The insider threat ranks among the most pressing cybersecurity challenges that threaten government and industry information infrastructures. To date, no systematic methods have been developed that provide a complete and effective approach to prevent data leakage, espionage and sabotage. Current practice is forensic in nature, relegating to the analyst the bulk of the responsibility to monitor, analyze, and correlate an overwhelming amount of data. We describe a predictive modeling framework that integrates a diverse set of data sources from the cyber domain as well as inferred psychological/motivational factors that may underlie malicious insider exploits. This comprehensive threat assessment approach provides automated support for the detection of high-risk behavioral “triggers” to help focus the analyst’s attention and inform the analysis. Designed to be domain independent, the system may be applied to many different threat and warning analysis/sensemaking problems.
Revised: June 21, 2011 |
Published: June 9, 2011
Citation
Greitzer F.L., and R.E. Hohimer. 2011.Modeling Human Behavior to Anticipate Insider Attacks.Journal of Strategic Security 4, no. 2:25-48.PNNL-SA-78381.doi:10.5038/1944-0472.4.2.2