Discovering "Insider IT Sabotage" based on human behaviour. (4th June 2020)
- Record Type:
- Journal Article
- Title:
- Discovering "Insider IT Sabotage" based on human behaviour. (4th June 2020)
- Main Title:
- Discovering "Insider IT Sabotage" based on human behaviour
- Authors:
- Michael, Antonia
Eloff, Jan - Abstract:
- Abstract : Purpose: Malicious activities conducted by disgruntled employees via an email platform can cause profound damage to an organization such as financial and reputational losses. This threat is known as an "Insider IT Sabotage" threat. This involves employees misusing their access rights to harm the organization. Events leading up to the attack are not technical but rather behavioural. The problem is that owing to the high volume and complexity of emails, the risk of insider IT sabotage cannot be diminished with rule-based approaches. Design/methodology/approach: Malicious human behaviours that insiders within the insider IT sabotage category would possess are studied and mapped to phrases that would appear in email communications. A large email data set is classified according to behavioural characteristics of these employees. Machine learning algorithms are used to identify occurrences of this insider threat type. The accuracy of these approaches is measured. Findings: It is shown in this paper that suspicious behaviour of disgruntled employees can be discovered, by means of machine intelligence techniques. The output of the machine learning classifier depends mainly on the depth and quality of the phrases and behaviour analysis, cleansing and number of email attributes examined. This process of labelling content in isolation could be improved if other attributes of the email data are included, such that a confidence score can be computed for each user.Abstract : Purpose: Malicious activities conducted by disgruntled employees via an email platform can cause profound damage to an organization such as financial and reputational losses. This threat is known as an "Insider IT Sabotage" threat. This involves employees misusing their access rights to harm the organization. Events leading up to the attack are not technical but rather behavioural. The problem is that owing to the high volume and complexity of emails, the risk of insider IT sabotage cannot be diminished with rule-based approaches. Design/methodology/approach: Malicious human behaviours that insiders within the insider IT sabotage category would possess are studied and mapped to phrases that would appear in email communications. A large email data set is classified according to behavioural characteristics of these employees. Machine learning algorithms are used to identify occurrences of this insider threat type. The accuracy of these approaches is measured. Findings: It is shown in this paper that suspicious behaviour of disgruntled employees can be discovered, by means of machine intelligence techniques. The output of the machine learning classifier depends mainly on the depth and quality of the phrases and behaviour analysis, cleansing and number of email attributes examined. This process of labelling content in isolation could be improved if other attributes of the email data are included, such that a confidence score can be computed for each user. Originality/value: This research presents a novel approach to show that the creation of a prototype that can automate the detection of insider IT sabotage within email systems to mitigate the risk within organizations. … (more)
- Is Part Of:
- Information and computer security. Volume 28:Number 4(2020)
- Journal:
- Information and computer security
- Issue:
- Volume 28:Number 4(2020)
- Issue Display:
- Volume 28, Issue 4 (2020)
- Year:
- 2020
- Volume:
- 28
- Issue:
- 4
- Issue Sort Value:
- 2020-0028-0004-0000
- Page Start:
- 575
- Page End:
- 589
- Publication Date:
- 2020-06-04
- Subjects:
- Cyber-security -- Insider IT sabotage -- Insider threat detection -- Machine learning
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-12-2019-0141 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 22211.xml