The insider threat is one of most challenging prob-lems encountered by government agencies and industry today. It is a threat that has long predated the computer age. Insider threats can range from government and corporate spies to disgruntled employees making them very difficult to identify. While there are many types of insider threats and they can carry out a multitude of different malicious actions, for the sake of simplicity we focus on corporate data theft in our research. In the past, an insider threat could only steal small amounts of data limited by how much they could carry in their arms before somebody stopped them. One of the most famous examples of this was the release of the Pentagon Papers with details of the Vietnam War. The copying of these documents took several years of careful work to avoid detection. As the speed of computers has increased, the damage a relatively low level insider can inflict on a company has drastically increased. In 2010 Wikileaks released 1.7GB worth of data, in 2013 260GB of data was released by the Offshore Leaks, and in 2016 the Panama Papers release consisted of 2.7TB worth of data. This upward trend in the amount of data being stolen shows the need to find a workable solution to the insider threat problem. Our research attempts to detect insider threat efficiently with a proactive approach by reducing the time delay between the detection of possible insider threats and their review by system administrators within large scale companies.

Published in: World Congress on Internet Security (WorldCIS-2017)

  • Date of Conference: 11-14 December 2017
  • DOI: 10.2053/WorldCIS.2017.0019
  • ISBN: 978-1-908320-81-0
  • Conference Location: University of Cambridge, UK