short-paper

Classification of Insider Threat Detection Techniques

Authors:

Ameya Sanzgiri,

Dipankar DasguptaAuthors Info & Claims

CISRC '16: Proceedings of the 11th Annual Cyber and Information Security Research Conference

Article No.: 25, Pages 1 - 4

https://doi.org/10.1145/2897795.2897799

Published: 05 April 2016 Publication History

Abstract

Most insider attacks done by people who have the knowledge and technical know-how of launching such attacks. This topic has long been studied and many detection techniques were proposed to deal with insider threats. This short paper summarized and classified insider threat detection techniques based on strategies used for detection.

References

[1]

M. B. Salem, S. Hershkop, and S. J. Stolfo. A survey of insider attack detection research. In Insider Attack and Cyber Security, volume 39 of Advances in Information Security, pages 69--90. Springer, 2008.

[2]

W.T. Young, A. Memory, H.G. Goldberg, and T.E. Senator. Detecting unknown insider threat scenarios. In Security and Privacy Workshops (SPW), pages 277--288, May 2014.

Digital Library

[3]

P. Thompson. Weak models for insider threat detection. In Defense and Security, pages 40--48. International Society for Optics and Photonics, 2004.

[4]

M Ben Salem and S. J. Stolfo. Masquerade attack detection using a search-behavior modeling approach. Columbia University Department of Computer Science Technical Report, CUCS-027-09, 2009.

[5]

P Bradford and N. Hu. A layered approach to insider threat detection and proactive forensics. In Proceedings of the Twenty-First Annual Computer Security Applications Conference (Technology Blitz), 2005.

[6]

N. Hu, Phillip P. G Bradford, and Jun J. Liu. Applying role based access control and genetic algorithms to insider threat detection. In ACM Proceedings of the 44th annual Southeast regional conference, pages 790--791, 2006.

Digital Library

[7]

J. S Park and J. Giordano. Role-based profile analysis for scalable and accurate insider-anomaly detection. In IEEE International Conference on Performance, Computing, and Communications 2006.

[8]

Raytheon: Sureview Insider Threat. Accessed July 31, 2015.

[9]

M. A. Maloof and G. D. Stephens. ELICIT: A system for detecting insiders who violate need-to-know. In Recent Advances in Intrusion Detection, volume 4637 of Lecture Notes in Computer Science, pages 146--166. Springer, 2007.

Digital Library

[10]

E Ted, H. G Goldberg, A. Memory, W. T Young, B. Rees, R. Pierce, D. Huang, M. Reardon, D. A Bader, E. Chow, et al. detecting insider threats in a real corporate database of computer usage activity. In ACM Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 1393--1401., 2013.

Digital Library

[11]

B. M Bowen, S. Hershkop, A. D Keromytis, and Salvatore S. J Stolfo. Baiting inside attackers using decoy documents. Springer, 2009.

[12]

M. B. Salem and S. J. Stolfo. Decoy document deployment for effective masquerade attack detection. In Proceedings of the 8th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA'11, pages 35--54, Berlin, Heidelberg, 2011. Springer-Verlag.

Digital Library

[13]

J. Voris, N. Boggs, and S. J. Stolfo. Lost in translation: Improving decoy documents via automated translation. In Proceedings of the IEEE Symposium on Security and Privacy Workshops, pages 129--133, 2012

Digital Library

[14]

L. Spitzner. Honeypots: Catching the insider threat. In IEEE 19th Annual Proceedings of Computer Security Applications Conference., pages 170--179, 2003.

Digital Library

[15]

E Schultz. A framework for understanding and predicting insider attacks. Computers & Security, 21(6):526--531, 2002.

Digital Library

[16]

M. Kandias, A. Mylonas, N. Virvilis, M. Theoharidou, and D. Gritzalis. An insider threat prediction model. In Trust, Privacy and Security in Digital Business, volume 6264 of Lecture Notes in Computer Science, pages 26--37, 2010.

Digital Library

[17]

M. Maybury et al. Analysis and detection of malicious insiders. Technical report, MITRE Co., MA, 2005.

[18]

M. Keeney. Insider threat study: Computer system sabotage in critical infrastructure sectors. US Secret Service and CERT Coordination Center, 2005.

[19]

S. R Band, D. M Cappelli, L. F Fischer, A. P Moore, Eric D Shaw, and R. F Trzeciak. Comparing insider it sabotage and espionage: A model-based analysis. Technical report, DTIC Document, 2006.

[20]

K. L Herbig and M. F Wiskoff. Espionage against the united states by American citizens 1947--2001. Technical report, DTIC Document, 2002.

