To see the other types of publications on this topic, follow the link: Insider threats.
Journal articles on the topic 'Insider threats'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Insider threats.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Mohammad, Nur Ameera Natasha, Warusia Mohamed Yassin, Rabiah Ahmad, Aslinda Hassan, and Mohammed Nasser Ahmed Al Mhiqani. "An Insider Threat Categorization Framework for Automated Manufacturing Execution System." International Journal of Innovation in Enterprise System 3, no. 02 (2019): 31–41. http://dx.doi.org/10.25124/ijies.v3i02.38.
Full textAbstract:
Insider threats become one of the most dangerous threats in the cyber world as compared to outsider as the insiders have knowledge of assets. In addition, the threats itself considered in-visible and no one can predict what, when and how exactly the threat launched. Based on conducting literature, threat in Automated Manufacturing Execution Systems (AMESs) can be divided into three principle factors. Moreover, there is no standard framework to be referring which exist nowadays to categorize such factors in order to identify insider threats possible features. Therefore, from the conducted literature a standard theoretical categorization of insider threats framework for AMESs has been proposed. Hence, three principle factors, i.e. Human, Systems and Machine have considered as major categorization of insider threats. Consequently, the possible features for each factor identified based on previous researcher recommendations. Therefore, via identifying possible features and categorize it into principle factors or groups, a standard framework could be derived. These frameworks will contribute more benefit specifically in the manufacturing field as a reference to mitigate an insider threat. 
 Keywords—automated manufacturing execution systems insider threats, factors and features, insider threat categorization framework.
2
Hu, Teng, Bangzhou Xin, Xiaolei Liu, Ting Chen, Kangyi Ding, and Xiaosong Zhang. "Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats." Sensors 20, no. 18 (2020): 5297. http://dx.doi.org/10.3390/s20185297.
Full textAbstract:
The insider threats have always been one of the most severe challenges to cybersecurity. It can lead to the destruction of the organisation’s internal network system and information leakage, which seriously threaten the confidentiality, integrity and availability of data. To make matters worse, since the attacker has authorized access to the internal network, they can launch the attack from the inside and erase their attack trace, which makes it challenging to track and forensics. A blockchain traceability system for insider threats is proposed in this paper to mitigate the issue. First, this paper constructs an insider threat model of the internal network from a different perspective: insider attack forensics and prevent insider attacker from escaping. Then, we analyze why it is difficult to track attackers and obtain evidence when an insider threat has occurred. After that, the blockchain traceability system is designed in terms of data structure, transaction structure, block structure, consensus algorithm, data storage algorithm, and query algorithm, while using differential privacy to protect user privacy. We deployed this blockchain traceability system and conducted experiments, and the results show that it can achieve the goal of mitigating insider threats.
3
Al-Mhiqani, Mohammed Nasser, Rabiah Ahmad, Z. Zainal Abidin, et al. "A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations." Applied Sciences 10, no. 15 (2020): 5208. http://dx.doi.org/10.3390/app10155208.
Full textAbstract:
Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.
4
Palaparthy, Keerthana, Y. Manohar Reddy, Jatoth Victor Paul, and S. Raju. "Enhancing Insider Threat Detection through Integrated Behavioral, Signature and Anomaly based Detection Methods." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 08, no. 12 (2024): 1–6. https://doi.org/10.55041/ijsrem39835.
Full textAbstract:
Insider threats present substantial risks to organizational security, as malicious actors exploit their authorized access to systems, networks, or data to perpetrate harmful activities. These threats encompass various forms, including data theft, sabotage, fraud, or espionage, leading to significant financial losses, reputational damage, or regulatory penalties. Traditional approaches to insider threat detection, such as anomaly-based, signature-based, and behavioral analysis methods, have inherent limitations, including high false positives, reliance on known patterns, and lack of contextual understanding. These approaches often fail to classify insider threats accurately, potentially leading to innocent insiders being mislabeled as malicious. In this project, a unified insider threat detection system is proposed, integrating anomaly-based, signature- based, and behavioral analysis methods using Support Vector Machines (SVMs). By combining these methods and leveraging the strengths of SVMs, the aim is to address the limitations of individual approaches and enhance detection accuracy. Weighted voting is employed to fuse the output of each detection method, providing a comprehensive likelihood estimate of insider threats. This integrated approach enables organizations to better identify and mitigate insider threats, safeguarding sensitive assets and maintaining a robust security posture. Keywords— Insider threat, Insider threat detection, Signature- based detection, Anomaly-based detection, Behavior analysis, False positives, Detection accuracy, Weighted Voting Mechanism.
5
Kim, Park, Kim, Cho, and Kang. "Insider Threat Detection Based on User Behavior Modeling and Anomaly Detection Algorithms." Applied Sciences 9, no. 19 (2019): 4018. http://dx.doi.org/10.3390/app9194018.
Full textAbstract:
Insider threats are malicious activities by authorized users, such as theft of intellectual property or security information, fraud, and sabotage. Although the number of insider threats is much lower than external network attacks, insider threats can cause extensive damage. As insiders are very familiar with an organization’s system, it is very difficult to detect their malicious behavior. Traditional insider-threat detection methods focus on rule-based approaches built by domain experts, but they are neither flexible nor robust. In this paper, we propose insider-threat detection methods based on user behavior modeling and anomaly detection algorithms. Based on user log data, we constructed three types of datasets: user’s daily activity summary, e-mail contents topic distribution, and user’s weekly e-mail communication history. Then, we applied four anomaly detection algorithms and their combinations to detect malicious activities. Experimental results indicate that the proposed framework can work well for imbalanced datasets in which there are only a few insider threats and where no domain experts’ knowledge is provided.
6
Soleh, Musdi Muhammad. "A Study Case in NTMC POLRI: Reducing Data Breach Risk from Insider Threats by Using Risk IT Framework." ACMIT Proceedings 3, no. 1 (2019): 171–79. http://dx.doi.org/10.33555/acmit.v3i1.41.
Full textAbstract:
Risks is not only merely comes from external threats, it is also comes from inside - internal actor. Vormetric Insider Threat mentioned that in 800 surveyed enterprise companies, 89% vulnerable to insider attacks [1]. It mentioned that Data Breach issue the highest risk happened to the company caused by insider threats. This paper will analyse the insider attacks, Risk IT framework will be used toreduce to reduce and prevent these vulnerabilities in valuable assets.
7
Alsowail, Rakan A., and Taher Al-Shehari. "A Multi-Tiered Framework for Insider Threat Prevention." Electronics 10, no. 9 (2021): 1005. http://dx.doi.org/10.3390/electronics10091005.
