Discovering “Insider IT Sabotage” based on human behaviour
-
Published:2020-06-04
Issue:4
Volume:28
Page:575-589
-
ISSN:2056-4961
-
Container-title:Information & Computer Security
-
language:en
-
Short-container-title:ICS
Author:
Michael Antonia,Eloff Jan
Abstract
Purpose
Malicious activities conducted by disgruntled employees via an email platform can cause profound damage to an organization such as financial and reputational losses. This threat is known as an “Insider IT Sabotage” threat. This involves employees misusing their access rights to harm the organization. Events leading up to the attack are not technical but rather behavioural. The problem is that owing to the high volume and complexity of emails, the risk of insider IT sabotage cannot be diminished with rule-based approaches.
Design/methodology/approach
Malicious human behaviours that insiders within the insider IT sabotage category would possess are studied and mapped to phrases that would appear in email communications. A large email data set is classified according to behavioural characteristics of these employees. Machine learning algorithms are used to identify occurrences of this insider threat type. The accuracy of these approaches is measured.
Findings
It is shown in this paper that suspicious behaviour of disgruntled employees can be discovered, by means of machine intelligence techniques. The output of the machine learning classifier depends mainly on the depth and quality of the phrases and behaviour analysis, cleansing and number of email attributes examined. This process of labelling content in isolation could be improved if other attributes of the email data are included, such that a confidence score can be computed for each user.
Originality/value
This research presents a novel approach to show that the creation of a prototype that can automate the detection of insider IT sabotage within email systems to mitigate the risk within organizations.
Subject
Management of Technology and Innovation,Information Systems and Management,Computer Networks and Communications,Information Systems,Software,Management Information Systems
Reference39 articles.
1. Detection of malicious emails through regular expressions and databases,2019
2. Clustering and classification of email contents;Journal of King Saud University - Computer and Information Sciences,2015
3. Predicting insider threat risks through linguistic analysis of electronic communication,2013
4. IP geolocation suspicious email messages,2013
Cited by
2 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献