We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Survival analysis for insider threat: Detecting insider threat incidents using survival analysis techniques.
- Authors
Alhajjar, Elie; Bradley, Taylor
- Abstract
In the current information era, we rely on cyber techniques and principles to protect the confidentiality, integrity, and availability of everything from personally identifiable information and intellectual property, to government and industry information systems. Despite persistent efforts to protect this sensitive information, security breaches continue to occur at alarming rates, the most common of them being insider threats. Over the past decade, insider threat detection has attracted a considerable amount of attention from researchers in both academia and industry. In this paper, we develop a novel insider threat detection method based on survival analysis techniques. Specifically, we use the Cox proportional hazards model to provide more accurate prediction of insider threat events. Our model utilizes different groups of variables such as activity, logon data, and psychometric tests. The proposed framework has the ability to address the challenge of predicting insider threat instances as well as the approximate time of occurrence. This study enables us to perform proactive interventions in a prioritized manner where limited resources are available. The criticality of this issue in the insider threat problem is twofold: not only correctly classifying whether a person is going to become a threat is important, but also the time when this is going to happen. We evaluate our method on the CERT Insider Threat Test Dataset and show that the proposed Cox-based framework can predict insider threat events and timing with high accuracy and precision.
- Subjects
COMPUTER Emergency Response Team; SURVIVAL analysis (Biometry); PERSONALLY identifiable information
- Publication
Computational & Mathematical Organization Theory, 2022, Vol 28, Issue 4, p335
- ISSN
1381-298X
- Publication type
Article
- DOI
10.1007/s10588-021-09341-0