Abstract
Social media have widened society’s opportunities for communication, while they offer ways to perform employees’ screening and profiling. Our goal in this paper is to develop an insider threat prediction method by (e)valuating a users’ personality trait of narcissism, which is deemed to be closely connected to the manifestation of malevolent insiders. We utilize graph theory tools in order to detect influence of and usage deviation. Then, we categorize the users according to a proposed taxonomy. Thus we detect individuals with narcissistic characteristics and manage to test groups of people under the prism of group homogeneity. Furthermore, we compare and classify users to larger sub-communities consisting of people of the same profession. The analysis is based on an extensive crawling of Greek users of Twitter. As the application of this method may lead to infringement of privacy rights, its use should be reserved for exceptional cases, such as the selection of security officers or of critical infrastructures decision-making staff.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
CSO magazine in cooperation with the U.S. Secret Services, Software Engineering Institute CERT Program at Carnegie Mellon University and Deloitte: Cybersecurity watch survey: Cybercrime increasing faster than computes and defenses (2010), http://www.cert.org/blogs/insider_threat/2010/10/interesting_insider_threat_statistics.html
Theoharidou, M., Kokolakis, S., Karyda, M., Kiountouzis, E.: The insider threat to information systems and the effectiveness of ISO17799. Computers & Security 24(6), 472–484 (2005)
Theoharidou, M., Gritzalis, D.: A Common Body of Knowledge for Information Security. IEEE Security & Privacy 4(2), 64–67 (2007)
Liu, A., Martin, C., Hetherington, T., Matzner, S.: A comparison of system call feature representations for insider threat detection. In: Proceedings from the 6th Annual IEEE SMC Information Assurance Workshop, IAW 2005, pp. 340–347. IEEE (June 2005)
Kalutarage, H., Shaikh, S., Qin Zhou, A., James, A.: Sensing for suspicion at scale: A Bayesian approach for cyber conflict attribution and reasoning. In: 4th International Conference on Cyber Conflict (CYCON), pp. 1–19. IEEE (June 2012)
Magklaras, G., Furnell, S., Papadaki, M.: LUARM: An audit engine for insider misuse detection. International Journal of Digital Crime and Forensics (IJDCF) 3(3), 37–49 (2011)
Spitzner, L.: Honeypots: Catching the insider threat. In: Proceedings of 19th Annual Computer Security Applications Conference, pp. 170–179. IEEE (December 2003)
Bowen, B.M., Ben Salem, M., Hershkop, S., Keromytis, A., Stolfo, S.J.: Designing host and network sensors to mitigate the insider threat. IEEE Security & Privacy 7(6), 22–29 (2009)
Magklaras, G.B., Furnell, S.M.: Insider threat prediction tool: Evaluating the probability of IT misuse. Computers & Security 21(1), 62–73 (2001)
Magklaras, G., Furnell, S., Brooke, P.: Towards an insider threat prediction specification language. Information Management & Computer Security 14(4), 361–381 (2006)
Yaseen, Q., Panda, B.: Knowledge acquisition and insider threat prediction in relational database systems. In: International Conference on Computational Science and Engineering (CSE), pp. 450–455. IEEE (August 2009)
Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., Gritzalis, D.: An insider threat prediction model. In: Katsikas, S., Lopez, J., Soriano, M. (eds.) TrustBus 2010. LNCS, vol. 6264, pp. 26–37. Springer, Heidelberg (2010)
Greitzer, F., Kangas, L., Noonan, C., Dalton, A., Hohimer, R.: Identifying At-Risk Employees: Modeling Psychosocial Precursors of Potential Insider Threats. In: 45th Hawaii International Conference on System Science (HICSS), pp. 2392–2401. IEEE (January 2012)
