Miltiadis Kandias

An insider threat prediction model

Information systems face several security threats, some of which originate by insiders. This paper presents a novel, interdisciplinary insider threat prediction model. It combines approaches, techniques, and tools from computer science and psychology. It utilizes real time monitoring, capturing the users technological trait in an information system and analyzing it for misbehavior. In parallel, the model is using data from psychometric tests, so as to assess for each user the predisposition to malicious acts and the stress level, which is an enabler for the user to overcome his moral inhibitions, under the condition that the collection of such data complies with the legal framework. The model combines the above mentioned information, categorizes users, and identifies those that require additional monitoring, as they can potentially be dangerous for the information system and the organization.

The Insider Threat in Cloud Computing

Cloud computing is an emerging technology paradigm, enabling and facilitating the dynamic and versatile provision of computational resources and services. Even though the advantages offered by cloud computing are several, there still exist second thoughts on the security and privacy of the cloud services. Use of cloud services affects the security posture of organizations and critical infrastructures, therefore it is necessary that new threats and risks introduced by this new paradigm are clearly understood and mitigated. In this paper we focus on the insider threat in cloud computing, a topic which has not received research focus, as of now. We address the problem in a holistic way, differentiating between the two possible scenarios: a) defending against a malicious insider working for the cloud provider, and b) defending against an insider working for an organization which chooses to outsource parts or the whole IT infrastructure into the cloud. We identify the potential problems for each scenario and propose the appropriate countermeasures, in an effort to mitigate the problem.

Insiders Trapped in the Mirror Reveal Themselves in Social Media

Social media have widened society’s opportunities for communication, while they offer ways to perform employees’ screening and profiling. Our goal in this paper is to develop an insider threat prediction method by (e)valuating a users’ personality trait of narcissism, which is deemed to be closely connected to the manifestation of malevolent insiders. We utilize graph theory tools in order to detect influence of and usage deviation. Then, we categorize the users according to a proposed taxonomy. Thus we detect individuals with narcissistic characteristics and manage to test groups of people under the prism of group homogeneity. Furthermore, we compare and classify users to larger sub-communities consisting of people of the same profession. The analysis is based on an extensive crawling of Greek users of Twitter. As the application of this method may lead to infringement of privacy rights, its use should be reserved for exceptional cases, such as the selection of security officers or of critical infrastructures decision-making staff.

Can We Trust This User? Predicting Insider's Attitude via YouTube Usage Profiling

Addressing the insider threat is a major issue in cyber and corporate security in order to enhance trusted computing in critical infrastructures. In this paper we study the psychosocial perspective and the implications of insider threat prediction via social media, Open Source Intelligence and user generated content classification. Inductively, we propose a prediction method by evaluating the predisposition towards law enforcement and authorities, a personal psychosocial trait closely connected to the manifestation of malevolent insiders. We propose a methodology to detect users holding negative attitude towards authorities. For doing so, we facilitate a brief analysis of the medium (YouTube), machine learning techniques and a dictionary-based approach, in order to detect comments expressing negative attitude. Thus, we can draw conclusions over a user behavior and beliefs via the content the user generated within the limits a social medium. We also use an assumption free flat data representation technique in order to decide over the users attitude and improve the scalability of our method. Furthermore, we compare the results of each method and highlight the common behavior and characteristics manifested by the users. As privacy violations may well-rise when using such methods, their use should be restricted only on exceptional cases, e.g. when appointing security officers or decision-making staff in critical infrastructures.

Proactive insider threat detection through social media: the YouTube case

Insider threat is a major issue in cyber and corporate security. In this paper we study the psychosocial perspective of the insider via social media, Open Source Intelligence, and user generated content classification. Inductively, we propose a prediction method by evaluating the predisposition towards law enforcement and authorities, a personal psychosocial trait closely connected to the manifestation of malevolent insiders. We propose a methodology to detect users holding a negative attitude towards authorities. For doing so we facilitate the use of machine learning techniques and of a dictionary-based approach, so as to detect comments expressing negative attitude. Thus, we can draw conclusions over a user behavior and beliefs via the content the user generated within the limits a social medium. We also use an assumption free flat data representation technique in order to decide over the users attitude. Furthermore, we compare the results of each method and highlight the common behavior manifested by the users. The demonstration is applied on a crawled community of users on YouTube.

