Profiling in Air Force to Reduce Insider Threat

摘要

To software, humans can be classified in two ways: insider or outsider and ill-intended or well-intended. Dealing with outsider humans is relatively straightforward as they just need to be blocked from acquiring access to the system and its data. Dealing with insider humans is much trickier as they need access to perform their jobs effectively. An essential tradeoff exists between security and efficiency depending upon the level of access. Further complications arise as insiders can switch from being well-intentioned to ill-intentioned and vice-versa. Many conventions have been proposed to minimize the access individuals need and are granted to lower the degree of danger insiders pose, but the underlying problem remains the same: systems have to inherently trust its insiders. As this scheme has yet to be resolved, this paper will seek an intermediate solution that aims to discover well-intentioned insiders with the highest likelihood of becoming ill-willed before they act out on their will. The main method that will be explored will combine user's network activity along with their demographics and background information to create a threat behavioral profile for each insider. This method will be applied to a base case of the US Air Force to examine its proficiency.