Full textAbstract:
As technologies are rapidly evolving and becoming a crucial part of our lives, security and privacy issues have been increasing significantly. Public and private organizations have highly confidential data, such as bank accounts, military and business secrets, etc. Currently, the competition between organizations is significantly higher than before, which triggers sensitive organizations to spend an excessive volume of their budget to keep their assets secured from potential threats. Insider threats are more dangerous than external ones, as insiders have a legitimate access to their organization’s assets. Thus, previous approaches focused on some individual factors to address insider threat problems (e.g., technical profiling), but a broader integrative perspective is needed. In this paper, we propose a unified framework that incorporates various factors of the insider threat context (technical, psychological, behavioral and cognitive). The framework is based on a multi-tiered approach that encompasses pre, in and post-countermeasures to address insider threats in an all-encompassing perspective. It considers multiple factors that surround the lifespan of insiders’ employment, from the pre-joining of insiders to an organization until after they leave. The framework is utilized on real-world insider threat cases. It is also compared with previous work to highlight how our framework extends and complements the existing frameworks. The real value of our framework is that it brings together the various aspects of insider threat problems based on real-world cases and relevant literature. This can therefore act as a platform for general understanding of insider threat problems, and pave the way to model a holistic insider threat prevention system.
8
Hobbs, Christopher. "Insider threats." International Affairs 95, no. 3 (2019): 725–26. http://dx.doi.org/10.1093/ia/iiz084.
Full text
9
Niblett, Gareth. "Insider Threats." ITNOW 58, no. 2 (2016): 23. http://dx.doi.org/10.1093/itnow/bww039.
Full text
10
Luqman Hakim. "Insider Threats: The Cybersecurity Analysis using OCTAVE Allegro which are combined with HAIS-Q." Uranus : Jurnal Ilmiah Teknik Elektro, Sains dan Informatika 3, no. 1 (2025): 36–47. https://doi.org/10.61132/uranus.v3i1.649.
Full textAbstract:
There are various types of cybersecurity threat in the globe, one of which is an insider threat. Because the current vulnerability generates an insider threat, SMEs suffer. In this situation, the company suffers a loss of profit and trust. Because of the speed and intensity of cybersecurity, particularly internal threats, SMEs must conduct regular vulnerability assessments. Insider threats to cyber security are a major issue in today's environment. Insider threats come in a variety of flavours, one of which is the unintended insider threat, or UIsT. This type of threat is a real one, and it is important to understand who and how they can become an insider threat.
11
Marshet Tamirat. "Current Detection Methods for Insider Threats and Social Engineering Attacks: Enhancements and Analysis Using Deep Learning." Journal of Electrical Systems 20, no. 11s (2024): 2838–53. https://doi.org/10.52783/jes.7966.
Full textAbstract:
Despite advancements in technology, insider threats and social engineering attacks continue to pose significant challenges. Current threat detection methods often fail to effectively identifies insider threats, leaving organizations vulnerable. This systematic review thoroughly examines and evaluates existing detection methods for insider threats and social engineering attacks, performs comparative gap analyses, assesses detection effectiveness, identifies inherent challenges, and proposes conceptual system architecture. A primary challenge is distinguishing between normal and malicious insider activities, which exceed the capabilities of current network intrusion detection systems. Although machine learning and deep learning-based intrusion detection systems have been developed continuously, issues such as false positive and false negative rates persist due to the human elements involved in insider threats and social engineering attacks. The review focuses on identifying current network and host-based detection methods, analyzing existing gaps, and proposing a detection framework that integrates user behavior analysis with network and host-based detection and deep learning techniques to enhance detection accuracy and cost-effectiveness. Incorporating user cybersecurity behavior into existing intrusion detection systems and making detection unified (comprehensive) will result a high-performance threat detection system specifically for malicious insiders and social engineering attacks.
12
Anatoly, Adamovich Kornienko, and Aleksandrovich Polyanichko Mark. "Insider Detection Method in a Company." International Journal of Engineering and Advanced Technology (IJEAT) 9, no. 2 (2019): 585–92. https://doi.org/10.35940/ijeat.A1452.129219.
Full textAbstract:
Managers often focus on external threats mainly due to the difficulties in evaluating the losses from the insider activities. The purpose of the study is to improve the efficient performance of an information security department and a company itself in counteracting insider threats by increasing the accuracy and rate of assessing the insider threat for each employee and ranking employees in accordance with the assessment of a summarized technical threat indicator. The authors morphologically analyze the features of insider activities in three sections and identify a promising area for combating the insiders – a prompt identification of unusual behavior signaling a breach of confidentiality. The paper describes an algorithm developed by the authors for assessing the insider threat for each employee of a company and ranking all employees by a summarized technical threat indicator. The steps to implement the algorithm are described in detail and a fuzzy derivation scheme of a summarized technical threat indicator is presented; an example is used to test the algorithm. The algorithm can be implemented as a part of a corporate information system. It is cheap to use and own, and it is rated as cost-efficient.
13
Shevchenko, Svitlana, Yuliia Zhdanovа, Pavlo Skladannyi, and Sofia Boiko. "INSIDERS AND INSIDER INFORMATION: ESSENCE, THREATS, ACTIVITIES AND LEGAL RESPONSIBILITY." Cybersecurity: Education, Science, Technique 3, no. 15 (2022): 175–85. http://dx.doi.org/10.28925/2663-4023.2022.15.175185.
Full textAbstract:
The constant development of information technologies, the growing role at the present stage of human potential create new internal threats to the information security of enterprises. The article investigates and analyzes the problems of information security associated with internal violators of companies and their insider activity. Economic reports and analytical materials allowed to determine the relevance and importance of this work. Based on scientific literature, a review of various approaches to the definition of "insider" and "insider information" was carried out. The main key indicators of the insider and signs of insider information are described. The classification of data sources for the study of insider threats is presented, among which real data of the system journal and data from social networks are allocated; analytical information with synthetic anomalies; simulated data due to the formation of stochastic models; theoretical and gaming approach. Insider threat detection algorithms are described depending on intentions, behavior, capabilities of insiders, how resources are used, as well as models involving several algorithms. The normative issues of protection of insider information from unauthorized disclosure and legal responsibility for illegal use of insider information in Ukrainian legislation are covered.
14
Adikari, Swini. "Countering the Threat of Nuclear Terrorism Arising from Malicious Insiders." Global Affairs Review 1, no. 2 (2021): 1–18. http://dx.doi.org/10.51330/gar.0020214.
Full textAbstract:
Nuclear theft from malicious insiders is a significant threat to Pakistan’s nuclear weapons arsenal. Pakistan is a member of the Convention of the Physical Protection of Nuclear Material (CPPNM), which is an international agreement that adheres to the protection of nuclear materials and the recovery of stolen nuclear materials. However, this agreement does not specifically take into account the risk of security breaches arising from malicious insiders due to Pakistan’s rapidly growing nuclear arsenal. The purpose of this paper is to examine the heightened risk of insider threats in conjunction with Pakistan’s increasing nuclear force structure. The first section of the paper examines the history of the development of Pakistan’s nuclear weapons programme and discusses Pakistan’s current nuclear force structure. The second section examines the international and domestic policies that Pakistan follows to address the issue of insider threats to Pakistan’s nuclear facilities. The final section proposes two policy alternatives to address Pakistan’s growing insider threat risks and outlines how the Design Basis Threat assessment is the most effective solution for Pakistan’s growing insider threat.
