Modeling Human Behavior to Anticipate Insider Attacks

Insider threats are the most pernicious cyber security issues that affect government and industry infrastructures. There are no systematic methods to prevent data leakage, espionage, and sabotage. Current practices force analysts to monitor, analyze, and correlate mass amounts of data. Proposes a predictive modeling framework integrating data sources from the cyber domain and psychological/motivational factors that can be inferred from insider exploits, providing domain-independent, automated support for detecting high-risk behavioral “triggers” to find and prevent insider-threats. Indicative triggers include: disgruntlement, anger management issues, and disregard for authority. Utilizes the neocortex as a metaphor for designing the framework, which has the following components: ontologies for representing domain knowledge, reifiers for ingesting primitive data types, memory for storing facts from primitive data and reasoning system, and AMC (reasoning components) for interpreting data assertions.