Skip to main content

Towards a Conceptual Model and Reasoning Structure for Insider Threat Detection

Legg, Philip A., Moffat, Nick, Nurse, Jason R. C., Happa, Jassim, Agrafiotis, Ioannis, Goldsmith, Michael, Creese, Sadie (2013) Towards a Conceptual Model and Reasoning Structure for Insider Threat Detection. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 4 (4). pp. 20-37. ISSN 2093-5374. E-ISSN 2093-5382. (doi:10.22667/JOWUA.2013.12.31.020) (KAR id:67521)

PDF Publisher pdf
Language: English
Download (999kB) Preview
[thumbnail of jowua-v4n4-2.pdf]
This file may not be suitable for users of assistive technology.
Request an accessible format
Official URL


The insider threat faced by corporations and governments today is a real and significant problem, and one that has become increasingly difficult to combat as the years have progressed. From a technology standpoint, traditional protective measures such as intrusion detection systems are largely inadequate given the nature of the ‘insider’ and their legitimate access to prized organisational data and assets. As a result, it is necessary to research and develop more sophisticated approaches for the accurate recognition, detection and response to insider threats. One way in which this may be achieved is by understanding the complete picture of why an insider may initiate an attack, and the indicative elements along the attack chain. This includes the use of behavioural and psychological observations about a potential malicious insider in addition to technological monitoring and profiling techniques. In this paper, we propose a framework for modelling the insider-threat problem that goes beyond traditional technological observations and incorporates a more complete view of insider threats, common precursors, and human actions and behaviours. We present a conceptual model for insider threat and a reasoning structure that allows an analyst to make or draw hypotheses regarding a potential insider threat based on measurable states from real-world observations.

Item Type: Article
DOI/Identification number: 10.22667/JOWUA.2013.12.31.020
Subjects: Q Science
T Technology
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Jason Nurse
Date Deposited: 02 Jul 2018 16:10 UTC
Last Modified: 16 Feb 2021 13:55 UTC
Resource URI: (The current URI for this page, for reference purposes)
Nurse, Jason R. C.:
  • Depositors only (login required):


Downloads per month over past year