Description
This paper discusses the use of active probes to detect insider threats ahead of their manifestation as opposed to the current detection techniques that have generally indicated the presence of a threat post hoc. Users become motivated to engage in insider theft due to a variety of reasons such as greed, disgruntlement, anger, patriotism, and social justice. Once motivated they seek opportunities for data theft, are careful to avoid detection, and often rationalize their behavior which allows them to blur the line between moral and immoral action. Our experimental protocol involves presenting probes to users, which serve as cues that signal the opportunity to steal data (signaled by active probes). We test the effectiveness of the probes by measuring user search and exfiltration behavior before and after the introduction of the probe.. The effects of two different probes on student exfiltration behavior were tested in a laboratory setting. Both probes resulted in an increase in curiosity and theft-related behaviors.
Recommended Citation
Goel, Sanjay; Williams, Kevin J.; zavoyskiy, Stan; and Rizzo, Nicholas S., "Using Active Probes to Detect Insiders Before They Steal Data" (2017). AMCIS 2017 Proceedings. 6.
https://aisel.aisnet.org/amcis2017/InformationSystems/Presentations/6
Using Active Probes to Detect Insiders Before They Steal Data
This paper discusses the use of active probes to detect insider threats ahead of their manifestation as opposed to the current detection techniques that have generally indicated the presence of a threat post hoc. Users become motivated to engage in insider theft due to a variety of reasons such as greed, disgruntlement, anger, patriotism, and social justice. Once motivated they seek opportunities for data theft, are careful to avoid detection, and often rationalize their behavior which allows them to blur the line between moral and immoral action. Our experimental protocol involves presenting probes to users, which serve as cues that signal the opportunity to steal data (signaled by active probes). We test the effectiveness of the probes by measuring user search and exfiltration behavior before and after the introduction of the probe.. The effects of two different probes on student exfiltration behavior were tested in a laboratory setting. Both probes resulted in an increase in curiosity and theft-related behaviors.