[21]

F. L Greitzer and D. A Frincke. Combining traditional cyber security audit data with psychosocial data: towards predictive modeling for insider threat mitigation. In Insider Threats in Cyber Security, pages 85--113. Springer US, 2010.

[22]

F.L. Greitzer, L.J. Kangas, C.F. Noonan, A.C. Dalton, and R.E. Hohimer. Identifying at-risk employees: Modeling psychosocial precursors of potential insider threats. In System Science (HICSS), 45th Hawaii International Conference on, pages 2392--2401, Jan 2012.

Digital Library

[23]

F. L Greitzer, L. J Kangas, C. F Noonan, C. R Brown, and T. Ferryman. Psychosocial modeling of insider threat risk based on behavioral and word use analysis. e-Service Journal, 9(1):106--138, 2013.

[24]

C. R Brown, A. Watkins, and F. L Greitzer. Predicting insider threat risks through linguistic analysis of electronic communication. In IEEE System Sciences (HICSS), 46th Hawaii International Conference on, pages 1849--1858, 2013.

Digital Library

[25]

M. Bishop, H. M Conboy, H. Phan, B. Simidchieva, G. S Avrunin, L. Clarke, Leon L. J Osterweil, Sean S. Peisert, et al. Insider threat identification by process analysis. In IEEE Security and Privacy Workshops, pages 251--264., 2014.

Digital Library

[26]

E. T Axelrad, P. J Sticha, O. Brdiczka, and J. Shen. A Bayesian network model for predicting insider threats. In IEEE Security and Privacy Workshops, pages 82--89, 2013.

Digital Library

[27]

R. Chinchani, A. Iyer, H.Q. Ngo, and S. Upadhyaya. Towards a theory of insider threat assessment. In Dependable Systems and Networks, DSN. Proceedings. International Conference on, pages 108--117, June 2005.

Digital Library

[28]

F. Kammuller and Christian C. W Probst. Combining generated data models with formal invalidation for insider threat analysis. In IEEE Security and Privacy Workshops (SPW), pages 229--235, 2014.

Digital Library

[29]

J. Boxwell Ard, Matt M. Bishop, Carrie C. Gates, and Michael M. Xin Sun. Information behaving badly. In ACM Proceedings of the Workshop on New Security Paradigms Workshop (NSPW), pages 107--118, NY, USA.

Digital Library

[30]

A. Liu, C. Martin, T. Hetherington, and S. Matzner. A comparison of system call feature representations for insider threat detection. In Information Assurance Workshop, IAW '05. Proceedings from the Sixth Annual IEEE SMC, pages 340--347, June 2005.

[31]

N. Nguyen, P. Reiher, and G.H. Kuenning. Detecting insider threats by monitoring system call activity. In Information Assurance Workshop. IEEE Systems, Man and Cybernetics Society, pages 45--52, June 2003.

[32]

Y. Liu, C. Corbett, K. Chiang, R. Archibald, B. Mukherjee, and D. Ghosal. Detecting sensitive data exfiltration by an insider attack. In ACM Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research (CSIIRW), pages 16:1--16:3, USA, 2008.

Digital Library

[33]

C. Armstrong. Mapping social media insider threat attack vectors. In 46th Hawaii International Conference on System Sciences (HICSS), pages 1840--1848, Jan 2013.

Digital Library

[34]

J. RC Nurse, O. Buckley, P. Legg, M. M. Goldsmith, S. Creese, G. RT Wright, M. Whitty, et al. Understanding insider threat: A framework for characterizing attacks. In Security and Privacy Workshops, pages 214--228, 2014.

Digital Library

[35]

H. Eldardiry, E. Bart, J. Liu, J. Hanley, B. Price, and O. Brdiczka. Multi-domain information fusion for insider threat detection. In IEEE Security and Privacy Workshops (SPW), pages 45--51, 2013.

Digital Library

[36]

W. Eberle and L. Holder. Insider threat detection using graph-based approaches. In Conference for Homeland Security, CATCH '09. Cybersecurity Applications Technology, pages 237--241, March 2009.

Digital Library

[37]

W. Eberle and L. Holder. Applying graph-based anomaly detection approaches to the discovery of insider threats. In IEEE International Conference on Intelligence and Security Informatics. ISI, pages 206--208, June 2009.

Digital Library

[38]

G. Magklaras, S. Furnell, and P. J. Brooke. Towards an insider threat prediction specification language. Inf. Manag. Computer Security, 14(4):361--381, 2006.

[39]

A. Memory, H. G Goldberg, and T. E Senator. Context-aware insider threat detection. Proceedings of the Workshop on Activity Context System Architectures, 2013.

