Skip to main content

Using Internet Activity Profiling for Insider-Threat Detection

Alahmadi, Bushra A., Legg, Philip .A., Nurse, Jason R. C. (2015) Using Internet Activity Profiling for Insider-Threat Detection. In: Proceedings of the 17th International Conference on Enterprise Information Systems - (Volume 2). 2. pp. 709-720. SciTePress ISBN 978-989-758-097-0. (doi:10.5220/0005480407090720) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided)

PDF - Author's Accepted Manuscript
Restricted to Repository staff only
Contact us about this Publication Download (425kB)
[img]
Official URL
http://dx.doi.org/10.5220/0005480407090720

Abstract

The insider-threat problem continues to be a major risk to both public and private sectors, where those people

who have privileged knowledge and access choose to abuse this in some way to cause harm towards their

organisation. To combat against this, organisations are beginning to invest heavily in deterrence monitoring

tools to observe employees activity, such as computer access, Internet browsing, and email communications.

Whilst such tools may provide some way towards detecting attacks afterwards, what may be more useful is

preventative monitoring, where user characteristics and behaviours inform about the possibility of an attack

before it happens. Psychological research advocates that the behaviour and preference of a person can be

explained to a great extent by psychological constructs called personality traits, which could then possibly

indicate the likelihood of an individual being a potential insider threat. By considering how browsing content

relates to psychological constructs (such as OCEAN), and how an individualâ??s browsing behaviour deviates

over time, potential insider-threats could be uncovered before significant damage is caused. The main contribution

in this paper is to explore how Internet browsing activity could be used to predict the individualâ??s

psychological characteristics in order to detect potential insider-threats. Our results demonstrate that predictive

assessment can be made between the content available on a website, and the associated personality traits,

which could greatly improve the prospects of preventing insider attacks.

Item Type: Conference or workshop item (Paper)
DOI/Identification number: 10.5220/0005480407090720
Subjects: Q Science
T Technology
Divisions: Faculties > Sciences > School of Computing
Faculties > Sciences > School of Computing > Security Group
Faculties > Social Sciences > School of Psychology
Depositing User: Jason Nurse
Date Deposited: 02 Jul 2018 16:57 UTC
Last Modified: 01 Aug 2019 10:43 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/67508 (The current URI for this page, for reference purposes)
Nurse, Jason R. C.: https://orcid.org/0000-0003-4118-1680
  • Depositors only (login required):

Downloads

Downloads per month over past year