15
Yilmaz, Erhan, and Ozgu Can. "Unveiling Shadows: Harnessing Artificial Intelligence for Insider Threat Detection." Engineering, Technology & Applied Science Research 14, no. 2 (2024): 13341–46. http://dx.doi.org/10.48084/etasr.6911.
Full textAbstract:
Insider threats pose a significant risk to organizations, necessitating robust detection mechanisms to safeguard against potential damage. Traditional methods struggle to detect insider threats operating within authorized access. Therefore, the use of Artificial Intelligence (AI) techniques is essential. This study aimed to provide valuable insights for insider threat research by synthesizing advanced AI methodologies that offer promising avenues to enhance organizational cybersecurity defenses. For this purpose, this paper explores the intersection of AI and insider threat detection by acknowledging organizations' challenges in identifying and preventing malicious activities by insiders. In this context, the limitations of traditional methods are recognized, and AI techniques, including user behavior analytics, Natural Language Processing (NLP), Large Language Models (LLMs), and Graph-based approaches, are investigated as potential solutions to provide more effective detection mechanisms. For this purpose, this paper addresses challenges such as the scarcity of insider threat datasets, privacy concerns, and the evolving nature of employee behavior. This study contributes to the field by investigating the feasibility of AI techniques to detect insider threats and presents feasible approaches to strengthening organizational cybersecurity defenses against them. In addition, the paper outlines future research directions in the field by focusing on the importance of multimodal data analysis, human-centric approaches, privacy-preserving techniques, and explainable AI.
16
Bhandari, Durga, and Kumar Pudashine. "Insider Threat Detection using LSTM." Journal of Science and Technology 3, no. 1 (2023): 57–65. http://dx.doi.org/10.3126/jost.v3i1.69066.
Full textAbstract:
Security threats have been the major challenge for any organization. This has even been more threatening since in present days most of the organizational data are in digital form and digital data are easy to access and alter if not properly secured. While most of the threats considered are external threats like Viruses, Worms, DOS, DDOS, hacking etc. Internal threats also cannot be ignored. Many frauds, especially for organizations that perform financial transactions, are done by misusing the internal access to the data. Internal threats happen from the users who have some privileged access to the data. Finding such a threat is not only difficult but also more challenging than that from the external source. Most organizations don’t give internal threats that much consideration but lately many works have been done in the field of internal threat detection.
17
Ruba, Ruba, and Hanan AlShaher. "Insider Threat Detection: Exploring User Event Behavior Analytics and Machine Learning in Security Reviews." Journal of Cybersecurity and Information Management 13, no. 2 (2024): 171–81. http://dx.doi.org/10.54216/jcim.130213.
Full textAbstract:
With the exponential increase in technology use, insider threats are also growing in scale and importance, becoming one of the biggest challenges for government and corporate information security. Recent research shows that insider threats are more costly than external threats, making it critical for organizations to protect their information security. Effective insider threat detection requires the use of the latest models and technologies. Although a large number of insider threats have been discovered, the field is still limited by many issues, such as data imbalance, false positives, and a lack of accurate data, which require further research. This survey investigates the existing approaches and technologies for insider threat detection. It finds and summarizes relevant studies from different databases, followed by a detailed comparison. It also examines the types of data used and the machine learning models employed to detect these threats. It discusses the challenges researchers face in detecting insider threats and future trends in the field.
18
Mohammed, Nasser Al-Mhiqani, Ahmad Rabiah, Zainal Abidin Zaheera, Yassin Warusia, Hassan Aslinda, and Natasha Mohammad Ameera. "New insider threat detection method based on recurrent neural networks." Indonesian Journal of Electrical Engineering and Computer Science (IJEECS) 17, no. 3 (2020): 1474–79. https://doi.org/10.11591/ijeecs.v17.i3.pp1474-1479.
Full textAbstract:
Insider threat is a significant challenge in cybersecurity. In comparison with outside attackers, inside attackers have more privileges and legitimate access to information and facilities that can cause considerable damage to an organization. Most organizations that implement traditional cybersecurity techniques, such as intrusion detection systems, fail to detect insider threats given the lack of extensive knowledge on insider behavior patterns. However, a sophisticated method is necessary for an in-depth understanding of insider activities that the insider performs in the organization. In this study, we propose a new conceptual method for insider threat detection on the basis of the behaviors of an insider. In addition, gated recurrent unit neural network will be explored further to enhance the insider threat detector. This method will identify the optimal behavioral pattern of insider actions.
19
Trivedi, Aayush. "Research Paper on Cybersecurity and Insider Threat Detection: The Role of User Behavior Analytics (UBA) in Modern Defense Strategies." International Journal for Research in Applied Science and Engineering Technology 13, no. 1 (2025): 455–66. https://doi.org/10.22214/ijraset.2025.66298.
Full textAbstract:
Insider threats have emerged as one of the most pressing challenges in modern cybersecurity. These threats, which originate from within an organization, pose a unique risk due to the trusted access that insiders—such as employees, contractors, and business partners—have to sensitive systems and data. Detecting and preventing insider threats is particularly challenging because traditional security measures, designed to guard against external attacks, are often insufficient to identify malicious or negligent behavior from trusted individuals. This research paper delves into the complexities of insider threat detection and prevention, with a particular emphasis on the role of User Behavior Analytics (UBA). UBA leverages advanced machine learning algorithms and statistical analysis to monitor, analyze, and model user behavior, enabling the identification of deviations from established norms that may indicate potential insider threats. The paper provides a comprehensive analysis of UBA, discussing its core components, functionality, and integration with existing security frameworks. Additionally, the paper examines the challenges and limitations of implementing UBA, including technical hurdles, data privacy concerns, and the impact of human factors. Through case studies and practical examples, the research highlights the real-world applications of UBA in various industries and its effectiveness in mitigating insider threats. The paper also explores future trends in UBA and insider threat detection, considering advancements in artificial intelligence, machine learning, and their implications for cybersecurity. Finally, the paper presents best practices for organizations seeking to implement UBA, offering strategic recommendations to maximize the effectiveness of this technology while ensuring compliance with legal and ethical standards. The research concludes that while UBA significantly enhances the ability to detect insider threats, it must be part of a holistic cybersecurity strategy that includes robust access controls, continuous monitoring, and a culture of security awareness.
20
Burrell, Darrell Norman, Calvin Nobles, Austin Cusak, Marwan Omar, and Lemie Gillesania. "CYBERCRIME AND THE NATURE OF INSIDER THREAT COMPLEXITIES IN HEALTHCARE AND BIOTECHNOLOGY ENGINEERING ORGANIZATIONS." JOURNAL OF CRIME AND CRIMINAL BEHAVIOR 2, no. 2 (2022): 131–44. http://dx.doi.org/10.47509/jccb.2022.v02i02.04.
Full textAbstract:
This article explores the nature of cybersecurity professionals being insider threats to their own organization, as well as the general increase in harder-to-detect threats coming from an ever-widening acceptance of third-party insiders, which organizations, biotechnology engineering, and other healthcare organizations rely on. After examining the current and emerging literature on how individuals are motivated to engage in problematic workplace behaviors as a means of gaining their specific goal or need, the paper articulates malicious cybersecurity insider threat indicators, then provides best practices for reducing the risk of these threats in healthcare and biotechnology engineering organizations.