Brdiczka, O., Liu, J., Price, B., Shen, J., Patil, A., Chow, R., Ducheneaut, N.: Proactive Insider Threat Detection through Graph Learning and Psychological Context. In: IEEE Symposium on Security and Privacy Workshops (SPW), pp. 142–149. IEEE (May 2012)
Chen, Y., Nyemba, S., Zhang, W., Malin, B.: Leveraging social networks to detect anomalous insider actions in collaborative environments. In: IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 119–124. IEEE (July 2011)
Skues, J., Williams, B., Wise, L.: The effects of personality traits, self-esteem, loneliness, and narcissism on Facebook use among university students. Computers in Human Behavior (2012)
Buffardi, L., Campbell, W.: Narcissism and social networking web sites. Personality and Social Psychology Bulletin 34(10), 1303–1314 (2008)
Mehdizadeh, S.: Self-presentation 2.0: Narcissism and self-esteem on Facebook. In: Cyberpsychology Behavior Society Network, pp. 357–364 (2010)
Butts, J., Mills, R., Peterson, G.: A multidiscipline approach to mitigating the insider threat. In: International Conference on Information Warfare and Security, ICIW (March 2006)
Shaw, E., Ruby, K., Post, J.: The insider threat to information systems: The psychology of the dangerous insider. Security Awareness Bulletin 2(98), 1–10 (1998)
U.S. Department of Justice, Federal Bureau of Investigation: The insider threat, an introduction to detecting and deterring insider spy (2012), http://www.fbi.gov/about-us/investigate/counterintelligence/the-insider-threat
Mislove, A., Marcon, M., Gummadi, K.P., Druschel, P., Bhattacharjee, B.: Measurement and analysis of online social networks. In: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, pp. 29–42. ACM (October 2007)
Travers, J., Milgram, S.: An experimental study of the small world problem. In: Sociometry, pp. 425–443 (1969)
Cha, M., Haddadi, H., Benevenuto, F., Gummadi, K.: Measuring user influence in Twitter: The million follower fallacy. In: 4th International AAAI Conference on Weblogs and Social Media (ICWSM), vol. 14(1), p. 8 (May 2010)
Quercia, D., Ellis, J., Capra, L., Crowcroft, J.: In the mood for being influential on twitter. In: Privacy, Security, Risk and Trust, IEEE 3rd International Conference on Social Computing (SOCIALCOM), pp. 307–314. IEEE (October 2011)
Watts, D., Strogatz, S.: The small world problem. In: Collective Dynamics of Small-World Networks, pp. 440–442 (1998)
Costa, L., Rodrigues, F., Travieso, G., Boas, P.: Characterization of complex networks: A survey of measurements. Advances in Physics 56(1), 167–242 (2007)
Barabasi, A.: The origin of bursts and heavy tails in human dynamics. Nature 435(7039), 207–211 (2005)
Ross, C., Orr, E., Sisic, M., Arseneault, J., Simmering, M., Orr, R.: Personality and motivations associated with Facebook use. Computers in Human Behavior 25, 578–586 (2009)
Amichai-Hamburger, Y., Vinitzky, G.: Social network use and personality. Computers in Human Behavior 26, 1289–1295 (2010)
Shaw, E., Fischer, L.: Ten tales of betrayal: The threat to corporate infrastructure by information technology insiders analysis and observations. Defense Personnel Security Research Center, USA (2005)
Shaw, E.: The role of behavioral research and profiling in malicious cyber insider investigations. Digital Investigation 3(1), 20–31 (2006)
Frank, L., Hohimer, R.: Modeling human behavior to anticipate insider attacks. Journal of Strategic Security 4(2), 3 (2011)
International Working Group on Data Protection in Telecoms: Report and guidance on privacy in social network services. Rome Memorandum. 43rd Meeting, Rome, Italy (March 2008)
Mitrou, L., Karyda, M.: Employees’ privacy vs. employers’ security: Can they be balanced? Telematics and Informatics 23(3), 164–178 (2006)
Fazekas, C.: 1984 is Still Fiction: Electronic Monitoring in the Workplace and US Privacy Law. Duke Law & Technology Review, 15 (2004)
