Model Based Analysis of Insider Threats

Taolue Chen, Tingting Han, Florian Kammueller, Ibrahim Nemli, Christian W. Probst

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

In order to detect malicious insider attacks it is important to model and analyse infrastructures and policies of organisations and the insiders acting within them. We extend formal approaches that allow modelling such scenarios by quantitative aspects to enable a precise analysis of security designs. Our framework enables evaluating the risks of an insider attack to happen quantitatively. The framework first identifies an insider's intention to perform an inside attack, using Bayesian networks, and in a second phase computes the probability of success for an inside attack by this actor, using probabilistic model checking. We provide prototype tool support using Matlab for Bayesian networks and PRISM for the analysis of Markov decision processes, and validate the framework with case studies.
Original languageEnglish
Title of host publicationProceedings of the 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)
Number of pages3
PublisherIEEE
Publication date2016
DOIs
Publication statusPublished - 2016
Event2016 International Conference on Cyber Security and Protection of Digital Services (Cyber Security) - London, United Kingdom
Duration: 13 Jun 201614 Jun 2016

Conference

Conference2016 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
CountryUnited Kingdom
CityLondon
Period13/06/201614/06/2016

Fingerprint Dive into the research topics of 'Model Based Analysis of Insider Threats'. Together they form a unique fingerprint.

Cite this