Modeling Human Behavior to Anticipate Insider Attacks

The insider threat ranks among the most pressing cyber-security challenges that threaten government and industry information infrastructures. To date, no systematic methods have been developed that provide a complete and effective approach to prevent data leakage, espionage, and sabotage. Current practice is forensic in nature, relegating to the analyst the bulk of the responsibility to monitor, analyze, and correlate an overwhelming amount of data. We describe a predictive modeling framework that integrates a diverse set of data sources from the cyber domain, as well as inferred psychological/motivational factors that may underlie malicious insider exploits. This comprehensive threat assessment approach provides automated support for the detection of high-risk behavioral "triggers" to help focus the analyst's attention and inform the analysis. Designed to be domain-independent, the system may be applied to many different threat and warning analysis/sense-making problems. This article is available in Journal of Strategic Security: http://scholarcommons.usf.edu/jss/ vol4/iss2/3 Journal of Strategic Security Volume IV Issue 2 2011, pp. 25-48 DOI: 10.5038/1944-0472.4.2.2 Journal of Strategic Security (c) 2011 ISSN: 1944-0464 eISSN: 1944-0472 25 Modeling Human Behavior to Anticipate Insider Attacks Frank L. Greitzer Ryan E. Hohimer Pacific Northwest National Laboratory Richland, WA USA [email protected]