SBE: Small: Collaborative: Modeling Insider Threat Behavior in Financial Institutions: Large Scale Data Analysis

SBE：小型：协作：金融机构内部威胁行为建模：大规模数据分析

• 批准号: 1419856
• 负责人: Raghav Rao
• 金额: $ 34.23万
• 依托单位: SUNY at Buffalo
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-08-15 至 2017-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1419856&HistoricalAwards=false
• 关键词: SBE; Small; Collaborative; Modeling; Insider

Insiders pose substantial threats to an organization, regardless of whether they act intentionally or accidentally. Because they usually possess elevated privileges and have skills, knowledge, resources, access and motives regarding internal systems and data, insiders can easily circumvent security countermeasures, steal valuable data, and cause damage. Perimeter and host-based countermeasures like firewalls, intrusion detection systems, and antivirus software are ineffective in preventing and detecting insider threats. Despite the availability of abundant anecdotal information regarding insider threats, research relying on field data to advance understanding of such threats is still lacking. This proposal presents a theoretically driven approach to investigate the risk of insider threat within financial institutions. It will utilize large scale field data from two financial institutions to provide comparison and improve the generalizability of results.Intellectual Merit: The proposed research will use criminology theories and extend them to the domain of insider threat. It will use both objective log data from the enterprise single sign-on (eSSO) systems and subjective data through surveys and focus groups to understand perceptual characteristics of applications as well as perceptions of employees regarding attractiveness of targets. Thus, this research will be among the first that takes both the technical and human aspects into consideration in investigating victimization risk and attack proneness associated with information assets within financial institutions. In essence, the proposed study will utilize multi methods and multi-source data to establish how information resources can be better protected from misuse and abuse of access privileges. The study will initiate a new perspective for analyzing existing behavioral log data to improve the practice of risk management, which may have a transformative impact in terms of mitigating risks from different user groups and informing interventions to deal with the insider threat problem. Broader Impact: This multi-disciplinary collaborative project will deepen understanding of insider threat behavior in the context of financial institutions. A PhD student will be funded at each university and the research will result in a few Masters' independent studies in this area as well. The findings of this proposal will be disseminated among the law enforcement task forces, as well as banking organizations. The channels to be employed include workshops with the local InfraGuard program in collaboration with the regional FBI office. The outcomes of the proposal will not only provide an applied understanding of insider threat, but also important implications for risk management applications. It is important to note that the President's Critical Infrastructure Protection Board identified the banking and finance sector as one of the critical infrastructures to be secured. This proposal will help in this regard by having an impact on public policy with respect to regulations for financial institutions. The potential reduction in financial crime as a result would have significant societal benefits.

内部人士对组织构成了重大威胁，无论他们是故意还是意外采取行动。 由于它们通常具有高度的特权，并且具有有关内部系统和数据的技能，知识，资源，访问和动机，因此内部人员可以轻松规避安全对策，窃取有价值的数据并造成损害。防火墙，入侵检测系统和防病毒软件等外围和基于主机的对策在防止和检测内部威胁方面无效。 尽管有有关内部威胁的大量轶事信息，但仍缺乏依靠现场数据来提高对此类威胁的理解的研究。 该提案提出了一种理论上驱动的方法，以调查金融机构内部威胁的风险。它将利用来自两个金融机构的大规模现场数据来提供比较并提高结果的普遍性。智能优点：拟议的研究将使用犯罪学理论，并将其扩展到内幕威胁的领域。 它将通过调查和焦点小组使用企业单登录系统（ESSO）系统和主观数据的客观日志数据，以了解应用程序的感知特征以及员工对目标吸引力的感知。因此，这项研究将是第一个将技术和人类方面同时考虑到与金融机构中信息资产相关的受害风险和攻击性倾向的考虑的一项。 从本质上讲，拟议的研究将利用多种方法和多源数据来确定如何更好地保护信息资源免受滥用和滥用访问特权的保护。该研究将启动一种新的观点，用于分析现有的行为日志数据以改善风险管理实践，这在减轻不同用户群体的风险方面可能会产生变革性的影响，并告知干预措施以处理内部威胁问题。更广泛的影响：这个多学科的合作项目将在金融机构的背景下加深对内部威胁行为的了解。 一名博士生将在每所大学提供资金，该研究也将在该领域进行一些硕士学位的独立研究。该提案的发现将在执法工作队和银行组织之间传播。将要使用的渠道包括与当地的Infraguard计划与区域FBI办公室合作的研讨会。该提案的结果不仅将提供对内部威胁的应用，而且还将对风险管理应用程序产生重要影响。 重要的是要注意，总统的关键基础设施保护委员会将银行和财务部门确定为要确保的关键基础设施之一。 该提案将通过对金融机构的法规产生影响，在这方面有助于这方面。因此，金融犯罪的潜在减少将带来重大的社会利益。