21
Nasser Al-mhiqani, Mohammed, Rabiah Ahmad, Zaheera Zainal Abidin, Warusia Yassin, Aslinda Hassan, and Ameera Natasha Mohammad. "New insider threat detection method based on recurrent neural networks." Indonesian Journal of Electrical Engineering and Computer Science 17, no. 3 (2020): 1474. http://dx.doi.org/10.11591/ijeecs.v17.i3.pp1474-1479.
Full textAbstract:
<p>Insider threat is a significant challenge in cybersecurity. In comparison with outside attackers, inside attackers have more privileges and legitimate access to information and facilities that can cause considerable damage to an organization. Most organizations that implement traditional cybersecurity techniques, such as intrusion detection systems, fail to detect insider threats given the lack of extensive knowledge on insider behavior patterns. However, a sophisticated method is necessary for an in-depth understanding of insider activities that the insider performs in the organization. In this study, we propose a new conceptual method for insider threat detection on the basis of the behaviors of an insider. In addition, gated recurrent unit neural network will be explored further to enhance the insider threat detector. This method will identify the optimal behavioral pattern of insider actions.</p>
22
Saxena, Neetesh, Emma Hayes, Elisa Bertino, Patrick Ojo, Kim-Kwang Raymond Choo, and Pete Burnap. "Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses." Electronics 9, no. 9 (2020): 1460. http://dx.doi.org/10.3390/electronics9091460.
Full textAbstract:
The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed.
23
A. Jones, Laura. "Unveiling Human Factors: Aligning Facets of Cybersecurity Leadership, Insider Threats, and Arsonist Attributes to Reduce Cyber Risk." SocioEconomic Challenges 8, no. 2 (2024): 44–63. http://dx.doi.org/10.61093/sec.8(2).44-63.2024.
Full textAbstract:
This qualitative study is a systematic literature review (draws on literature primarily published within the last five years) addresses a comprehensive approach to a crucial but often overlooked aspect of cybersecurity: the human factors underlying insider threats. Attention is focused on the so-called “organizational arsonists” – individuals who willfully seek to adversely impact the organization by inducing anarchy aligned with their own motivations, insiders who purposefully damage their companies using digital methods, someone intentionally causing mayhem within a company, which can be criminal in cyber environments. The purpose of the research is to identify how cybersecurity leadership can effectively detect and mitigate the risks associated with insiders, particularly those exhibiting arsonist-like behaviors. Review uncovering that organizational arsonists can escalate cybersecurity risks substantially, with insider incidents costing organizations an average of $16.2 million per incident. These incidents now represent a persistent challenge, increasing in frequency by 68% over the past year according to the 2022 Insider Threat Report. The findings highlight the necessity of leadership strategies that preemptively recognize and neutralize potential insider threats to improve organizational resilience and security posture. This approach not only informs current cybersecurity practices but also aids in the development of targeted policies and refined regulatory measures. By integrating insights from psychology, criminology, and cybersecurity, the study provides a comprehensive understanding of the human elements influencing insider threats, essential for enhancing both academic knowledge and practical applications in risk management. The results showed a parallel between the motivations of arsonists who set physical fires to the characteristics and motivations of insider threats who exploit organizational vulnerabilities. The impact of this research can be helpful in assisting cybersecurity professionals, leaders who strategize against cyber threats, and risk managers and analysts who understand and mitigate human factors and insider threats. Leaders and executives may use these insights to improve security resource allocation and culture. Policymakers and regulators may use the study’s results to create more nuanced cybersecurity legislation, while academics and students in related disciplines can use it for future research.
24
Zatonatskiy, D., V. Marhasova, and N. Korogod. "INSIDER THREAT MANAGEMENT AS AN ELEMENT OF THE CORPORATE ECONOMIC SECURITY." Financial and credit activity: problems of theory and practice 1, no. 36 (2021): 149–58. http://dx.doi.org/10.18371/fcaptp.v1i36.227690.
Full textAbstract:
This paper considers the insider threats in the companies from different sectors and various methods of their assessment. The problem of information leakage is becoming increasingly important for companies in all areas of economic activity. The problem of insider threats is becoming increasingly important, as the company may incur losses not only due to the leakage of information about its inventions, but also through lawsuits in case of theft of personal information of the customers, contractors and more. This means that in order to gain access to the international markets, Ukrainian companies must have an appropriate level of protection not only of the company’s confidential information, but also of the data on customers, contractors, etc. The objective of the article is to analyze the existing methodological approaches to the assessment of insider threats in the enterprise as a component of personnel and economic security. We came to the conclusion that different industries have different vulnerabilities to insider threats and different approaches to insider threat management. It was determined that information leaks are a serious threat to the company’s economic and personnel security. It was discovered that firms have achieved significant improvements and developed effective procedures for counteracting external threats, however, protection against insider attacks remains rather low. In the course of the research, the concept of an insider attacker was defined, the types of insider threats were established, and the main actions of the personnel prior to the insider attack were outlined. It was proved that the degree of insider threat is determined by the type of activity of the company and the liquidity of information that may be leaked. Most leaks are observed in high-tech companies and medical institutions, while the most liquid is the information of banks, financial institutions, industrial and commercial companies.
25
Researcher. "THE ROLE OF AI IN DETECTING INSIDER THREATS IN HEALTHCARE ORGANIZATIONS." International Journal of Research In Computer Applications and Information Technology (IJRCAIT) 7, no. 2 (2024): 239–48. https://doi.org/10.5281/zenodo.13960643.
Full textAbstract:
This article explores the critical role of Artificial Intelligence (AI) in detecting and preventing insider threats within healthcare organizations. It examines the growing challenges of data security in the healthcare sector, highlighting the significant financial and reputational risks posed by insider threats. The article discusses various types of insider threats, including malicious actors, negligent employees, and compromised credentials. It then delves into how AI enhances insider threat detection through behavioral analytics, machine learning, natural language processing, and predictive analytics. The article outlines key steps for implementing AI-based insider threat detection systems and addresses the ethical considerations and privacy concerns associated with such implementations. By leveraging AI technologies, healthcare organizations can significantly improve their ability to protect sensitive patient data and maintain the integrity of their systems.
26
Zeng, Min, Chuanzhou Dian, and Yaoyao Wei. "Risk Assessment of Insider Threats Based on IHFACS-BN." Sustainability 15, no. 1 (2022): 491. http://dx.doi.org/10.3390/su15010491.
Full textAbstract:
Insider threats, as one of the pressing challenges that threaten an organization’s information assets, usually result in considerable losses to the business. It is necessary to explore the key human factors that enterprise information security management should focus on preventing to reduce the probability of insider threats effectively. This paper first puts forward the improved Human Factors Analysis and Classification System (IHFACS) based on actual enterprise management. Then, the enterprise internal threat risk assessment model is constructed using the Bayesian network, expert evaluation, and fuzzy set theory. Forty-three classic insider threat cases from China, the United States, and Israel during 2009–2021 are selected as samples. Then, reasoning and sensitivity analysis recognizes the top 10 most critical human factors of the accident and the most likely causal chain of unsafe acts. The result shows that the most unsafe behavior was not assessing employees’ familiarity with the company’s internal security policies. In addition, improving the organizational impact of information security can effectively reduce internal threats and promote the sustainable development of enterprises.
