Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

GraphCH: A Deep Framework for Assessing Cyber-Human Aspects in Insider Threat Detection

Journal Article · · IEEE Transactions on Dependable and Secure Computing
 [1];  [2]
  1. New Mexico Institute of Mining and Technology, Socorro, NM (United States); University of Texas at San Anton
  2. University of Texas at San Antonio, TX (United States)
+ Show Author Affiliations

Insider threat is one of the most damaging cyber attacks that could cause the loss of intellectual property and enterprise data security breaches. Action sequence data such as host logs are used to investigate such threats and develop anomaly-based AI detectors. However, insider threat actions are similar to legitimate user activities, causing AI detectors to fail and suffer from high false alarm rates. Therefore, user cyber activity logs are inadequate to fully unfold insider threats. In this study, we adopt human psychological principles of risk-taking and impulsiveness along with host data to assess the influence and usefulness of human behavioral aspects in insider threat detection. Here, we hypothesize that individuals' impulsive and risk-taking behavior correlates with cyberspace activities. To validate our hypothesis, we conducted an IRB-approved study recruiting 35 participants who work in a large U.S. university and collected their cyber and psychological data for 90 days. Host and human-behavioral data analysis and mapping indicate that impulsive and risk-taking users trigger more system errors causing (un)intentional insider threats and are susceptible to attackers' social engineering and cognitive hacking. Utilizing cyber-human aspects, we introduce a Cyber-Human Graph Neural Network (GNN) based framework GraphCH to identify abnormal user behaviors and detect insider threats.

Research Organization:
University of Texas at San Antonio, TX (United States)
Sponsoring Organization:
USDOE Office of Nuclear Energy (NE); USDOE National Nuclear Security Administration (NNSA)
Grant/Contract Number:
NA0003985
OSTI ID:
2283230
Alternate ID(s):
OSTI ID: 2283237
Journal Information:
IEEE Transactions on Dependable and Secure Computing, Journal Name: IEEE Transactions on Dependable and Secure Computing Journal Issue: 5 Vol. 21; ISSN 1545-5971
Publisher:
IEEECopyright Statement
Country of Publication:
United States
Language:
English

References (30)

DeepRan: Attention-based BiLSTM and CRF for Ransomware Early Detection and Classification journal June 2020
Deep learning for insider threat detection: Review, challenges and opportunities journal May 2021
Exposing the darkness within: A review of dark personality traits, models, and measures and their relationship to insider threats journal December 2022
Heroin addicts have higher discount rates for delayed rewards than non-drug-using controls. journal March 1999
Evaluation of a behavioral measure of risk taking: The Balloon Analogue Risk Task (BART). journal January 2002
Insider Threat Detection via Hierarchical Neural Temporal Point Processes conference December 2019
Insider Threat Detection Based on Deep Belief Network Feature Representation conference August 2017
Automated Behavioral Analysis of Malware: A Case Study of WannaCry Ransomware conference December 2017
ExHPD: Exploiting Human, Physical, and Driving Behaviors to Detect Vehicle Cyber Attacks journal September 2021
Multi-Domain Information Fusion for Insider Threat Detection conference May 2013
Training regime influences to semi-supervised learning for insider threat detection conference May 2021
Platform-Dependent Computer Security Complacency: The Unrecognized Insider Threat journal December 2022
A Survey on Network Embedding journal May 2019
DANTE: Predicting Insider Threat using LSTM on system logs conference December 2020
Insider Threat Detection Through Attributed Graph Clustering conference August 2017
Cyber security data sources for dynamic network research book March 2016
Unified Host and Network Data Set book September 2018
DeepWalk: online learning of social representations
  • Perozzi, Bryan; Al-Rfou, Rami; Skiena, Steven
  • Proceedings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining - KDD '14 https://doi.org/10.1145/2623330.2623732
conference January 2014
LINE: Large-scale Information Network Embedding
  • Tang, Jian; Qu, Meng; Wang, Mingzhe
  • WWW '15: 24th International World Wide Web Conference, Proceedings of the 24th International Conference on World Wide Web https://doi.org/10.1145/2736277.2741093
conference May 2015
Malicious Behavior Detection using Windows Audit Logs conference October 2015
Fraud Detection through Graph-Based User Behavior Modeling conference October 2015
node2vec: Scalable Feature Learning for Networks conference January 2016
metapath2vec conference August 2017
Heterogeneous Graph Neural Networks for Malicious Account Detection conference October 2018
Heterogeneous Graph Neural Network conference July 2019
Heterogeneous Graph Attention Network conference May 2019
Log2vec conference November 2019
Modeling Users’ Behavior Sequences with Hierarchical Explainable Network for Cross-domain Fraud Detection conference April 2020
Graph Based Framework for Malicious Insider Threat Detection conference January 2017
Modeling Human Behavior to Anticipate Insider Attacks journal June 2011

Similar Records

Artificial Intelligence for Digital Security and Protections
Technical Report · Mon Nov 30 23:00:00 EST 2020 · OSTI ID:1847906
Analytic framework for the United States cyber deterrence strategy. Final draft, 2nd submission (20 May 2015]
Technical Report · Sun Jan 31 23:00:00 EST 2016 · OSTI ID:1762023

Related Subjects

97 MATHEMATICS AND COMPUTING
Graph neural network
heterogeneous information network
host data
human factors
insider threat