Time Aspect of Insider Threat Mitigation
DOI:
https://doi.org/10.3849/aimt.01830Keywords:
cyber attack, security system, insider threat, Markov chain, time balanceAbstract
The article reveals the problem of mitigating an insider threat by creating a time-balanced security system in an organization. Based on Markov chain, the authors propose a basic model of interaction in an “organization – insider” system. The article analytically defines a ratio between the time of an insider attack and the time during which the organization’s security system can neutralize it. The authors propose a concept of a multi-level system of organization protection, which takes into account the involved resources and practical skills of employees, as well as security services. At the end of the article, it is concluded that the proposed concept of the organization’s protection system will be effective against potential insider attacks.
References
STORCHAK, Y. Insider Threat Statistics for 2024: Reports, Facts, Actors, and Costs [online]. 2024 [viewed 2024-03-19]. Available from: https://www.ekransystem.com/en/blog/insider-threat-statistics-facts-and-figures
AL-MHIQANI, M., A. RABIAH, Z.A. ZAHEERA, M. WARUSIA, H. ASLINDA, A. KARRAR, A. NABEEL and Y. ZAHRI. A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations. Applied Sciences, 2020, 10(15), 5208. https://doi.org/10.3390/app10155208.
KORNIYENKO, B.Y., L. GALATA and L. LADIEVA. Mathematical Model of Threats Resistance in the Critical Information Resources Protection System. In: International Conference on Intelligent Tutoring Systems [online]. Kingston: ITS, 2019 [viewed 2023-07-05]. Available from: https://ceur-ws.org/Vol-2577/paper23.pdf
NONG, Y., Z. YEBIN and B. CONNIE. Robustness of the Markov-Chain Model for Cyber-Attack Detection. IEEE Transactions on Reliability, 2004, 53(1), pp. 116-123. https://doi.org/10.1109/TR.2004.823851.
KASENOV, A.A., E.F. KUSTOV, A.A. MAGAZEV and V.F. TSYRULNIK. A Markov Model for Optimization of Information Security Remedies. Journal of Physics: Conference Series, 2020, 1441, 012043. DOI 10.1088/1742-6596/1441/1/012043.
QISI, L., X. LIUDONG and Z. CHENCHENG. Probabilistic Modeling and Analysis of Sequential Cyber‐Attacks. Engineering Reports, 2019, 1(4), e12065. https://doi.org/10.1002/eng2.12065.
LE, N. and H. DOAN. A Threat Computation Model Using a Markov Chain and Common Vulnerability Scoring System and its Application to Cloud Security. Journal of Telecommunications and the Digital Economy, 2019, 7(1), pp. 37-56. https://doi.org/10.18080/jtde.v7n1.181.
MAGAZEV, A. and V. TSYRULNIK. On Small Perturbations of Markov Cyber Threat Models. Journal of Physics: Conference Series, 2021, 1745, 012111. https://doi.org/10.1088/1742-6596/1745/1/012111.
LOCKHEED M. Cyber Kill Chain [online]. 2021 [viewed 2023-07-05]. Available from: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
MITRE ATT&CK® [online]. [viewed 2023-07-05]. Available from: https://attack.mitre.org/
READ, D., A. ALAMIR, S. DUGDALE, N. STRIDE and D. LOBO. Introducing the Insider Attack Matrix [online]. 2021 [viewed 2023-07-05]. Available from: https://www.gresearch.co.uk/article/introducing-the-insider-attack-matrix/
BARROS, A. Applying the MITRE ATT&CK Framework to Detect Insider Threats [online]. 2021 [viewed 2023-07-05]. Available from: https://www.brighttalk.com/webcast/15533/455015/applying-the-mitre-att-ck-framework-to-detect-insider-threats
PASCUCCI, M. What You Should Know About Driving Down MTTD and MTTR [online]. 2021 [viewed 2023-07-05]. Available from: https://www.ccsinet.com/blog/driving-down-mttd-mttr/
CHENG, Y., J. DENG, J. LI, S. DELOACH, A. SINGHAL and X. OU. Metrics of Security. In: A. KOTT, C. WANG and R.F. ERBACHER, eds. Cyber Defense and Situational Awareness. Cham: Springer, 2014, pp. 263-295. ISBN 978-3-319-11390-6.
MTTD and MTTR: Two Metrics to Improve Your Cybersecurity [online]. 2020 [viewed 2023-07-05]. Available from: https://threatpost.com/mttd-and-mttr-two-metrics-to-improve-your-cybersecurity/152149/
Best Insider Threat Management (ITM) Software [online]. 2024 [viewed 2024-03-19]. Available from: https://www.g2.com/categories/insider-threat-management-itm
Why Early Indicators of Insider Threat Risk Are So Valuable ‒ And Which Ones to Use [online]. 2020 [viewed 2023-07-05]. Available from: https://www.proofpoint.com/us/blog/insider-threat-management/why-early-insider-threat-indicators-are-so-valuable
Global Guideline ‒ Interviewer and Interviewee Guide [online]. 2022. [viewed 2023-07-05]. Available from: https://www.globalguideline.com/interview_questions/
Downloads
Published
License
Copyright (c) 2024 Advances in Military Technology
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
Users can use, reuse and build upon the material published in the journal for any purpose, even commercially.
