Insider threat risk prediction based on Bayesian network

Nebrase Elmrabit*, Shuang-Hua Yang, Lili Yang, Huiyu Zhou

*Corresponding author for this work

Research output: Contribution to journalArticle

Abstract

Insider threat protection has received increasing attention in the last ten years due to the serious consequences of malicious insider threats. Moreover, data leaks and the sale of mass data have become much simpler to achieve, e.g., the dark web can allow malicious insiders to divulge confidential data whilst hiding their identities. In this paper, we propose a novel approach to predict the risk of malicious insider threats prior to a breach taking place. Firstly, we propose a new framework for insider threat risk prediction, drawing on technical, organisational and human factor perspectives. Secondly, we employ a Bayesian network to model and implement the proposed framework. Furthermore, this Bayesian network-based prediction model is evaluated in a range of challenging environments. The risk level predictions for each authorised users within the organisation are examined so that any insider threat risk can be identified. The proposed insider threat prediction model achieved better results when compared to the empirical judgments of security experts.
Original languageEnglish
Article number101908
Number of pages24
JournalComputers & Security
Volume96
Early online date30 May 2020
DOIs
Publication statusPublished - Sep 2020

Keywords

  • Insider threats
  • User abuse
  • Predictions

Fingerprint Dive into the research topics of 'Insider threat risk prediction based on Bayesian network'. Together they form a unique fingerprint.

  • Cite this