Broughton, A., Higgins, T., Hicks, B., Cox, A.: Workplaces and Social Networking - The Implications for Employment Relations. Institute for Employment Studies, Brighton (2009)
Abril-Sánchez, P., Levin, A., Del Riego, A.: Blurred Boundaries: Social Media Privacy and the 21st Century Employee. American Business Law Journal 49(1), 63–124 (2012)
Castells, M.: Communication Power. Oxford University Press (2009)
Dumortier, F.: Facebook and Risks of “De-contextualization” of Information. In: Gutwirth, S., et al. (eds.) Data Protection in a Profiled World, pp. 119–137 (2010)
Nissenbaum, H.: Privacy as Contextual Integrity. Washington Law Review 79, 119–157 (2004)
Davison, K., Maraist, C., Hamilton, R., Bing, M.: To Screen or Not to Screen? Using the Internet for Selection Decisions. Employ Response Rights 24, 1–21 (2012)
Smith, W., Kidder, D.: You’ve been tagged (Then again, maybe not): Employers and Facebook. Business Horizons 53, 491–499 (2010)
Slovensky, R., Ross, W.: Should human resource managers use social media to screen job applicants? Managerial and Legal Issues in the USA 14(1), 55–69 (2012)
Simitis, S.: Reconsidering the premises of labour law: Prolegomena to an EU regulation on the protection of employees’ personal data. European Law Journal 5, 45–62 (1999)
Lasprogata, G., King, N., Pillay, S.: Regulation of electronic employee monitoring: Identifying fundamental principles of employee privacy through a comparative study of data privacy legislation in the European Union, US and Canada. Stanford Technology Law Review 4 (2004), http://stlr.stanford.edu/STLR/Article?04_STLR_4
UK Information Commissioner: The Employment Practices Data Protection Code (2003)
Data Protection Working Party. Opinion 8/2001 on the processing of personal data in the employment context (5062/01/Final) (2001)
Gritzalis, D.: A digital seal solution for deploying trust on commercial transactions. Information Management & Computer Security Journal 9(2), 71–79 (2001)
Lambrinoudakis, C., Gritzalis, D., Tsoumas, V., Karyda, M., Ikonomopoulos, S.: Secure Electronic Voting: The current landscape. In: Gritzalis, D. (ed.) Secure Electronic Voting, pp. 101–122. Springer (2003)
Marias, J., Dritsas, S., Theoharidou, M., Mallios, J., Gritzalis, D.: SIP vulnerabilities and antispit mechanisms assessment. In: Proc. of the 16th IEEE International Conference on Computer Communications and Networks, pp. 597–604. IEEE Press (2007)
Mitrou, L., Gritzalis, D., Katsikas, S., Quirchmayr, G.: Electronic voting: Constitutional and legal requirements, and their technical implications. In: Gritzalis, D. (ed.) Secure Electronic Voting, pp. 43–60. Springer (2003)
Spinellis, D., Gritzalis, S., Iliadis, J., Gritzalis, D., Katsikas, S.: Trusted Third Party services for deploying secure telemedical applications over the web. Computers & Security 18(7), 627–639 (1999)
Mitrou, L., Karyda, M.: Bridging the gap between employee’s surveillance and privacy protection. In: Social and Human Elements of Information Security: Emerging Trends and Countermeasures, pp. 283–300. IGI Global, New York (2009)
Mitrou, L.: The Commodification of the Individual in the Internet Era: Informational Self-determination or “Self-alienation”? In: Proceedings of 8th International Conference on Computer Ethics Philosophical Enquiry, pp. 466–485. INSEIT, Athens (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kandias, M., Galbogini, K., Mitrou, L., Gritzalis, D. (2013). Insiders Trapped in the Mirror Reveal Themselves in Social Media. In: Lopez, J., Huang, X., Sandhu, R. (eds) Network and System Security. NSS 2013. Lecture Notes in Computer Science, vol 7873. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38631-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-38631-2_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38630-5
Online ISBN: 978-3-642-38631-2
eBook Packages: Computer ScienceComputer Science (R0)