Model based analysis of insider threats

Chen, Taolue, Han, Tingting, Kammueller, Florian ORCID: https://orcid.org/0000-0001-5839-5488, Nemli, Ibrahim and Probst, Christian (2016) Model based analysis of insider threats. Proceedings of the 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security). In: 2016 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), 13-14 Jun 2016, London, United Kingdom. ISBN 978-1-5090-0709-7. [Conference or Workshop Item] (doi:10.1109/CyberSecPODS.2016.7502350)

Preview

PDF - Final accepted version (with author's formatting) Download (310kB) | Preview

Abstract

In order to detect malicious insider attacks it is important to model and analyse infrastructures and policies of organisations and the insiders acting within them. We extend formal approaches that allow modelling such scenarios by quantitative aspects to enable a precise analysis of security designs. Our framework enables evaluating the risks of an insider attack to happen quantitatively. The framework first identifies an insider's intention to perform an inside attack, using Bayesian networks, and in a second phase computes the probability of success for an inside attack by this actor, using probabilistic model checking. We provide prototype tool support using Matlab for Bayesian networks and PRISM for the analysis of Markov decision processes, and validate the framework with case studies.

Actions (login required)

View Item

Statistics

Downloads

Export as CSVXMLJSON

Activity Overview

223Downloads

350Hits

Additional statistics are available via IRStats2.