27
Ikiara, Charles Mwenda, Dr Boniface Ratemo, and Dr George Musumba. "Influence of Organizational Security Learning Practices on Insider Security Threats in SoCs in Kenya." International Journal of Scientific Research and Management (IJSRM) 12, no. 08 (2024): 7027–35. http://dx.doi.org/10.18535/ijsrm/v12i08.em04.
Full textAbstract:
Insider threats have consistently been identified as key threats to State-owned Corporations and governments (SoCs). Research has shown that huge amounts of resources go towards safeguarding organizations’ assets and information systems from external threats in total disregard of potential threats from malicious and compromised insiders. Recent studies indicate that insider threats are on the rise and have cost the Kenyan economy $ 36Million USD. In addition, investigations show that these threats are increasing in scale, scope, and sophistication. The general objective of the study was to investigate on the organizational factors influencing insider security threats in State-owned Corporations in Kenya. Specifically, the study evaluated the influence of organizational security policies, organizational security learning practices and organizational communication practices on insider security threats in State-owned Corporations in Kenya. The study was anchored on the CISA Insider Threats Risk Score Model, deterrence theory, social learning theory and the communication privacy management theory. The study adopted descriptive correlational research design. The target population was 187 State-owned Corporations in Kenya. A census sampling design was used targeting the Security managers or their equivalent in SoCs. The researcher utilized a self-administered questionnaire as the data collection method. Data was analysed through quantitative techniques using the SPSS. The study established that organizational security policies have significant influence on insider security threats in SoCs in Kenya. The study also established that organizational security learning practices have significant influence on insider security threats in SoCs in Kenya. In addition, the study revealed that organizational communication practices have significant influence on insider security threats in SoCs in Kenya. The study also deduced that the combined influence of organizational security policies, learning practices and communication practices (organizational factors) significantly influence insider security threats in SoCs in Kenya. The study recommends that SoCs consider conducting a comprehensive review of their existing security policies, ensuring clarity on the severity of consequences for insider threats. Further, the study recommends that SoCs work on strengthening their learning policies to emphasize the importance of observational learning, role modeling, and positive reinforcement in the context of security awareness to address insider security threats. Additionally, the study recommends that SoCs provide training programs that emphasize effective communication practices surrounding privacy management.
28
Swapnil Chawande. "Insider threats in highly automated cyber systems." World Journal of Advanced Engineering Technology and Sciences 13, no. 2 (2024): 807–20. https://doi.org/10.30574/wjaets.2024.13.2.0642.
Full textAbstract:
Existing artificial intelligence (AI) systems for cybersecurity face growing complexity from human insiders who pose threats to automated networks. The research investigates how authorized users take advantage of the weaknesses present in AI-based cybersecurity systems. The research seeks to discover the processes through which insiders commit intelligent system breaches while also avoiding conventional security protocols. The investigation focuses on understanding unique display patterns of insider threats within systems operated by AI technology. The current models that detect insider activities face barriers that prevent them from recognizing such behavior. A combination of case studies, incident analysis, and expert consultation methods was integrated to develop an extensive concept of the problem. AI systems serve in threat detection, yet their ability to identify human interactions behind attacks has diminished because of excessive dependence on automation. Results show that behavior-based monitoring and enhanced AI-human supervision systems must become priorities for cybersecurity safety. The study supports cybersecurity and AI governance by showing insider risks and recommending defenses that strengthen the resilience accompanying growing automation across systems.
29
Clarke, Karla, Yair Levy, Laurie Dringus, and Shonda Brown. "How workplace satisfaction affects insider threat detection as a vital variable for the mitigation of malicious cyber insiders." Online Journal of Applied Knowledge Management 7, no. 1 (2019): 40–52. http://dx.doi.org/10.36965/ojakm.2019.7(1)40-52.
Full textAbstract:
Insider threat mitigation is a growing challenge within organizations. The development of a novel alert visualization dashboard for the identification of potentially malicious cyber insider threats was identified as necessary to alleviate this challenge. This research developed a cyber insider threat dashboard visualization prototype for detecting potentially malicious cyber insider activities QUICK.v™. This study utilized Subject Matter Experts (SMEs) by applying the Delphi Method to identify the most critical cyber visualization variables and ranking. This paper contains the detailed results of a survey based experimental research study that identified the critical cybersecurity variables also referred to as cybersecurity vital signs. The identified vital signs will aid cybersecurity analysts with triage for potentially malicious insider threats. From a total of 45 analytic variables assessed by 42 cybersecurity SMEs, the top six variables were identified using a comprehensive data collection process. The results indicated that workplace satisfaction is one of the top critical cyber visualization variables that should be measured and visualized to aid cybersecurity analysts in the detection of potentially malicious cyber insider threat activities. The process of the data collection to identify and rank critical cyber visualization variables are described.
30
Al-Shehari, Taher, and Rakan A. Alsowail. "An Insider Data Leakage Detection Using One-Hot Encoding, Synthetic Minority Oversampling and Machine Learning Techniques." Entropy 23, no. 10 (2021): 1258. http://dx.doi.org/10.3390/e23101258.
Full textAbstract:
Insider threats are malicious acts that can be carried out by an authorized employee within an organization. Insider threats represent a major cybersecurity challenge for private and public organizations, as an insider attack can cause extensive damage to organization assets much more than external attacks. Most existing approaches in the field of insider threat focused on detecting general insider attack scenarios. However, insider attacks can be carried out in different ways, and the most dangerous one is a data leakage attack that can be executed by a malicious insider before his/her leaving an organization. This paper proposes a machine learning-based model for detecting such serious insider threat incidents. The proposed model addresses the possible bias of detection results that can occur due to an inappropriate encoding process by employing the feature scaling and one-hot encoding techniques. Furthermore, the imbalance issue of the utilized dataset is also addressed utilizing the synthetic minority oversampling technique (SMOTE). Well known machine learning algorithms are employed to detect the most accurate classifier that can detect data leakage events executed by malicious insiders during the sensitive period before they leave an organization. We provide a proof of concept for our model by applying it on CMU-CERT Insider Threat Dataset and comparing its performance with the ground truth. The experimental results show that our model detects insider data leakage events with an AUC-ROC value of 0.99, outperforming the existing approaches that are validated on the same dataset. The proposed model provides effective methods to address possible bias and class imbalance issues for the aim of devising an effective insider data leakage detection system.
31
Althebyan, Qutaibah. "Mitigating Insider Threats on the Edge: A Knowledgebase Approach." International Arab Journal of Information Technology 17, no. 4A (2020): 621–28. http://dx.doi.org/10.34028/iajit/17/4a/6.