Insider Threat: Enhancing BPM through Social Media

Modern business environments have a constant need to increase their productivity, reduce costs and offer competitive products and services. This can be achieved via modeling their business processes. Yet, even in light of modellings widespread success, one can argue that it lacks built-in security mechanisms able to detect and fight threats that may manifest throughout the process. Academic research has proposed a variety of different solutions which focus on different kinds of threat. In this paper we focus on insider threat, i.e. insiders participating in an organizations business process, who, depending on their motives, may cause severe harm to the organization. We examine existing security approaches to tackle down the aforementioned threat in enterprise business processes. We discuss their pros and cons and propose a monitoring approach that aims at mitigating the insider threat. This approach enhances business process monitoring tools with information evaluated from Social Media. It exams the online behavior of users and pinpoints potential insiders with critical roles in the organizations processes. We conclude with some observations on the monitoring results (i.e. psychometric evaluations from the social media analysis) concerning privacy violations and argue that deployment of such systems should be only allowed on exceptional cases, such as protecting critical infrastructures.

Business Process Modeling for Insider Threat Monitoring and Handling

Business process modeling has facilitated modern enterprises to cope with the constant need to increase their productivity, reduce costs and offer competitive products and services. Despite modeling’s and process management’s widespread success, one may argue that it lacks of built-in security mechanisms able to detect and deter threats that may manifest throughout the process. To this end, a variety of different solutions have been proposed by researchers which focus on different threat types. In this paper we examine the insider threat through business processes. Depending on their motives, insiders participating in an organization’s business process may manifest delinquently in a way that causes severe impact to the organization. We examine existing security approaches to tackle down the aforementioned threat in enterprise business processes and propose a preliminary model for a monitoring approach that aims at mitigating the insider threat. This approach enhances business process monitoring tools with information evaluated from Social Media by examining the online behavior of users and pinpoints potential insiders with critical roles in the organization’s processes. Also, this approach highlights the threat introduced in the processes operated by such users. We conclude with some observations on the monitoring results (i.e. psychometric evaluations from the social media analysis) concerning privacy violations and argue that deployment of such systems should be allowed solely on exceptional cases, such as protecting critical infrastructures or monitoring decision making personnel.

Securing Transportation-Critical Infrastructures: Trends and Perspectives

Critical infrastructure Protection (CIP) includes ensuring the resilience of transportation infrastructures. This sector is considered vital worldwide due to its economic importance and due to the various interdependencies with other infrastructures and sectors. This paper aims at examining the current state in national policies and in research regarding the protection of transport infrastructures. It examines methods to model interdependencies and to assess risk suitable for transport CIP. It recommends future steps for research in this sector.

Exploitation of auctions for outsourcing security-critical projects

ICT outsourcing may introduce several risks. This paper attempts to mitigate this problem by applying an auctioning scheme. By adopting the scheme, the involved organization selects one or more potential outsourced service providers via an auction similar to the FCC spectrum ones. The project is divided in sub-projects, bidders are pre-evaluated, in terms of security and each bid is assessed in terms of cost and appropriate security metrics. The bidding process continues according to the auction rules allocating all the sub-projects to the best bidders. The ultimate goal is to achieve upgraded security, while keeping the cost at a reasonable level and meeting adequate security requirements. In this direction our model provokes competition and motivates providers to place superior bids, in terms of security, while providing flexibility to the organization. The auction process is demonstrated through a case study, where the outsourcer is a critical infrastructure organization.

Youtube User and Usage Profiling: Stories of Political Horror and Security Success

Social media and Web 2.0 have enabled internet users to contribute online content, which may be crawled and utilized for a variety of reasons, from personalized advertising to behaviour prediction/profiling. In this paper, our goal is to present a horror and a success story from the digital world of Social Media, in order to: (a). present a political affiliation profiling method, the Panopticon method, in order to reveal this threat and contribute in raising the social awareness over it. (b). describe an insider threat prediction method by evaluating the predisposition towards law enforcement and authorities, a personal psychosocial trait closely connected to the manifestation of malevolent insiders. The experimental test case of both methodologies is an extensive Greek community of YouTube users. In order to demonstrate our cases, we performed graph theoretic and content analysis of the collected dataset and showed how and what kind of personal data can be derived via data mining on publicly available YouTube data. As both methodologies set user’s privacy and dignity at stake, we provide the reader with an analysis of the legal means for each case, so as to effectively be prevented from a privacy violation threat and also present the exceptional cases, such as the selection of security officers of critical infrastructures, where such methodologies could be used.