Skip to main content
Kent Academic Repository

Towards a Conceptual Model and Reasoning Structure for Insider Threat Detection

Legg, Philip A., Moffat, Nick, Nurse, Jason R. C., Happa, Jassim, Agrafiotis, Ioannis, Goldsmith, Michael, Creese, Sadie (2013) Towards a Conceptual Model and Reasoning Structure for Insider Threat Detection. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 4 (4). pp. 20-37. ISSN 2093-5374. E-ISSN 2093-5382. (doi:10.22667/JOWUA.2013.12.31.020) (KAR id:67521)


The insider threat faced by corporations and governments today is a real and significant problem, and one that has become increasingly difficult to combat as the years have progressed. From a technology standpoint, traditional protective measures such as intrusion detection systems are largely inadequate given the nature of the ‘insider’ and their legitimate access to prized organisational data and assets. As a result, it is necessary to research and develop more sophisticated approaches for the accurate recognition, detection and response to insider threats. One way in which this may be achieved is by understanding the complete picture of why an insider may initiate an attack, and the indicative elements along the attack chain. This includes the use of behavioural and psychological observations about a potential malicious insider in addition to technological monitoring and profiling techniques. In this paper, we propose a framework for modelling the insider-threat problem that goes beyond traditional technological observations and incorporates a more complete view of insider threats, common precursors, and human actions and behaviours. We present a conceptual model for insider threat and a reasoning structure that allows an analyst to make or draw hypotheses regarding a potential insider threat based on measurable states from real-world observations.

Item Type: Article
DOI/Identification number: 10.22667/JOWUA.2013.12.31.020
Subjects: Q Science
T Technology
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Jason Nurse
Date Deposited: 02 Jul 2018 16:10 UTC
Last Modified: 16 Feb 2021 13:55 UTC
Resource URI: (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.