SBE: Small: Collaborative: Modeling Insider Threat Behavior in Financial Institutions: Large Scale Data Analysis

SBE：小型：协作：金融机构内部威胁行为建模：大规模数据分析

• 批准号: 1420758
• 负责人: Jingguo Wang
• 金额: $ 15.75万
• 依托单位: University of Texas at Arlington
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-08-15 至 2018-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1420758&HistoricalAwards=false
• 关键词: SBE; Small; Collaborative; Modeling; Insider

Insiders pose substantial threats to an organization, regardless of whether they act intentionally or accidentally. Because they usually possess elevated privileges and have skills, knowledge, resources, access and motives regarding internal systems and data, insiders can easily circumvent security countermeasures, steal valuable data, and cause damage. Perimeter and host-based countermeasures like firewalls, intrusion detection systems, and antivirus software are ineffective in preventing and detecting insider threats. Despite the availability of abundant anecdotal information regarding insider threats, research relying on field data to advance understanding of such threats is still lacking. This proposal presents a theoretically driven approach to investigate the risk of insider threat within financial institutions. It will utilize large scale field data from two financial institutions to provide comparison and improve the generalizability of results. Intellectual Merit: The proposed research will use criminology theories and extend them to the domain of insider threat. It will use both objective log data from the enterprise single sign-on (eSSO) systems and subjective data through surveys and focus groups to understand perceptual characteristics of applications as well as perceptions of employees regarding attractiveness of targets. Thus, this research will be among the first that takes both the technical and human aspects into consideration in investigating victimization risk and attack proneness associated with information assets within financial institutions. In essence, the proposed study will utilize multi methods and multi-source data to establish how information resources can be better protected from misuse and abuse of access privileges. The study will initiate a new perspective for analyzing existing behavioral log data to improve the practice of risk management, which may have a transformative impact in terms of mitigating risks from different user groups and informing interventions to deal with the insider threat problem. Broader Impact: This multi-disciplinary collaborative project will deepen understanding of insider threat behavior in the context of financial institutions. A PhD student will be funded at each university and the research will result in a few Masters' independent studies in this area as well. The findings of this proposal will be disseminated among the law enforcement task forces, as well as banking organizations. The channels to be employed include workshops with the local InfraGuard program in collaboration with the regional FBI office. The outcomes of the proposal will not only provide an applied understanding of insider threat, but also important implications for risk management applications. It is important to note that the President's Critical Infrastructure Protection Board identified the banking and finance sector as one of the critical infrastructures to be secured. This proposal will help in this regard by having an impact on public policy with respect to regulations for financial institutions. The potential reduction in financial crime as a result would have significant societal benefits.

内部人员对组织构成实质性威胁，无论他们是有意还是无意。由于他们通常拥有更高的权限，并拥有有关内部系统和数据的技能、知识、资源、访问权限和动机，内部人员可以轻松绕过安全对策，窃取有价值的数据，并造成损害。基于外围和主机的对策，如防火墙、入侵检测系统和防病毒软件，在预防和检测内部威胁方面是无效的。尽管有大量关于内部威胁的轶事信息，但仍然缺乏依靠实地数据来增进对此类威胁的了解的研究。该建议提出了一种理论驱动的方法来调查金融机构内部的内部威胁风险。它将利用两个金融机构的大规模实地数据进行比较，并提高结果的普遍性。智力优势：拟议的研究将使用犯罪学理论，并将其扩展到内部威胁领域。它将使用来自企业单点登录（eSSO）系统的客观日志数据和通过调查和焦点小组获得的主观数据，以了解应用程序的感知特征以及员工对目标吸引力的看法。因此，这项研究将是第一个考虑到技术和人的方面，在调查受害风险和攻击倾向与金融机构内的信息资产。实质上，拟议的研究将利用多种方法和多源数据，以建立如何更好地保护信息资源，防止误用和滥用访问权限。该研究将为分析现有的行为日志数据提供一个新的视角，以改善风险管理的实践，这可能会在减轻不同用户群体的风险方面产生变革性的影响，并为处理内部威胁问题提供信息。更广泛的影响：这个多学科的合作项目将加深对金融机构内部威胁行为的理解。每所大学都将资助一名博士生，这项研究也将导致这一领域的一些硕士独立研究。这项建议的调查结果将分发给执法工作队以及银行组织。将采用的渠道包括与联邦调查局区域办事处合作，与当地警察警卫方案举办讲习班。该提案的结果不仅提供了一个应用内部威胁的理解，但也对风险管理应用程序的重要影响。必须指出，总统的重要基础设施保护委员会将银行和金融部门确定为需要保护的重要基础设施之一。这一建议将有助于这方面的工作，因为它将对有关金融机构条例的公共政策产生影响。因此，金融犯罪的潜在减少将产生重大的社会效益。