SBE: Small: Collaborative: Modeling Insider Threat Behavior in Financial Institutions: Large Scale Data Analysis

SBE：小型：协作：金融机构内部威胁行为建模：大规模数据分析

• 批准号: 1724725
• 负责人: Raghav Rao
• 金额: $ 18.28万
• 依托单位: University of Texas at San Antonio
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-09-07 至 2021-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1724725&HistoricalAwards=false
• 关键词: SBE; Small; Collaborative; Modeling; Insider

Insiders pose substantial threats to an organization, regardless of whether they act intentionally or accidentally. Because they usually possess elevated privileges and have skills, knowledge, resources, access and motives regarding internal systems and data, insiders can easily circumvent security countermeasures, steal valuable data, and cause damage. Perimeter and host-based countermeasures like firewalls, intrusion detection systems, and antivirus software are ineffective in preventing and detecting insider threats. Despite the availability of abundant anecdotal information regarding insider threats, research relying on field data to advance understanding of such threats is still lacking. This proposal presents a theoretically driven approach to investigate the risk of insider threat within financial institutions. It will utilize large scale field data from two financial institutions to provide comparison and improve the generalizability of results.Intellectual Merit: The proposed research will use criminology theories and extend them to the domain of insider threat. It will use both objective log data from the enterprise single sign-on (eSSO) systems and subjective data through surveys and focus groups to understand perceptual characteristics of applications as well as perceptions of employees regarding attractiveness of targets. Thus, this research will be among the first that takes both the technical and human aspects into consideration in investigating victimization risk and attack proneness associated with information assets within financial institutions. In essence, the proposed study will utilize multi methods and multi-source data to establish how information resources can be better protected from misuse and abuse of access privileges. The study will initiate a new perspective for analyzing existing behavioral log data to improve the practice of risk management, which may have a transformative impact in terms of mitigating risks from different user groups and informing interventions to deal with the insider threat problem. Broader Impact: This multi-disciplinary collaborative project will deepen understanding of insider threat behavior in the context of financial institutions. A PhD student will be funded at each university and the research will result in a few Masters' independent studies in this area as well. The findings of this proposal will be disseminated among the law enforcement task forces, as well as banking organizations. The channels to be employed include workshops with the local InfraGuard program in collaboration with the regional FBI office. The outcomes of the proposal will not only provide an applied understanding of insider threat, but also important implications for risk management applications. It is important to note that the President's Critical Infrastructure Protection Board identified the banking and finance sector as one of the critical infrastructures to be secured. This proposal will help in this regard by having an impact on public policy with respect to regulations for financial institutions. The potential reduction in financial crime as a result would have significant societal benefits.

无论是有意还是无意，内部人员都会对组织构成重大威胁。因为他们通常拥有高级特权，并且拥有有关内部系统和数据的技能、知识、资源、访问权限和动机，因此内部人员可以很容易地绕过安全对策，窃取有价值的数据并造成损害。外围和基于主机的对策，如防火墙、入侵检测系统和防病毒软件，在防止和检测内部威胁方面是无效的。尽管有大量关于内部威胁的轶事信息，但依靠现场数据来推进对此类威胁的理解的研究仍然缺乏。这一建议提出了一种理论驱动的方法来调查金融机构内部威胁的风险。它将利用两家金融机构的大规模现场数据进行比较，并提高结果的普遍性。智力优势：拟议的研究将使用犯罪学理论，并将其扩展到内部威胁领域。它将使用来自企业单点登录（eSSO）系统的客观日志数据和通过调查和焦点小组的主观数据来了解应用程序的感知特征以及员工对目标吸引力的感知。因此，在调查金融机构内与信息资产相关的受害风险和攻击倾向时，本研究将首先考虑技术和人的方面。从本质上讲，建议的研究将利用多种方法和多来源数据来确定如何更好地保护信息资源免受误用和滥用访问特权。该研究将为分析现有的行为日志数据提供一个新的视角，以改善风险管理的实践，这可能在减轻不同用户群体的风险方面产生变革性的影响，并告知干预措施以应对内部威胁问题。更广泛的影响：这个多学科合作项目将加深对金融机构内部威胁行为的理解。每所大学将资助一名博士生，该研究也将导致该领域的一些硕士独立研究。这项建议的调查结果将在执法工作队和银行组织之间散发。将采用的渠道包括与联邦调查局地区办事处合作，与当地的infragguard项目合作举办讲习班。该提案的结果不仅将提供对内部威胁的应用理解，而且还将对风险管理应用产生重要影响。值得注意的是，总统的关键基础设施保护委员会将银行和金融部门确定为需要保护的关键基础设施之一。这一建议将在这方面有所帮助，因为它将对有关金融机构规章的公共政策产生影响。金融犯罪的潜在减少将带来显著的社会效益。