Litcius/Paper detail

GraphCH: A Deep Framework for Assessing Cyber-Human Aspects in Insider Threat Detection

Krishna Chandra Roy, Qian Chen

2024IEEE Transactions on Dependable and Secure Computing23 citationsDOIOpen Access PDF

Abstract

Insider threat is one of the most damaging cyber attacks that could cause the loss of intellectual property and enterprise data security breaches. Action sequence data such as host logs are used to investigate such threats and develop anomaly-based AI detectors. However, insider threat actions are similar to legitimate user activities, causing AI detectors to fail and suffer from high false alarm rates. Therefore, user cyber activity logs are inadequate to fully unfold insider threats. In this study, we adopt human psychological principles of risk-taking and impulsiveness along with host data to assess the influence and usefulness of human behavioral aspects in insider threat detection. We hypothesize that individuals' impulsive and risk-taking behavior correlates with cyberspace activities. To validate our hypothesis, we conducted an IRB-approved study recruiting 35 participants who work in a large U.S. university and collected their cyber and psychological data for 90 days. Host and human-behavioral data analysis and mapping indicate that impulsive and risk-taking users trigger more system errors causing (un)intentional insider threats and are susceptible to attackers' social engineering and cognitive hacking. Utilizing cyber-human aspects, we introduce a Cyber-Human Graph Neural Network (GNN) based framework <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">GraphCH</i> to identify abnormal user behaviors and detect insider threats.

Topics & Concepts

Insider threatCyberspaceComputer securityInsiderComputer scienceHackerAnomaly detectionInternet privacyArtificial intelligenceThe InternetWorld Wide WebLawPolitical scienceInformation and Cyber SecurityComplex Network Analysis TechniquesAdvanced Graph Neural Networks
GraphCH: A Deep Framework for Assessing Cyber-Human Aspects in Insider Threat Detection | Litcius