In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019)
Title: A Machine Learning Approach to Detect Insider Threats in Emails Caused by Human Behaviours
Author(s): Anotnia Michael, Jan Eloff
Keywords: Cyber-security, insider threats, insider threat detection, machine learning
Abstract: In recent years, there has been a significant increase of human behaviour driven insider threats within organizations and these have caused massive losses and damages. Due to the fact that emails are a crucial part of the modern-day working environment, many of those insider threats exist within the organizations’ email infrastructures. It is known that amidst “business-as-usual” emails sent by employees, there are non-company related mail and perhaps mail containing malicious activity and unethical behaviour. These types of insider threats are most often caused by employees who have legitimate access to an organisation’s resources, such as the servers and non-public data, but abuse these privileges for various reasons such as personal gain or perhaps to inflict malicious damage on the employer. The problem is that due to the high volume and velocity of email, it is almost impossible to minimise the risk of these type of insider threat activities through techniques such as filtering and rule-based systems. The research presented in this paper aims to minimise the risk of human behaviour driven insider threats via email systems, by employing a machine learning based approach. This is done by studying and creating categories of malicious human behaviours that insiders possess, and, mapping these to phrases that would appear in email communications. A large email dataset is classified according to behavioural characteristics of employees. Machine learning algorithms are employed to identify commonly occurring insider threats and to group the occurrences into insider threat classifications.
Download count: 538
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.