Scenario Intelligence: Modeling Insider Threats for Effective Anomaly Detection Using Real Life Scenarios

Publication Name

2023 24th International Arab Conference on Information Technology, ACIT 2023

Abstract

Academic researchers currently face a significant gap in validating anomaly detection algorithms due to the lack of real-life insider threat scenarios. It is well recognized that stimulating and developing scenarios is a way to overcome potential risks that could occur in the future. Identifying patterns between possible scenario outcomes is a strategy that acts proactively against insider threat attacks. This research study investigates real-life scenario patterns of insider attacks in different industries. It aims at identifying the attributes that play key roles in detecting anomalies in insider's behavior. To create a real-life scenario insider threat-based model, multiple interviews were conducted with participants across 5 industries in the Gulf Cooperation Council (GCC) countries. The industries examined include technology, communications, utilities, education, and finance. The results show correlations between different identified attributes and critical threat indicators. A scenario model is hence designed correlating to the results with vital classified indicators that can be applicable to any real-life environment. On this basis, the developed model enables researchers to customize real-life based insider threat scenarios to validate their algorithms effectively.

Open Access Status

This publication is not available as open access

Share

COinS
 

Link to publisher version (DOI)

http://dx.doi.org/10.1109/ACIT58888.2023.10453889