Full textAbstract:
Insider Threats, who are cloud internal users, cause very serious problems, which in terns, leads to devastating attacks for both individuals and organizations. Although, most of the attentions, in the real world, is for the outsider attacks, however, the most damaging attacks come from the Insiders. In cloud computing, the problem becomes worst in which the number of insiders are maximized and hence, the amount of data that can be breached and disclosed is also maximized. Consequently, insiders' threats in the cloud ought to be one of the top most issues that should be handled and settled. Classical solutions to defend against insiders’ threats might fail short as it is not easy to track both activities of the insiders as well as the amount of knowledge an insider can accumulate through his/her privileged accesses. Such accumulated knowledge can be used to disclose critical information –which the insider is not privileged to- through expected dependencies that exist among different data items that reside in one or more nodes of the cloud. This paper provides a solution that suits well the specialized nature of the above mentioned problem. This solution takes advantage of knowledge bases by tracking accumulated knowledge of insiders through building Knowledge Graphs (KGs) for each insider. It also takes advantage of Mobile Edge Computing (MEC) by building a fog layer where a mitigation unit -resides on the edge- takes care of the insiders threats in a place that is as close as possible to the place where insiders reside. As a consequence, this gives continuous reactions to the insiders’ threats in real-time, and at the same time, lessens the overhead in the cloud. The MEC model to be presented in this paper utilizes a knowledgebase approach where insiders’ knowledge is tracked and modeled. In case an insider knowledge accumulates to a level that is expected to cause some potential disclosure of private data, an alarm will be raised so that expected actions should be taken to mitigate this risk. The knowledgebase approach involves generating Knowledge Graphs (KGs), Dependency Graphs (DGs) where a Threat Prediction Value (TPV) is evaluated to estimate the risk upon which alarms for potential disclosure are raised. Experimental analysis has been conducted using CloudExp simulator where the results have shown the ability of the proposed model to raise alarms for potential risks from insiders in a real time fashion with accurate precision
32
Seo, Sang, and Dohoon Kim. "Study on Inside Threats Based on Analytic Hierarchy Process." Symmetry 12, no. 8 (2020): 1255. http://dx.doi.org/10.3390/sym12081255.
Full textAbstract:
Insider threats that occur within organizations cause more serious damage than external threats. However, there are many factors that are difficult to determine, such as the definition, classification, and severity of security breaches; hence, it is necessary to analyze system logs and user behavior-based scenarios within organizations. The reality is that qualitative judgment criteria are different for everyone to apply, and there is no detailed verification procedure to compare them objectively. In this study, realistic insider threats were examined through the definition, classification, and correlation/association analysis of various human–machine logs of acts associated with security breaches that occur in an organization. In addition, a quantitative process and decision-making tool were developed for insider threats by establishing various internal information leakage scenarios. As a result, insider threats were assessed quantitatively and a decision-making process was completed that enabled case analysis based on several insider threat scenarios. This study will enable precise modeling of insider threats that occur in real organizations and will support an objective process and a decision-making system to establish a range of required information for security protection measures.
33
Alsowail, Rakan A., and Taher Al-Shehari. "Techniques and countermeasures for preventing insider threats." PeerJ Computer Science 8 (April 1, 2022): e938. http://dx.doi.org/10.7717/peerj-cs.938.
Full textAbstract:
With the wide use of technologies nowadays, various security issues have emerged. Public and private sectors are both spending a large portion of their budget to protect the confidentiality, integrity, and availability of their data from possible attacks. Among these attacks are insider attacks which are more serious than external attacks, as insiders are authorized users who have legitimate access to sensitive assets of an organization. As a result, several studies exist in the literature aimed to develop techniques and tools to detect and prevent various types of insider threats. This article reviews different techniques and countermeasures that are proposed to prevent insider attacks. A unified classification model is proposed to classify the insider threat prevention approaches into two categories (biometric-based and asset-based metric). The biometric-based category is also classified into (physiological, behavioral and physical), while the asset metric-based category is also classified into (host, network and combined). This classification systematizes the reviewed approaches that are validated with empirical results utilizing the grounded theory method for rigorous literature review. Additionally, the article compares and discusses significant theoretical and empirical factors that play a key role in the effectiveness of insider threat prevention approaches (e.g., datasets, feature domains, classification algorithms, evaluation metrics, real-world simulation, stability and scalability, etc.). Major challenges are also highlighted which need to be considered when deploying real-world insider threat prevention systems. Some research gaps and recommendations are also presented for future research directions.
34
Henge, Santosh Kumar, Aditya Upadhyay, Ashok Kumar Saini, Neha Mishra, Dimpal Sharma, and Gajanand Sharma. "Analysis and detection of insider attacks using behaviour rule based architecture in enterprise multitenancy." Journal of Discrete Mathematical Sciences & Cryptography 26, no. 3 (2023): 707–18. http://dx.doi.org/10.47974/jdmsc-1743.
Full textAbstract:
The enterprise level data security and privacy are one of the focal key challenges to the pr enterprise and security companies to prevent private data from outside and inside attacks. The insider threats and attacks can pretense a real defense risk to the various internal multi-tenants of various enterprises and companies. The data thievery by insiders of the companies is as a great deal the consequence of enterprises failing to execute the scheme and expertise to member of staff supervise activities and administrate the authenticated data-access to data as it the authentic spiteful activities of member of staff looking for economic benefits in multi-tenancy environment. This research composed with three major objectives: Description of insider attack causes with their impact factors; Implications of behavior rule-based architecture in enterprise multitenancy; Integration of behavior rules with prevention thresholds to control user accessibility for prevention of insider attacks and threats; This paper has described the efficient security scenario to avoid insider attaching complexities. This research is more helping the cyber security experts and network administrators to reduce the insider attacks by building the efficient monitoring intelligent system. The experimental scenarios built with125 authenticated, 29 non-authenticated internal users, and 62 authenticated, 18 non-authenticated external users of single enterprise level and avoided insider attacks and threats.
35
Wang, Jiarong, Qianran Sun, and Caiqiu Zhou. "Insider Threat Detection Based on Deep Clustering of Multi-Source Behavioral Events." Applied Sciences 13, no. 24 (2023): 13021. http://dx.doi.org/10.3390/app132413021.
Full textAbstract:
With the continuous advancement of enterprise digitization, insider threats have become one of the primary cybersecurity concerns for organizations. Therefore, it is of great significance to develop an effective insider threat detection mechanism to ensure the security of enterprises. Most methods rely on artificial feature engineering and input the extracted user behavior features into a clustering-based unsupervised machine learning model for insider threat detection. However, feature extraction is independent of clustering-based unsupervised machine learning. As a result, user behavior features are not the most appropriate for clustering-based unsupervised machine learning, and thus, they reduce the insider threat detection accuracy. This paper proposes an insider threat detection method based on the deep clustering of multi-source behavioral events. On the one hand, the proposed method constructs an end-to-end deep clustering network and automatically learns the user behavior feature expression from multi-source behavioral event sequences. On the other hand, a deep clustering objective function is presented to jointly optimize the learning of feature representations and the clustering task for insider threat detection. This optimization can adjust the optimal user behavior features for the clustering model to improve the insider threat detection accuracy. The experimental results show that the proposed end-to-end insider threat detection model can accurately identify insider threats based on abnormal multi-source user behaviors in enterprise networks.
