Using dynamic models to support inferences of insider threat risk

摘要

Two modeling approaches were integrated to address the problem of predicting the risk of an attack by a particular insider. We present a system dynamics model that incorporates psychological factors including personality, attitude and counterproductive behaviors to simulate the pathway to insider attack. Multiple runs of the model that sampled the population of possible personalities under different conditions resulted in simulated cases representing a wide range of employees of an organization. We then structured a Bayesian belief network to predict attack risk, incorporating important variables from the system dynamics model and learning the conditional probabilities from the simulated cases. Three scenarios were considered for comparison of risk indicators: An average employee (i.e., one who scores at the mean of a number of personality variables), an openly disgruntled malicious insider, and a disgruntled malicious insider who decides to conceal bad behaviors. The counterintuitive result is that employees who act out less than expected, given their particular level of disgruntlement, can present a greater risk of being malicious than other employees who exhibit a higher level of counterproductive behavior. This result should be tempered, however, considering the limited grounding of some of the model parameters. Nevertheless, this approach to integrating system dynamics modeling and Bayesian belief networks to address an insider threat problem demonstrates the potential for powerful prediction and detection capability in support of insider threat risk mitigation.