Understanding insider threat attacks using natural language processing: automatically mapping organic narrative reports to existing insider threat frameworks

Show simple item record

dc.contributor.author Paxton-Fear, Katie
dc.contributor.author Hodges, Duncan
dc.contributor.author Buckley, Oliver
dc.date.accessioned 2020-07-15T13:46:06Z
dc.date.available 2020-07-15T13:46:06Z
dc.date.issued 2020-07-10
dc.identifier.citation Paxton-Fear K, Hodges D, Buckley O. (2020) Understanding insider threat attacks using natural language processing: automatically mapping organic narrative reports to existing insider threat frameworks. In: 22nd International conference on Human-Computer Interaction HCII: International Conference on HCI for Cybersecurity, Privacy and Trust (HCI-CPT 2020), 19-24 July 2020, Copenhagen, Denmark en_UK
dc.identifier.issn 0302-9743
dc.identifier.uri https://doi.org/10.1007/978-3-030-50309-3_42
dc.identifier.uri http://dspace.lib.cranfield.ac.uk/handle/1826/15552
dc.description.abstract Traditionally cyber security has focused on defending against external threats, over the last decade we have seen an increasing awareness of the threat posed by internal actors. Current approaches to reducing this risk have been based upon technical controls, psychologically understanding the insider’s decision-making processes or sociological approaches ensuring constructive workplace behaviour. However, it is clear that these controls are not enough to mitigate this threat with a 2019 report suggesting that 34% of breaches involved internal actors. There are a number of Insider threat frameworks that bridge the gap between these views, creating a holistic view of insider threat. These models can be difficult to contextualise within an organisation and hence developing actionable insight is challenging. An important task in understanding an insider attack is to gather a 360-degree understanding of the incident across multiple business areas: e.g. co-workers, HR, IT, etc. can be key to understanding the attack. We propose a new approach to gathering organic narratives of an insider threat incident that then uses a computational approach to map these narratives to an existing insider threat framework. Leveraging Natural Language Processing (NLP) we exploit a large collection of insider threat reporting to create an understanding of insider threat. This understanding is then applied to a set of reports of a single attack to generate a computational representation of the attack. This representation is then successfully mapped to an existing, manual insider threat framework. en_UK
dc.language.iso en en_UK
dc.publisher Springer en_UK
dc.rights © Cranfield University, 2015. All rights reserved. No part of this publication may be reproduced without the written permission of the copyright holder.
dc.rights Attribution-NonCommercial 4.0 International *
dc.rights.uri http://creativecommons.org/licenses/by-nc/4.0/ *
dc.subject Insider threat en_UK
dc.subject Natural Language Processing en_UK
dc.subject Organic narratives en_UK
dc.title Understanding insider threat attacks using natural language processing: automatically mapping organic narrative reports to existing insider threat frameworks en_UK
dc.type Article en_UK


Files in this item

The following license files are associated with this item:

This item appears in the following Collection(s)

Show simple item record

© Cranfield University, 2015. All rights reserved. No part of this publication may be reproduced without the written permission of the copyright holder. Except where otherwise noted, this item's license is described as © Cranfield University, 2015. All rights reserved. No part of this publication may be reproduced without the written permission of the copyright holder.

Search CERES


Browse

My Account

Statistics