Model based analysis of insider threats

Chen, Taolue, Han, Tingting, Kammueller, Florian ORCID logoORCID:, Nemli, Ibrahim and Probst, Christian (2016) Model based analysis of insider threats. Proceedings of the 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security). In: 2016 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), 13-14 Jun 2016, London, United Kingdom. ISBN 978-1-5090-0709-7. [Conference or Workshop Item] (doi:10.1109/CyberSecPODS.2016.7502350)

PDF - Final accepted version (with author's formatting)
Download (310kB) | Preview


In order to detect malicious insider attacks it is important to model and analyse infrastructures and policies of organisations and the insiders acting within them. We extend formal approaches that allow modelling such scenarios by quantitative aspects to enable a precise analysis of security designs. Our framework enables evaluating the risks of an insider attack to happen quantitatively. The framework first identifies an insider's intention to perform an inside attack, using Bayesian networks, and in a second phase computes the probability of success for an inside attack by this actor, using probabilistic model checking. We provide prototype tool support using Matlab for Bayesian networks and PRISM for the analysis of Markov decision processes, and validate the framework with case studies.

Item Type: Conference or Workshop Item (Paper)
Research Areas: A. > School of Science and Technology > Computer Science
Item ID: 21978
Notes on copyright: © 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Useful Links:
Depositing User: Florian Kammueller
Date Deposited: 13 Jun 2017 09:47
Last Modified: 29 Nov 2022 21:33

Actions (login required)

View Item View Item


Activity Overview
6 month trend
6 month trend

Additional statistics are available via IRStats2.