Analysis of Malicious Insider Threats to Data Integrity

Peter Padiet

Research output: ThesisDoctoral Thesis

35 Downloads (Pure)

Abstract

The escalating concern regarding insider threats has emerged as a significant cybersecurity challenge for various sectors, including organizations, financial institutions, and governmental bodies. These threats, originating from both current and former employees, possess a distinctive advantage due to their authorized access to critical organizational assets. This privileged access allows them to compromise data integrity, availability, and confidentiality to a degree surpassing external attackers.
The detection of insider threats has become a critical component of modern cybersecurity, necessitating the deployment of multi authentication strategy. These strategies primarily involve the identification of concealed anomalous activities within an organization's complex systems. This research focuses on creating a comprehensive framework to insider threat based on individual profile. The research contributions are discussed in detail in chapter 3, chapter 4, chapter 5, and chapter 6 respectively.
Qualitative and a mix method have been utilised in this research and to collect and analyse data to achieved the research goal, this research utilized the CMU Computer Emergency Response Teams (CERT) synthetic malicious insider threat dataset r4.2, a publicly available resource, to evaluate the efficiency of the proposed methodology. The empirical results from this study showcase the exceptional performance of this technique, Logistic Model Tree (LMT). LMT achieved remarkable levels of accurateness (99.6%), precision (99.6%), and ROC (Receiver Operating Characteristic) (99.6%), highlighting its profound effectiveness in countering insider threats. Simultaneously, this research acknowledges the persistent growth of insider threats, posing a significant challenge to the information security community, such as difficulties in threat detection, difficulties in understanding varied attacker motivations, complex attack vectors and socially engineered attacks. These malicious insiders constitute one of the most pernicious threats to sensitive data repositories, impacting both enterprise systems and government agencies. Effectively addressing insider threats involves grappling with unique challenges, including handling extensive and imbalanced datasets and the limited availability of authentic ground truth information.
Furthermore, operating from positions of trust, whether as current or former employees, these malevolent actors disrupt regular organizational operations and engage in the unauthorized disclosure of classified or confidential information for personal or group gain. The consequences of their actions include severe financial losses, irreparable reputational damage, and operational disruptions. To address this pressing concern, this research introduces an innovative user-centric approach to insider threat detection. This innovative approach leverages the analysis of download activity logs to uncover patterns closely associated with insider threats. A meticulous examination of user behavior related to downloading activities provides valuable insights that enrich existing detection methodologies and offer practical solutions for identifying and mitigating potential insider threats within organizational environments. Among the various classifiers evaluated, Random Tree emerges as the most suitable choice, boasting an accuracy rate of 0.981%. This outstanding performance underscores its suitability as the optimal candidate for an insider threat detection system, enhancing the system's overall accuracy and its ability to classify instances correctly.
Original languageEnglish
QualificationDoctor of Information Technology
Awarding Institution
  • Charles Sturt University
Supervisors/Advisors
  • Islam, Rafiqul, Principal Supervisor
  • Khan, Muhammad Arif, Principal Supervisor
Place of PublicationAustralia
Publisher
Publication statusPublished - 11 Jun 2024

Fingerprint

Dive into the research topics of 'Analysis of Malicious Insider Threats to Data Integrity'. Together they form a unique fingerprint.

Cite this