GraphCH: A Deep Framework for Assessing Cyber-Human Aspects in Insider Threat Detection

被引:2
作者
Roy, Krishna Chandra [1 ]
Chen, Guenevere [2 ]
机构
[1] New Mexico Inst Min & Technol, Dept Elect Engn, Socorro, NM 87801 USA
[2] Univ Texas San Antonio, Dept Elect & Comp Engn, San Antonio, TX 78249 USA
关键词
Threat assessment; Psychology; Cyberspace; Security; Task analysis; Human factors; Data models; insider threat; graph neural network; heterogeneous information network; host data;
D O I
10.1109/TDSC.2024.3353929
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Insider threat is one of the most damaging cyber attacks that could cause the loss of intellectual property and enterprise data security breaches. Action sequence data such as host logs are used to investigate such threats and develop anomaly-based AI detectors. However, insider threat actions are similar to legitimate user activities, causing AI detectors to fail and suffer from high false alarm rates. Therefore, user cyber activity logs are inadequate to fully unfold insider threats. In this study, we adopt human psychological principles of risk-taking and impulsiveness along with host data to assess the influence and usefulness of human behavioral aspects in insider threat detection. We hypothesize that individuals' impulsive and risk-taking behavior correlates with cyberspace activities. To validate our hypothesis, we conducted an IRB-approved study recruiting 35 participants who work in a large U.S. university and collected their cyber and psychological data for 90 days. Host and human-behavioral data analysis and mapping indicate that impulsive and risk-taking users trigger more system errors causing (un)intentional insider threats and are susceptible to attackers' social engineering and cognitive hacking. Utilizing cyber-human aspects, we introduce a Cyber-Human Graph Neural Network (GNN) based framework GraphCH to identify abnormal user behaviors and detect insider threats.
引用
收藏
页码:4495 / 4509
页数:15
相关论文
共 51 条
  • [1] Ackerman D, 2016, 2016 SYMPOSIUM ON THEORY OF MODELING AND SIMULATION (TMS-DEVS)
  • [2] Acquesta E., 2019, Tech. Rep. SAND2019-12011
  • [3] [Anonymous], 2011, Journal of Strategic Security, DOI [10.5038/1944-0472.4.2.2, DOI 10.5038/1944-0472.4.2.2]
  • [4] [Anonymous], 2020, Qualtrics XM
  • [5] Berlin K, 2015, P 8 ACM WORKSH ART I, P35, DOI DOI 10.1145/2808769.2808773
  • [6] Fraud Detection through Graph-Based User Behavior Modeling
    Beutel, Alex
    Akoglu, Leman
    Faloutsos, Christos
    [J]. CCS'15: PROCEEDINGS OF THE 22ND ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2015, : 1696 - 1697
  • [7] C. D. o. S.-C. K. CSO U.S. Secret Service, 2018, The 2018 U.S. state of cybercrime survey
  • [8] C. Insiders, 2020, 2020 insider threat report
  • [9] C. R. Partners, 2018, The 2018 insider threat report
  • [10] ExHPD: Exploiting Human, Physical, and Driving Behaviors to Detect Vehicle Cyber Attacks
    Chen, Qian
    Romanowich, Paul
    Castillo, Jorge
    Roy, Krishna Chandra
    Chavez, Gustavo
    Xu, Shouhuai
    [J]. IEEE INTERNET OF THINGS JOURNAL, 2021, 8 (18) : 14355 - 14371