36
SREEKUMAR, SHREYA, SARANG C, ALKA SAJEEVAN P, VARNA O V, and ASWATHI V. "Insider Threat Detection Methodologies." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 09, no. 03 (2025): 1–9. https://doi.org/10.55041/ijsrem43389.
Full textAbstract:
Insider threats, originating from individuals with legitimate access to sensitive systems and data, represent a significant cybersecurity challenge, unlike external attacks, insider threats are harder to detect, as they often exploit legitimate credentials to bypass conventional security measures. These threats can result in severe consequences such as data breaches, financial losses, and system disruptions. Traditional detection methods, such as rule-based approaches and classical ma- chine learning models, struggle to identify evolving and sophisticated insider behaviors due to their reliance on predefined patterns and static detection criteria. Recent advancements in artificial intelligence (AI), deep learning, cryptographic security and hybrid detection frame- works have significantly enhanced the ability to detect and mitigate insider threats. Deep learning models, such as Long Short-Term Memory (LSTM) networks and Generative Adversarial Networks (GANs), excel at identifying subtle behavioral anomalies, while cryptographic techniques, such as blockchain-based authentication and data encryption, reinforce security by preventing unauthorized access. Hybrid approaches that combine AI-driven anomaly detection with structured security control mechanisms have emerged as the most effective solution, offering multi-layered protection against insider attacks. The primary objective of this paper is to present a comprehensive review of insider threat detection methodologies, comparing traditional and AI- based approaches, including specification-based detection, behavioral monitoring, anomaly-based models and cryptographic security measures. The study highlights the strengths and limitations of each method and explores future research directions, including the development of self-supervised learning models, explainable AI and optimized real-time detection systems. A holistic security strategy, integrating AI, cryptographic security and policy-driven risk mitigation is necessary to enhance organizational resilience against insider threats.
37
Kim, Jung Hwan, Chul Min Kim, and Man-Sung Yim. "An Investigation of Insider Threat Mitigation Based on EEG Signal Classification." Sensors 20, no. 21 (2020): 6365. http://dx.doi.org/10.3390/s20216365.
Full textAbstract:
This study proposes a scheme to identify insider threats in nuclear facilities through the detection of malicious intentions of potential insiders using subject-wise classification. Based on electroencephalography (EEG) signals, a classification model was developed to identify whether a subject has a malicious intention under scenarios of being forced to become an insider threat. The model also distinguishes insider threat scenarios from everyday conflict scenarios. To support model development, 21-channel EEG signals were measured on 25 healthy subjects, and sets of features were extracted from the time, time–frequency, frequency and nonlinear domains. To select the best use of the available features, automatic selection was performed by random-forest-based algorithms. The k-nearest neighbor, support vector machine with radial kernel, naïve Bayes, and multilayer perceptron algorithms were applied for the classification. By using EEG signals obtained while contemplating becoming an insider threat, the subject-wise model identified malicious intentions with 78.57% accuracy. The model also distinguished insider threat scenarios from everyday conflict scenarios with 93.47% accuracy. These findings could be utilized to support the development of insider threat mitigation systems along with existing trustworthiness assessments in the nuclear industry.
38
Jason Slaughter, Carole E. Chaski, and Kellep Charles. "Emotion analysis based on belief of targeted individual supporting insider threat detection." International Journal of Science and Research Archive 11, no. 2 (2024): 226–37. http://dx.doi.org/10.30574/ijsra.2024.11.2.0393.
Full textAbstract:
Unintentional Insider Threat is the concept that an insider threat event may occur unintentionally versus maliciously. Individuals who believe they are being targeted may be at increased risk of being insider threats. Based on a previous survey titled A Survey of Unintentional Medical Insider Threat Category, it was found that both medical and psychological problems may lead to feeling targeted. It was further found that Insider Threat programs should be updated to include trained personnel in both medicine and psychology in addition to cybersecurity to address the risk.
39
Dr.Vijayalakshmi Chintamaneni, Dr.M.SreeRamu, and Shaik Abubakar Siddiq. "Insider Threats in the Age of Cyber Threat Intelligence: Behavioral Indicators and Detection Strategies." international journal of engineering technology and management sciences 9, Special Issue 1 (2025): 132–43. https://doi.org/10.46647/ijetms.2025.v09si01.022.
Full textAbstract:
Insider threats remain one of the most challenging aspects of cyber security, as they oftenbypasstraditional perimeter defenses. This paper explores how cyber threat intelligence (CTI) canenhance insider threat detection through behavioral analytics, anomaly detection, and machinelearning-based profiling. We investigate real-world insider threat incidents across the financial sector,critical infrastructure, and corporate environments to identify key indicators of malicious activity. Byintegrating AI-driven risk scoring models with CTI frameworks, we propose a predictive approachthat improves early threat detection and mitigation. Our findings emphasize the importance ofcontinuous monitoring, access control, and intelligence-sharing to counter evolving insider threatseffectively.
40
Simonin, P., T. Kurbackaya, and P. Sizov. "Assessment of Insider Threats in the Personnel Security System of the Organization." Auditor 8, no. 10 (2022): 36–40. http://dx.doi.org/10.12737/1998-0701-2022-8-10-36-40.
Full textAbstract:
The article discusses the problems and ways of solving insider threats in the organization's per-sonnel security system, proves that at the same time the organization’s personnel needs protec-tion, and can act as a source of threats and dangers. The necessity of using a methodology for assessing insider threats in the personnel security system based on the identification of a group of insiders: actual employees, previously released personnel, business partners and other users is sub-stantiated.
41
Boobalan, P. "Real-time Insider Attack Detection using Graph-Based Anomaly Detection and Concept Drift Handling." International Journal for Research in Applied Science and Engineering Technology 13, no. 4 (2025): 6221–27. https://doi.org/10.22214/ijraset.2025.69840.
Full textAbstract:
This project presents a deep learning-based real-time framework for detecting insider threats using a hybrid model that integrates sequence modeling and relational learning. The system analyzes user activity data dynamically and predicts potential insider threats without human intervention. Leveraging Long Short-Term Memory (LSTM) networks for user behavior sequence analysis and Graph Neural Networks (GNNs) for peer-context enrichment, the framework accurately identifies anomalies at the activity level. Each user action is encoded, evaluated against similar activities in the organization, and classified based on anomaly scores. Using the CERT insider threat dataset, the system is evaluated with precision, recall, and F1-score metrics. A visualization dashboard supports real-time monitoring and alerting for security analysts. This project enhances the ability to proactively detect and respond to insider threats across various organizational environments
42
Nicolaou, Andreas, Stavros Shiaeles, and Nick Savage. "Mitigating Insider Threats Using Bio-Inspired Models." Applied Sciences 10, no. 15 (2020): 5046. http://dx.doi.org/10.3390/app10155046.
