Development and Validation of a Proof-of-Concept Prototype for Analytics-based Malicious Cybersecurity Insider Threat in a Real-Time Identification System

Hueca, Angel L.

01 January 2018

Insider threat has continued to be one of the most difficult cybersecurity threat vectors detectable by contemporary technologies. Most organizations apply standard technology-based practices to detect unusual network activity. While there have been significant advances in intrusion detection systems (IDS) as well as security incident and event management solutions (SIEM), these technologies fail to take into consideration the human aspects of personality and emotion in computer use and network activity, since insider threats are human-initiated. External influencers impact how an end-user interacts with both colleagues and organizational resources. Taking into consideration external influencers, such as personality, changes in organizational polices and structure, along with unusual technical activity analysis, would be an improvement over contemporary detection tools used for identifying at-risk employees. This would allow upper management or other organizational units to intervene before a malicious cybersecurity insider threat event occurs, or mitigate it quickly, once initiated. The main goal of this research study was to design, develop, and validate a proof-of-concept prototype for a malicious cybersecurity insider threat alerting system that will assist in the rapid detection and prediction of human-centric precursors to malicious cybersecurity insider threat activity. Disgruntled employees or end-users wishing to cause harm to the organization may do so by abusing the trust given to them in their access to available network and organizational resources. Reports on malicious insider threat actions indicated that insider threat attacks make up roughly 23% of all cybercrime incidents, resulting in $2.9 trillion in employee fraud losses globally. The damage and negative impact that insider threats cause was reported to be higher than that of outsider or other types of cybercrime incidents. Consequently, this study utilized weighted indicators to measure and correlate simulated user activity to possible precursors to malicious cybersecurity insider threat attacks. This study consisted of a mixed method approach utilizing an expert panel, developmental research, and quantitative data analysis using the developed tool on simulated data set. To assure validity and reliability of the indicators, a panel of subject matter experts (SMEs) reviewed the indicators and indicator categorizations that were collected from prior literature following the Delphi technique. The SMEs’ responses were incorporated into the development of a proof-of-concept prototype. Once the proof-of-concept prototype was completed and fully tested, an empirical simulation research study was conducted utilizing simulated user activity within a 16-month time frame. The results of the empirical simulation study were analyzed and presented. Recommendations resulting from the study also be provided.

cybersecurity

indicator analysis

insider threat

intrusion detection

Computer Sciences

Operation Moked : Sexdagarskriget – Överraskning inom de israeliska luftoperationerna / Operation Moked : The Six Day War – Surprise and the Israeli Aerial Operations

Damm, Douglas

January 2013

The research regarding the six day war and the aerial operations named Operation Moked is extensive but there are certain shortcomings in the research that examines both the operation and the principle of surprise. The aim of this paper is to contribute to this research by utilising existing military theories on the principle of surprise in order to identify indicators that are representative of surprise.  These indicators are thereafter used in a study of Operation Moked in order to examine the extent of in which the principle was utilised. The result of this research goes to show that the principle of surprise was utilised in great extent by Israel during Operation Moked. / Det har bedrivits mycket forskning kring Sexdagarskriget och det lyckade israeliska luftanfallet Operation Moked men det finns vissa brister i forskningen på operationen kopplat till krigföringsprincipen överraskning. Denna uppsats syftar till att bidra till detta forskningsläge genom att använda militära teoribildningar kring principen överraskning och bryta ut indikatorer på vad som kännetecknar principen. Dessa indikatorer används sedan i en studie av Operation Moked för att undersöka i vilken utsträckning principen tillämpades. Resultatet av denna undersökning påvisar att överraskning tillämpades i stor utsträckning av Israel under Operation Moked.

Six Day War

Operation Moked

Surprise

Indicator analysis

Sexdagarskriget

Operation Moked

Överraskning

Indikatorsanalys

History

Historia