Insider threats detection model for email content using statistical analysis

• 第一著者: Mohammad, Nur Ameera Natasha
• フォーマット: 学位論文
• 言語: 英語; 英語
• 出版事項: 2022
• 主題: Q Science (General); QA Mathematics
• オンライン･アクセス: http://eprints.utem.edu.my/id/eprint/26927/; https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=122122

An insider threat has become one of the most challenging malicious activities in cybersecurity defence systems in a contrast to outsider threats recently. Usually, IP theft, fraud and sabotage against legal information are three well-known types of insider threat. Since an insider threat usually expands and spread internally, no one could predict what, when and how exactly malicious insider launched their attacks. This is with a view of fact that an email becomes one of the primary targets of an internal threat as this medium is widely used by everyone to communicate, share, and exchange confidential information. Therefore, it is extremely important to understand the nature of insider threat behavior beforehand and construct an accurate detection model. Furthermore, every single keyword used in an email can reflect the behavior of an individual and can be used to determine their intentions, such as having a motive to launch an insider threat or not. Henceforth, an innovative approach is proposed in modelling insider threat detection in this work. In addition, various approaches such as scoring, Friedman, linear regression (R2) and correlation coefficient applied to analyse an insider threat relationship between historical insider threats behavior and relevant extracted keywords from email content. Firstly, the email content filtered into three different factors that influence the characteristics of an insider such as motive, opportunity and capability, before calculating the scores for the entire insider’s keywords. Next, the Friedman statistical used to determine the minimum differences between each extracted insider threats keywords that represent different insider threat factors (motive, opportunity, capability). Besides, linear regression applied to estimate the relationship of an insider threat from training keywords and testing keywords with allocating an anomaly score. Finally, the correlation coefficient approach used to determine how strong a relationship is between extracted insider threats keywords and insider threat behavior in this research. The proposed modelling approach has been evaluated using the benchmark dataset known as CERT that comprises a malicious email file. Throughout the experiment, the proposed insider threats detection approach has achieved a higher attack detection rate as well as minimized undetectable insider threats behavior as compared to the previous researcher works.