E. Santos, Hien Nguyen, Fei Yu, K. Kim, Deqing Li, J. T. Wilkinson, Adam Olson, Russell Jacob
{"title":"Intent-Driven Insider Threat Detection in Intelligence Analyses","authors":"E. Santos, Hien Nguyen, Fei Yu, K. Kim, Deqing Li, J. T. Wilkinson, Adam Olson, Russell Jacob","doi":"10.1109/WIIAT.2008.376","DOIUrl":null,"url":null,"abstract":"When decisions need to be made in government, the intelligence community (IC) is tasked with analyzing the situation. This analysis is based on a huge amount of information and usually under severe time constraints. As such, it is particularly vulnerable to attacks from insiders with malicious intent. A malicious insider may alter, fabricate, or hide critical information in their analytical products, such as reports, in order to interfere with the decision making process. In this paper, we focus on detecting such malicious insiders. Malicious actions such as disinformation tend to be very subtle and thus difficult to detect. Therefore, we employ a user modeling technique to model an insider based on logged information and documents accessed while accomplishing an intelligence analysis task. We create a computational model for each insider and apply several detection metrics to analyze this model as it changes over time. If any deviation of behavior is detected, alerts can be issued. A pilot test revealed that the computed deviations had a high correlation with insiderspsila cognitive styles. Based on this finding, we designed a framework that minimized the impact of differences in cognitive styles. In our evaluation, we used data collected from intelligence analysts, and simulated malicious insiders based on this data. A high percentage of the simulated malicious insiders were successfully detected.","PeriodicalId":393772,"journal":{"name":"2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2008-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WIIAT.2008.376","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 20
Abstract
When decisions need to be made in government, the intelligence community (IC) is tasked with analyzing the situation. This analysis is based on a huge amount of information and usually under severe time constraints. As such, it is particularly vulnerable to attacks from insiders with malicious intent. A malicious insider may alter, fabricate, or hide critical information in their analytical products, such as reports, in order to interfere with the decision making process. In this paper, we focus on detecting such malicious insiders. Malicious actions such as disinformation tend to be very subtle and thus difficult to detect. Therefore, we employ a user modeling technique to model an insider based on logged information and documents accessed while accomplishing an intelligence analysis task. We create a computational model for each insider and apply several detection metrics to analyze this model as it changes over time. If any deviation of behavior is detected, alerts can be issued. A pilot test revealed that the computed deviations had a high correlation with insiderspsila cognitive styles. Based on this finding, we designed a framework that minimized the impact of differences in cognitive styles. In our evaluation, we used data collected from intelligence analysts, and simulated malicious insiders based on this data. A high percentage of the simulated malicious insiders were successfully detected.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