Full textAbstract:
Insider threats have become a considerable information security issue that governments and organizations must face. The implementation of security policies and procedures may not be enough to protect organizational assets. Even with the evolution of information and network security technology, the threat from insiders is increasing. Many researchers are approaching this issue with various methods in order to develop a model that will help organizations to reduce their exposure to the threat and prevent damage to their assets. In this paper, we approach the insider threat problem and attempt to mitigate it by developing a machine learning model based on Bio-inspired computing. The model was developed by using an existing unsupervised learning algorithm for anomaly detection and we fitted the model to a synthetic dataset to detect outliers. We explore swarm intelligence algorithms and their performance on feature selection optimization for improving the performance of the machine learning model. The results show that swarm intelligence algorithms perform well on feature selection optimization and the generated, near-optimal, subset of features has a similar performance to the original one.
43
Dadalko, V. A., and A. V. Ivashkina. "Insider threats and preventive methods." National Interests: Priorities and Security 14, no. 7 (2018): 1348–59. http://dx.doi.org/10.24891/ni.14.7.1348.
Full text
44
Probst, Christian W. "Identifying and Mitigating Insider Threats." it - Information Technology 53, no. 4 (2011): 202–6. http://dx.doi.org/10.1524/itit.2011.0644.
Full text
45
Bertino, Elisa. "Data Protection from Insider Threats." Synthesis Lectures on Data Management 4, no. 4 (2012): 1–91. http://dx.doi.org/10.2200/s00431ed1v01y201207dtm028.
Full text
46
Jones, Laura, and Darrell Norman Burrell. "Illegal Cybersecurity Threats Created by Organizational Arsonists in Healthcare Organizations." Law, Economics and Society 1, no. 1 (2025): p93. https://doi.org/10.30560/les.v1n1p93.
Full textAbstract:
Insider cybersecurity threats in healthcare, often overlooked or narrowly defined as technical vulnerabilities, can be more accurately described as acts of organizational arson, representing deliberate, malicious acts designed to ignite chaos within digital ecosystems. Like physical arsonists who destroy property through fire, insider actors exploit their privileged access to organizational systems, causing financial devastation, operational disruption, and severe damage to organizational morale and stability. Insider incidents cost organizations millions annually, with cybersecurity teams dedicating significant time and resources to crisis management rather than strategic planning. This commentary-style paper reframes insider cybersecurity threats using the metaphor of organizational arsonists, offering a unique and powerful framework for understanding these complex risks. By integrating cybersecurity, law, and organizational psychology insights, the paper presents a comprehensive approach to mitigating insider threats that extend beyond technical defenses. It emphasizes the necessity of human-centric strategies, ethical accountability, and legal compliance, calling for organizations to adopt a holistic defense posture that addresses both technological vulnerabilities and behavioral risks. The paper's originality lies in bridging multiple disciplines and framing insider threats as technical challenges and full-scale organizational crises. Combining advanced technologies such as artificial intelligence with human behavior analysis provides actionable strategies for organizations to combat their own digital arsonists. This interdisciplinary approach encourages cybersecurity professionals, legal scholars, and organizational leaders to rethink insider threat management, creating a more resilient and secure organizational environment.
47
Gaiduk, K. A., and A. Y. Iskhakov. "Using machine learning techniques for insider threat detection." Herald of the Siberian State University of Telecommunications and Informatics 16, no. 4 (2022): 80–95. http://dx.doi.org/10.55648/1998-6920-2022-16-4-80-95.
Full textAbstract:
This paper presents an analysis of algorithms and approaches used to solve the problem of identifying insider threats using machine learning techniques. Internal threat detection in the context of this research is reduced to the task of detecting anomalies in the audit logs of access subjects' actions. The paper formalizes the main directions of insider threats detection and presents popular machine learning algorithms. The paper raises the problem of objective evaluation of research and development in the subject area. Based on the analysis recommendations for the implementation of internal threat detection systems using machine learning algorithms are developed.
48
Yaramadhi, Mallikarjun, K. Subba Reddy, K. Rajendra Prasad, et al. "Prevent insider attacks, IAM (Identity and Access) solutions should be used in place of simple password-based authentication methods." Journal of Information and Optimization Sciences 46, no. 2 (2025): 509–19. https://doi.org/10.47974/jios-1931.
Full textAbstract:
Advancements in web services have increased the need for enhanced security in user authentication systems. Insider attacks, where privileged insiders compromise sensitive information, pose a significant threat. Rajamanickam et al. proposed a lightweight password-based authentication using Elliptic Curve Cryptography (ECC) to prevent such attacks. However, vulnerabilities in this method were identified by Salman Shamshad et al., highlighting the need for stronger solutions. This paper advocates for Identity and Access Management (IAM) systems, which employ multi-factor authentication (MFA) and single sign-on (SSO), offering enhanced security, access control, and regulatory compliance for organizations, effectively mitigating insider threats and other cyber risks.
49
Qin, Heng, and Jin Hui Zhao. "Insider Threat Detection with Behavior-Based Attestation." Applied Mechanics and Materials 568-570 (June 2014): 1370–75. http://dx.doi.org/10.4028/www.scientific.net/amm.568-570.1370.
Full textAbstract:
Insiders, who have the lawful authority in network information system, formed a huge threat to security by abuse and misuse of authority. It has become one of huge challenge to the security of information system. Against the features of more subtle and more difficult to find, this paper study how to perceive the trusted behavior of insiders with behavior-based attestation. Taking into account the impact of various uncertainties in monitoring and perception process, dynamic awareness model of insider threat is presented based on subjective logic. In order to find the insider threats, monitoring data of actual behaviors are compared with operation tree; legality of the user behavior dynamically analyzed according to historical experience and current experience; the trust of user behavior legitimacy is represented as trust point in subjective logic. Finally, experiments are employed to test the validity and applicability of proposed method.
50
Kanellopoulos, Anastasios-Nikolaos. "Insider threat mitigation through human intelligence and counterintelligence: A case study in the shipping industry." Defense and Security Studies 5 (March 2, 2024): 10–19. http://dx.doi.org/10.37868/dss.v5.id261.
Full textAbstract:
This paper comprehensively examines the multifaceted motivations behind insider threats within organizations, elucidating driving forces such as financial gain, revenge, personal aspirations, ideological beliefs, coercion, and negligence. Understanding this spectrum is fundamental for crafting effective Counterintelligence strategies. The study delves into behavioral indicators crucial for identifying potential threats, emphasizing the significance of recognizing warning signs like unusual data access, unsanctioned software usage, escalated privilege requests, poor performance, disagreement with policies, and more. Furthermore, the role of Human Intelligence (HUMINT) in Counterintelligence (CI) and insider threat detection is explored, highlighting its qualitative contribution to understanding human behavior. Plus, through a hypothetical case study in the Shipping industry, the paper illustrates the direct application of HUMINT principles in fortifying security against insider threats, considering the unique challenges of this dynamic sector. The case study strategically employs employee interviews, psychological assessments, social network analysis, and trust-building initiatives to proactively identify and mitigate potential threats, in an industry reliant on seamless global supply chain operations.