Authors:
Bushra A. Alahmadi
1
;
Philip A. Legg
2
and
Jason R. C. Nurse
1
Affiliations:
1
University of Oxford, United Kingdom
;
2
University of the West of England, United Kingdom
Keyword(s):
Insider-threat Detection, Behavioural Analysis, Internet Activity, Psychological Traits.
Abstract:
The insider-threat problem continues to be a major risk to both public and private sectors, where those people
who have privileged knowledge and access choose to abuse this in some way to cause harm towards their
organisation. To combat against this, organisations are beginning to invest heavily in deterrence monitoring
tools to observe employees’ activity, such as computer access, Internet browsing, and email communications.
Whilst such tools may provide some way towards detecting attacks afterwards, what may be more useful is
preventative monitoring, where user characteristics and behaviours inform about the possibility of an attack
before it happens. Psychological research advocates that the behaviour and preference of a person can be
explained to a great extent by psychological constructs called personality traits, which could then possibly
indicate the likelihood of an individual being a potential insider threat. By considering how browsing content
relates to psychological const
ructs (such as OCEAN), and how an individual’s browsing behaviour deviates
over time, potential insider-threats could be uncovered before significant damage is caused. The main contribution
in this paper is to explore how Internet browsing activity could be used to predict the individual’s
psychological characteristics in order to detect potential insider-threats. Our results demonstrate that predictive
assessment can be made between the content available on a website, and the associated personality traits,
which could greatly improve the prospects of preventing insider attacks.
(More)