsan Road, 350007, Fuzhou, China

    Xinyi Huang

  3. Institute for Cyber Security,, University of Texas at San Antonio, One UTSA Circle, 78249, San Antonio, TX, USA

    Ravi Sandhu

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kandias, M., Galbogini, K., Mitrou, L., Gritzalis, D. (2013). Insiders Trapped in the Mirror Reveal Themselves in Social Media. In: Lopez, J., Huang, X., Sandhu, R. (eds) Network and System Security. NSS 2013. Lecture Notes in Computer Science, vol 7873. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38631-2_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38631-2_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38630-5

  • Online ISBN: 978-3-642-38631-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation