Insider Threat Risk Prediction based on Bayesian Network

Nebrase Elmrabit; Shuang Hua Yang; Lili Yang; Huiyu Zhou

doi:10.1016/j.cose.2020.101908

Insider Threat Risk Prediction based on Bayesian Network

Nebrase Elmrabit^*
, Shuang Hua Yang
, Lili Yang
, Huiyu Zhou

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

36 Citations (Scopus)

Abstract

Insider threat protection has received increasing attention in the last ten years due to the serious consequences of malicious insider threats. Moreover, data leaks and the sale of mass data have become much simpler to achieve, e.g., the dark web can allow malicious insiders to divulge confidential data whilst hiding their identities. In this paper, we propose a novel approach to predict the risk of malicious insider threats prior to a breach taking place. Firstly, we propose a new framework for insider threat risk prediction, drawing on technical, organisational and human factor perspectives. Secondly, we employ a Bayesian network to model and implement the proposed framework. Furthermore, this Bayesian network-based prediction model is evaluated in a range of challenging environments. The risk level predictions for each authorised users within the organisation are examined so that any insider threat risk can be identified. The proposed insider threat prediction model achieved better results when compared to the empirical judgments of security experts

Original language	English
Article number	101908
Journal	Computers and Security
Volume	96
Early online date	30 May 2020
DOIs	https://doi.org/10.1016/j.cose.2020.101908
Publication status	Published - Sept 2020
Externally published	Yes

Bibliographical note

Funding Information:
The work was jointly funded by the National Science Foundation of China (NSFC) through the project âDealing with Security and Safety Contradictions and Intrusion Tolerant Control for Industrial Cyber-Physical Systemsâ (Project ID: 61873119) and by EU Horizon 2020 DOMINOES Project (Grant Number: 771066).

Funding Information:
Dr.Huiyu Zhou , received the Bachelor of Engineering degree in radio technology from the Huazhong University of Science and Technology of China, Wuhan, China, the Master of Science degree in biomedical engineering from the University of Dundee, Dundee, U.K., and the Doctor of Philosophy degree in computer vision from Heriot-Watt University, Edinburgh, U.K. He is a Reader with the Department of Informatics, University of Leicester, Leicester, U.K. His research has been or is being supported by U.K. EPSRC, EU, Royal Society, Leverhulme Trust, Puffin Trust, Invest NI and industry. He has published over 180 peer-reviewed papers in the field.

Publisher Copyright:
© 2020 Elsevier Ltd

Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.

Keywords

Bayesian network model
Insider threats
Predictions
User abuse

ASJC Scopus subject areas

General Computer Science
Law

Access to Document

10.1016/j.cose.2020.101908Licence: Unspecified

Cite this

@article{d43457412a224d54b636011d108a00f1,

title = "Insider Threat Risk Prediction based on Bayesian Network",

abstract = "Insider threat protection has received increasing attention in the last ten years due to the serious consequences of malicious insider threats. Moreover, data leaks and the sale of mass data have become much simpler to achieve, e.g., the dark web can allow malicious insiders to divulge confidential data whilst hiding their identities. In this paper, we propose a novel approach to predict the risk of malicious insider threats prior to a breach taking place. Firstly, we propose a new framework for insider threat risk prediction, drawing on technical, organisational and human factor perspectives. Secondly, we employ a Bayesian network to model and implement the proposed framework. Furthermore, this Bayesian network-based prediction model is evaluated in a range of challenging environments. The risk level predictions for each authorised users within the organisation are examined so that any insider threat risk can be identified. The proposed insider threat prediction model achieved better results when compared to the empirical judgments of security experts",

keywords = "Bayesian network model, Insider threats, Predictions, User abuse",

author = "Nebrase Elmrabit and Yang, \{Shuang Hua\} and Lili Yang and Huiyu Zhou",

note = "Funding Information: The work was jointly funded by the National Science Foundation of China (NSFC) through the project {\^a}Dealing with Security and Safety Contradictions and Intrusion Tolerant Control for Industrial Cyber-Physical Systems{\^a} (Project ID: 61873119) and by EU Horizon 2020 DOMINOES Project (Grant Number: 771066). Funding Information: Dr.Huiyu Zhou , received the Bachelor of Engineering degree in radio technology from the Huazhong University of Science and Technology of China, Wuhan, China, the Master of Science degree in biomedical engineering from the University of Dundee, Dundee, U.K., and the Doctor of Philosophy degree in computer vision from Heriot-Watt University, Edinburgh, U.K. He is a Reader with the Department of Informatics, University of Leicester, Leicester, U.K. His research has been or is being supported by U.K. EPSRC, EU, Royal Society, Leverhulme Trust, Puffin Trust, Invest NI and industry. He has published over 180 peer-reviewed papers in the field. Publisher Copyright: {\textcopyright} 2020 Elsevier Ltd Copyright: Copyright 2020 Elsevier B.V., All rights reserved.",

year = "2020",

month = sep,

doi = "10.1016/j.cose.2020.101908",

language = "English",

volume = "96",

journal = "Computers and Security",

issn = "0167-4048",

publisher = "Elsevier Ltd",

}

TY - JOUR

T1 - Insider Threat Risk Prediction based on Bayesian Network

AU - Elmrabit, Nebrase

AU - Yang, Shuang Hua

AU - Yang, Lili

AU - Zhou, Huiyu

N1 - Funding Information: The work was jointly funded by the National Science Foundation of China (NSFC) through the project âDealing with Security and Safety Contradictions and Intrusion Tolerant Control for Industrial Cyber-Physical Systemsâ (Project ID: 61873119) and by EU Horizon 2020 DOMINOES Project (Grant Number: 771066). Funding Information: Dr.Huiyu Zhou , received the Bachelor of Engineering degree in radio technology from the Huazhong University of Science and Technology of China, Wuhan, China, the Master of Science degree in biomedical engineering from the University of Dundee, Dundee, U.K., and the Doctor of Philosophy degree in computer vision from Heriot-Watt University, Edinburgh, U.K. He is a Reader with the Department of Informatics, University of Leicester, Leicester, U.K. His research has been or is being supported by U.K. EPSRC, EU, Royal Society, Leverhulme Trust, Puffin Trust, Invest NI and industry. He has published over 180 peer-reviewed papers in the field. Publisher Copyright: © 2020 Elsevier Ltd Copyright: Copyright 2020 Elsevier B.V., All rights reserved.

PY - 2020/9

Y1 - 2020/9

N2 - Insider threat protection has received increasing attention in the last ten years due to the serious consequences of malicious insider threats. Moreover, data leaks and the sale of mass data have become much simpler to achieve, e.g., the dark web can allow malicious insiders to divulge confidential data whilst hiding their identities. In this paper, we propose a novel approach to predict the risk of malicious insider threats prior to a breach taking place. Firstly, we propose a new framework for insider threat risk prediction, drawing on technical, organisational and human factor perspectives. Secondly, we employ a Bayesian network to model and implement the proposed framework. Furthermore, this Bayesian network-based prediction model is evaluated in a range of challenging environments. The risk level predictions for each authorised users within the organisation are examined so that any insider threat risk can be identified. The proposed insider threat prediction model achieved better results when compared to the empirical judgments of security experts

AB - Insider threat protection has received increasing attention in the last ten years due to the serious consequences of malicious insider threats. Moreover, data leaks and the sale of mass data have become much simpler to achieve, e.g., the dark web can allow malicious insiders to divulge confidential data whilst hiding their identities. In this paper, we propose a novel approach to predict the risk of malicious insider threats prior to a breach taking place. Firstly, we propose a new framework for insider threat risk prediction, drawing on technical, organisational and human factor perspectives. Secondly, we employ a Bayesian network to model and implement the proposed framework. Furthermore, this Bayesian network-based prediction model is evaluated in a range of challenging environments. The risk level predictions for each authorised users within the organisation are examined so that any insider threat risk can be identified. The proposed insider threat prediction model achieved better results when compared to the empirical judgments of security experts

KW - Bayesian network model

KW - Insider threats

KW - Predictions

KW - User abuse

U2 - 10.1016/j.cose.2020.101908

DO - 10.1016/j.cose.2020.101908

M3 - Article

AN - SCOPUS:85086069682

SN - 0167-4048

VL - 96

JO - Computers and Security

JF - Computers and Security

M1 - 101908

ER -

Insider Threat Risk Prediction based on Bayesian Network

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this