Abstract
The number of insider threats and the expense of handling them increase every year, rendering it imperative to adopt measures against insider threats. In particular, insiders must adopt a psychological approach. Psychological approaches can be classified into three categories: deceiving insiders, demoralizing insiders, and luring insiders. The deception simultaneously accomplishes these three approaches. The disruption of enterprise systems by deception mechanisms causes a significant decrease in usability for users. The application of deception mechanisms requires careful consideration. Therefore, when designing deception as a countermeasure against insider threats, usability and security must be balanced from the viewpoint of cost-effectiveness. For evaluating cost-effectiveness of security measures, a method that models the relationship between “assets”, “threats”, and “countermeasures” as well as formulates the countermeasure selection problem as a discrete optimization problem has been proposed. However, these methods assume an external intruder, and to the best of our knowledge, no existing research explicitly covers the selection of countermeasures against insiders (malicious insiders). This paper proposes a scheme to quantitatively evaluate the effectiveness of deception against insider threats and determine the optimal deception mechanism. In the existing method, the relationship between “assets”, “threats”, and “countermeasures” is formulated as a discrete optimization problem, but the proposed method explicitly includes insiders as “threats” and deception as “countermeasures”. In addition, when evaluating the effectiveness of insider-threat countermeasures in the model, the usability of users must be considered. Therefore, by adding “operation” to “assets”, “threats”, and “countermeasures”, the proposed method incorporates the impact of selected countermeasures on the “usability” of business into the formulation of existing methods. Specifically, the existing method is sublimated into a security measure selection method that includes insider threat countermeasures (deceptions) by formulating the objective function of the existing method to be maximized with “usability” as a constraint.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Proofpoint, Inc: 2022 COST OF INSIDER THREATS GLOBAL REPORT. Proofpoint., 2022 COST OF INSIDER THREATS GLOBAL REPORT. Proofpoint. https://www.proofpoint.com/us/resources/threat-reports/cost-of-insider-threats. Accessed 3 July 2023
Maxion, R.A.: Improving user-interface dependability through mitigation of human error. Int. J. Hum.-Comput. Stud. 63(10), 25–50 (2005)
Carl, C.: Human factors in information security: the insider threat – Who can you trust these days? Inf. Secur. Tech. Rep. 14, 189–196 (2009)
Schoenherr, J.R., Lilja-Lolax, K., Gioe, D.: Multiple Approach Paths to Insider Threat (MAP-IT): Intentional, Ambivalent and Unintentional Insider Threats, Counter-Insider Threat Research and Practice. https://www.proofpoint.com/us/resources/threat-reports/cost-of-insider-threats. Accessed 3 July 2023
Nakamura, I., Hyodo, T., Soga, M., et al.: A practical approach for security measure selection problem and its availability, IPSJ J. 1445(8), 2022–2033(2004). (in Japanese)
Shuo, W, Qingpi, P, Jianhua, W, et al.: An intelligent deployment policy for deception resources based on reinforcement learning, IEEE, vol. 8, pp. 35792–35804 (2020)
Yousef, R.: Measuring the effectiveness of user and entity behavior analytics for the prevention of insider threats, Xi’an Jianzhu Keji Daxue Xuebao/J. Xi’an Univ. Archit. Technol. 13(10), 175–181(2021)
Madhu, S., Min-Yi, S., Jisheng, W.: User and entity behavior analytics for enterprise security. In: IEEE International Conference on Big Data, pp.1867–1874 (2016)
N-able: Intrusion Detection System (IDS): Signature vs. Anomaly-Based, N-able. https://www.n-able.com/blog/intrusion-detection-system. Accessed 3 July 2023
Khan, M.Z.A., Khan, M.M., Arshad, J.: Anomaly detection and enterprise security using user and entity behavior analytics (UEBA). In: 2022 3rd International Conference on Innovations in Computer Science & Software Engineering, pp. 1–6 (2022)
Vasileios, K., Stavros, S., Bogdan, G., et al.: Detection of insider threats using artificial intelligence and visualisation. In: 2nd International Workshop on Cyber-Security Threats, Trust and Privacy Management in Software-defined and Virtualized Infrastructures (SecSoft), pp. 437–443 (2020)
Hunker, J., Probst, W.C.: Insiders and insider threats an overview of definitions and mitigation techniques. In: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, vol. 2, no. 1, pp. 4–27 (2011)
David, L., Surya, N., Kristen, M., et al.: Deception for cyber defence. In: Challenges and Opportunities, 2021 Third IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, pp. 173–182 (2021)
David, A.: Ew101: a first coursein electronic warfare, pp. 223–227. Artech House Publishe (2000)
Aoike, Y., Kamizono, M., Eto, M., et al.: Decoy-file-based deception without usability degradation. In: 2021 IEEE Asia-Pacific Conference on Computer Science and Data Engineering10. (CSDE), pp. 1–7 (2021)
isms.online: Information Security Management System SaaS For ISO 27001., isms. https://www.isms.online/information-security-management-system-isms/. Accessed 3 July 2023
MITRE ATT&CK®: ATT&CK Matrix for Enterprise, MITRE ATT&CK. https://attack.mitre.org/. Accessed 3 July 2023
Microsoft: What is Microsoft 365 Defender? Microsoft. https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide&viewFallbackFrom=o365-worldwide. Accessed 3 July 2023
MITRE ATT&CK®: Open and fair evaluations based on ATT&CK®, MITRE ENGENUITY. https://attackevals.mitre-engenuity.org/. Accessed 3 July 2023
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Okumura, S. et al. (2024). Scheme for Selection of Deceptions as a Countermeasure for Insider Threats. In: Barolli, L. (eds) Advances on Broad-Band and Wireless Computing, Communication and Applications. BWCCA 2023. Lecture Notes on Data Engineering and Communications Technologies, vol 186. Springer, Cham. https://doi.org/10.1007/978-3-031-46784-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-46784-4_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-46783-7
Online ISBN: 978-3-031-46784-4
eBook Packages: EngineeringEngineering (R0)