Scenario Intelligence: Modeling Insider Threats for Effective Anomaly Detection Using Real Life Scenarios
Publication Name
2023 24th International Arab Conference on Information Technology, ACIT 2023
Abstract
Academic researchers currently face a significant gap in validating anomaly detection algorithms due to the lack of real-life insider threat scenarios. It is well recognized that stimulating and developing scenarios is a way to overcome potential risks that could occur in the future. Identifying patterns between possible scenario outcomes is a strategy that acts proactively against insider threat attacks. This research study investigates real-life scenario patterns of insider attacks in different industries. It aims at identifying the attributes that play key roles in detecting anomalies in insider's behavior. To create a real-life scenario insider threat-based model, multiple interviews were conducted with participants across 5 industries in the Gulf Cooperation Council (GCC) countries. The industries examined include technology, communications, utilities, education, and finance. The results show correlations between different identified attributes and critical threat indicators. A scenario model is hence designed correlating to the results with vital classified indicators that can be applicable to any real-life environment. On this basis, the developed model enables researchers to customize real-life based insider threat scenarios to validate their algorithms effectively.
Open Access Status
This publication is not available as open access