[40]

J. Glasser and B. Lindauer. Bridging the gap: A pragmatic approach to generating insider threat data. In Security and Privacy Workshops (SPW), pages 98--104. IEEE, 2013.

Digital Library

[41]

F. L. Greitzer and T. A. Ferryman. Methods and metrics for evaluating analytic insider threat tools. In Proceedings of the 2013 IEEE Security and Privacy Workshops, SPW '13, pages 90--97, Washington, DC, USA.

Digital Library

[42]

S. J. Templeton and K. Levitt. A requires/provides model for computer attacks. In Proceedings of the 2000 Workshop on New Security Paradigms, NSPW '00, pages 31--38, New York, NY, USA, 2000. ACM.

Digital Library

[43]

B. Schneier. Attack trees. Dr. Dobbs journal, 24(12):21--29, 1999.

[44]

D. Ha, S. Upadhyaya, H. Ngo, S. Pramanik, R. Chinchani, and S. Mathew. Insider threat analysis using information-centric modeling. In Advances in Digital Forensics III, volume 242 of IFIP the International Federation for Information Processing, pages 55--73, New York, 2007.

[45]

S. Mathew, S. Upadhyaya, D. Ha, and H.Q. Ngo. Insider abuse comprehension through capability acquisition graphs. In Information Fusion, 11th International Conference on, pages 1--8, June 2008.

[46]

M. Bishop, S. Engle, D. Frincke, Carrie Gates, F. L. Greitzer, S. Peisert, and S. Whalen. A risk management approach to the insider threat. In Insider Threats in Cyber Security, volume 49 of Advances in Information Security, pages 115--137. Springer US, 2010.

[47]

N. Baracaldo and J. Joshi. A trust-and-risk aware RBAC framework: Tackling insider threat. In Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, SACMAT '12, pages 167--176, New York, NY, USA, 2012.

Digital Library

[48]

S. Peisert and M. Bishop. Dynamic, flexible, and optimistic access control. Technical Report CSE-2013-76, Department of Computer Science, UC Davis, July 2013.

[49]

M. Bishop, S. Engle, S. Peisert, S. Whalen, and C. Gates. We have met the enemy and he is us. In ACM Proceedings of the 2008 Workshop on New Security Paradigms, NSPW '08, pages 1--12, New York, NY, USA, 2008.

Digital Library

[50]

M. Bishop, S. Engle, S. Peisert, S. Whalen, and C. Gates. Case studies of an insider framework. In 42nd Hawaii International Conference on System Sciences (HICSS), pages 1--10, Jan 2009.

Digital Library

[51]

A. P Moore, D. McIntire, D. Mundie, and D. Zubrow. Justification of a pattern for detecting intellectual property theft by departing insiders. 2013.

[52]

M. D Guido and M. W Brooks. Insider threat program best practices. In IEEE 46th Hawaii International Conference on System Sciences (HICSS), pages 1831--1839., 2013.

Digital Library

Cited By

R. PRaj Balaji D(2024)Examining IoT in the Angle of Security with Counter measures – A StudySalud, Ciencia y Tecnología - Serie de Conferencias10.56294/sctconf2024.11173Online publication date: 29-Aug-2024
https://doi.org/10.56294/sctconf2024.1117
Zhang MLiang XTian FYang YYu HLi B(2024)LLM4ITD: Insider Threat Detection with Fine-Tuned Large Language Models2024 International Conference on Interactive Intelligent Systems and Techniques (IIST)10.1109/IIST62526.2024.00017(236-241)Online publication date: 4-Mar-2024
https://doi.org/10.1109/IIST62526.2024.00017
Renaud KWarkentin MPogrebna Gvan der Schyff K(2024)VISTAInformation and Management10.1016/j.im.2023.10387761:1Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1016/j.im.2023.103877
Show More Cited By

Classification of Insider Threat Detection Techniques
1. Security and privacy
  1. Systems security
2. Social and professional topics
  1. Computing / technology policy

Recommendations

Towards Insider Threat Detection Using Psychophysiological Signals
MIST '15: Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security Threats

Insider threat is one of the greatest concerns for the information security system that could cause greater financial losses and damages than any other attacks. Recently many studies have been proposed to monitor and detect the insider attacks. However, ...
Few-shot Insider Threat Detection
CIKM '20: Proceedings of the 29th ACM International Conference on Information & Knowledge Management

