Conference paper
Model Based Analysis of Insider Threats
In order to detect malicious insider attacks it is important to model and analyse infrastructures and policies of organisations and the insiders acting within them. We extend formal approaches that allow modelling such scenarios by quantitative aspects to enable a precise analysis of security designs.
Our framework enables evaluating the risks of an insider attack to happen quantitatively. The framework first identifies an insider's intention to perform an inside attack, using Bayesian networks, and in a second phase computes the probability of success for an inside attack by this actor, using probabilistic model checking.
We provide prototype tool support using Matlab for Bayesian networks and PRISM for the analysis of Markov decision processes, and validate the framework with case studies.
Language: | English |
---|---|
Publisher: | IEEE |
Year: | 2016 |
Pages: | 1-3 |
Proceedings: | 2016 International Conference on Cyber Security and Protection of Digital Services (Cyber Security) |
ISBN: | 1509007091 , 1509007105 , 9781509007097 and 9781509007103 |
Types: | Conference paper |
DOI: | 10.1109/CyberSecPODS.2016.7502350 |
ORCIDs: | Probst, Christian W. |
Analytical models Bayes methods Bayesian networks Computational modeling Markov decision processes Markov processes Mathematical model Matlab PRISM Probabilistic logic Security System dynamics belief networks decision theory formal verification insider threat model based analysis malicious insider attacks probabilistic model checking probability security designs security of data