Attribution-based Anomaly Detection: Trustworthiness in an Online Community

  • Shuyuan Mary Ho
Conference paper

Abstract

This paper conceptualizes human trustworthiness1 as a key component for countering insider threats in an online community within the arena of corporate personnel security. Employees with access and authority have the most potential to cause damage to that information, to organizational reputation, or to the operational stability of the organization. The basic mechanisms of detecting changes in the trustworthiness of an individual who holds a key position in an organization resides in the observations of overt behavior – including communications behavior – over time. “Trustworthiness” is defined as the degree of correspondence between communicated intentions and behavioral outcomes that are observed over time [27], [25]. This is the degree to which the correspondence between the target’s words and actions remain reliable, ethical and consistent, and any fluctuation does not exceed observer’s expectations over time [10]. To be able to tell if the employee is trustworthy is thus determined by the subjective perceptions from individuals in his/her social network that have direct business functional connections, and thus the opportunity to repeatedly observe the correspondence between communications and behavior. The ability to correlate data-centric attributions, as observed changes in behavior from human perceptions; as analogous to “sensors” on the network, is the key to countering insider threats.

Keywords

Stein Arena Editing Mellon Lamar 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    BBC News Online. (2002). “Enron Scandal at a glance,” [BBC News Online]. Obtained on August 22, 2006 from http://news.bbc.co.uk/1/hi/business/1780075.stm.Google Scholar
  2. 2.
    Benkoil, D. (1998, October) “An Unrepentant Spy: Jonathan Pollard Serving a Life Sentence,” [ABCNEWS.com], October 25, 1998.Google Scholar
  3. 3.
    C4ISR Joint Chiefs of Staff (2000). Information Assurance Through Defense In Depth. Washington D. C., February 2000.Google Scholar
  4. 4.
    Carr, J. (2007). Former Boeing Employee charged in data theft. SC Magazine. Released on July 12, 2007. Obtained from http://www.scmagazine.com/us/news/article/670671/ex-boeingemployee- charged-data-theft.Google Scholar
  5. 5.
    Cohen, L.E. and Felson, M. (1979). Social Change and Crime Rate Trends: A Routine Activity Approach. American Sociological Review, 44(4), (Aug., 1979), 588-608.CrossRefGoogle Scholar
  6. 6.
    Durkheim, E. (1897). Suicide: A Study in Sociology. Trans. John A. Spaulding and George Simpson. New York: The Free Press, 1951.Google Scholar
  7. 7.
    FBI National Press Office. (2001). Federal Beaureu of Investigation Story: Robert Philip Hanssen Espionage Case. Released on Feb 20, 2001. Obtained from http://www.fbi.gov/libref/historic/famcases/hanssen/hanssen.htm.Google Scholar
  8. 8.
    Felson, M. (1987). Routine Activities and Crime Prevention in the Developing-Metropolis. Criminology, 25(4), (Nov. 1987), 911.CrossRefGoogle Scholar
  9. 9.
    Felson, M. and Cohen, L.E. (1980). Human Ecology and Crime: A Routine Activity Approach. Human Ecology, 8(4), (Dec. 1980), 389-406.CrossRefGoogle Scholar
  10. 10.
    Hardin, R. (1996). Trustworthiness. Ethics, Vol. 107, No. 1. (Oct., 1996), pp. 26-42.CrossRefGoogle Scholar
  11. 11.
    Hardin, R. (2003). Gaming trust. In E. Ostrom & J. Walker (Eds.), Trust and reciprocity: Interdisciplinary lessons from experimental research(pp. 80-101). New York: Russell Sage Foundation.Google Scholar
  12. 12.
    Haydon, M.V. (1999). “The Insider Threat to U.S. Government Information Systems”, National Security Telecommunications and Information Systems Security Committee (NSTISSAM) INFOSEC 1-99, July 1999. http://www.nstissc.gov/Assets/pdf/NSTISSAM_INFOSEC1-99.pdf.Google Scholar
  13. 13.
    Heider, F. (1944). Social perception and phenomenal causality. Psychological Review, 51, 358- 374.CrossRefGoogle Scholar
  14. 14.
    Heider, F. (1958). The psychology of interpersonal relations. New York: John Wiley & Sons.Google Scholar
  15. 15.
    Hirschi, T. (1969). Causes of Delinquency. Beverly Hills, CA: University of California Press.Google Scholar
  16. 16.
    Hirschi, T. & Gottfredson, M.R. (1986). The Distinction Between Crime and Criminality. In Critique and Explanation: Essays in Honor of Gwynne Nettler, edited by T. Hartnagel & R. Silverman (pp. 44-69). NJ: Transaction.Google Scholar
  17. 17.
    Ho, S.M. (2008). Towards a Deeper Understanding of Personnel Anomaly Detection. Encyclopedia of Cyber Warfare and Cyber Terrorism, 2008 IGI Global Publications, Hershey, PA.Google Scholar
  18. 18.
    Keeney, M., Kowalski, E., Cappelli, D., Moore, A., Shimeall, T., and Rogers, S. (2005). “Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors.” National Threat Assessment Center, U.S. Secret Service, and CERTtextregistered Coordination Center/Software Engineering Institute, Carnegie Mellon, May 2005, pp.21-34. Obtained from http://www.cert.org/archive/pdf/insidercross051105.pdf on April 10, 2007.Google Scholar
  19. 19.
    Kelley, H.H. (1973). The Process of Causal Attribution, American Psychologist, Feb 1973, 107-Obtained from http://faculty.babson.edu/krollag/org_site/soc_psych/kelly_attrib.html on July 5th, 2007.Google Scholar
  20. 20.
    Lamar, Jr. J.V. (1986). Two Not-So-Perfect Spies; Ronald Pelton is Convicted of Espionage as Jonathan Pollard Pleads Guilty. Time, 16 June 1986.Google Scholar
  21. 21.
    Mitnick, K.D. and Simon, W.L. (2002). The Art of Deception: Controlling the Human Element of Security. Indianapolis, Indiana: Wiley. 139Google Scholar
  22. 22.
    O’Connor, T. (2007). An Outline of Strain Theory; adapted from, T. O’Connor, Varieties of Strain Theory. Retrieved on January 05, 2007 from http://www.homestead.com/rouncefield/files/a_soc_dev_19.htm.Google Scholar
  23. 23.
    Park, J.S. and Ho, S.M. (2004). Composite Role-based Monitoring (CRBM) for Countering Insider Threats. Proceedings of Second Symposium on Intelligence and Security Informatics(ISI), Tucson, Arizona, June 2004.Google Scholar
  24. 24.
    Power, R. (2002). CSI/FBI Computer Crime and Security Survey. Computer Security Issues & Trends, 2002.Google Scholar
  25. 25.
    Rotter, J.B. (1967). A new scale for the measurement of interpersonal trust. Journal of Personality, 35 (4), 651–665.CrossRefGoogle Scholar
  26. 26.
    Rotter, J.B. and Stein, D.K. (1971). Public Attitudes Toward the Trustworthiness, Competence, and Altruism of Twenty Selected Occupations. Journal of Applied Social Psychology, Dec 1971, 1(4), 334–343.CrossRefGoogle Scholar
  27. 27.
    Rotter, J.B. (1980). Interpersonal Trust, Trustworthiness, and Gullibility. American Psychologist, Jan 1980, 35(1), 1–7.CrossRefMathSciNetGoogle Scholar
  28. 28.
    Sykes, G.M. and Matza, D. (1957). Techniques of Neutralization: A Theory of Delinquency. American Sociological Review, 22(6), (Dec., 1957), 664-670.CrossRefGoogle Scholar
  29. 29.
    Tittle, C.R. (2004). Refining Control Balance Theory. Theoretical Criminology, 8(4), November, 2004, 395-428.CrossRefGoogle Scholar
  30. 30.
    Weiner, B. (2006). Social Motivation, Justice, and the Moral Emotions: An Attributional Approach. Lawrence Erlbaum Associates, inc., Mahwah, New Jersey.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Shuyuan Mary Ho
    • 1
  1. 1.School of Information StudiesSyracuse UniversitySyracuseUSA

Personalised recommendations