Insiders cause significant cyber-security threats to organizations. Due to a very limited number of insiders, most of the current studies adopt unsupervised learning approaches to detect insiders by analyzing the audit data that record information about ...
Multi-Domain Information Fusion for Insider Threat Detection
SPW '13: Proceedings of the 2013 IEEE Security and Privacy Workshops

Malicious insiders pose significant threats to information security, and yet the capability of detecting malicious insiders is very limited. Insider threat detection is known to be a difficult problem, presenting many research challenges. In this paper ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

CISRC '16: Proceedings of the 11th Annual Cyber and Information Security Research Conference

April 2016

150 pages

ISBN:9781450337526

DOI:10.1145/2897795

General Chairs:
Joseph P. Trien
Oak Ridge National Laboratory
,
Stacy J. Prowell
Oak Ridge National Laboratory
,
John R. Goodall
Oak Ridge National Laboratory
,
Program Chair:
Robert A. Bridges
Oak Ridge National Laboratory

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Oak Ridge National Laboratory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 April 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper
Research
Refereed limited

Conference

CISRC '16

CISRC '16: 11th Annual Cyber and Information Security Research

April 5 - 7, 2016

TN, Oak Ridge, USA

Acceptance Rates

CISRC '16 Paper Acceptance Rate 11 of 28 submissions, 39%;

Overall Acceptance Rate 69 of 136 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

42
Total Citations
View Citations
2,091
Total Downloads

Downloads (Last 12 months)76
Downloads (Last 6 weeks)6

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

R. PRaj Balaji D(2024)Examining IoT in the Angle of Security with Counter measures – A StudySalud, Ciencia y Tecnología - Serie de Conferencias10.56294/sctconf2024.11173Online publication date: 29-Aug-2024
https://doi.org/10.56294/sctconf2024.1117
Zhang MLiang XTian FYang YYu HLi B(2024)LLM4ITD: Insider Threat Detection with Fine-Tuned Large Language Models2024 International Conference on Interactive Intelligent Systems and Techniques (IIST)10.1109/IIST62526.2024.00017(236-241)Online publication date: 4-Mar-2024
https://doi.org/10.1109/IIST62526.2024.00017
Renaud KWarkentin MPogrebna Gvan der Schyff K(2024)VISTAInformation and Management10.1016/j.im.2023.10387761:1Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1016/j.im.2023.103877
Jaiswal ADwivedi PDewang R(2024)Machine learning approaches to detect, prevent and mitigate malicious insider threats: State-of-the-art reviewMultimedia Tools and Applications10.1007/s11042-024-20273-0Online publication date: 4-Oct-2024
https://doi.org/10.1007/s11042-024-20273-0
AlGhamdi ANiazi MAlshayeb MMahmood S(2024) Organizations' readiness for insider attacks: A process‐oriented approach Software: Practice and Experience10.1002/spe.332754:8(1565-1589)Online publication date: 14-Mar-2024
https://doi.org/10.1002/spe.3327
Molitor DRaghupathi WSaharia ARaghupathi V(2023)Exploring Key Issues in Cybersecurity Data Breaches: Analyzing Data Breach Litigation with ML-Based Text AnalyticsInformation10.3390/info1411060014:11(600)Online publication date: 5-Nov-2023
https://doi.org/10.3390/info14110600
Villarreal-Vasquez MModelo-Howard GDube SBhargava B(2023)Hunting for Insider Threats Using LSTM-Based Anomaly DetectionIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.313563920:1(451-462)Online publication date: 1-Jan-2023
https://doi.org/10.1109/TDSC.2021.3135639
Ahmed MMahmood HIqbal Z(2023)A Novel Framework for Email’s Data Leak Prevention Through Semantic Analysis2023 International Conference on IT and Industrial Technologies (ICIT)10.1109/ICIT59216.2023.10335896(1-6)Online publication date: 9-Oct-2023
https://doi.org/10.1109/ICIT59216.2023.10335896
Wang ELi QZhao SHan X(2023)Anomaly-Based Insider Threat Detection via Hierarchical Information FusionArtificial Neural Networks and Machine Learning – ICANN 202310.1007/978-3-031-44213-1_2(13-25)Online publication date: 22-Sep-2023
https://doi.org/10.1007/978-3-031-44213-1_2
Belesioti MChochliouros IDimas PSofianopoulos MZahariadis TSkianis CMontanera E(2023)Putting Intelligence into Things: An Overview of Current ArchitecturesArtificial Intelligence Applications and Innovations. AIAI 2023 IFIP WG 12.5 International Workshops10.1007/978-3-031-34171-7_8(106-117)Online publication date: 2-Jun-2023
https://doi.org/10.1007/978-3-031-34171-7_8
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten