Modeling human behavior to anticipate insider attacks via System Dynamics

摘要

The problem of insider threats to computer networks overseen by the company's Information Technologies (IT) department is complex and involves many variables; the most complex variable presented is human behavior. In an operational context many fields of study come into play, the security analyst's job is to interpret the data and draw conclusions of a possible malicious threat. Patterns are to be perceived and recognized within the relevant data. Forensic software and a number of other analyst tools are used to determine suspicious activities within and outside the network. After suspicious activities are revealed alerts must be sent out to induce action to prevent attacks. The goal of this paper is to predict an inside attack derived from behavioral, computer and psycho-social risk factors by using the System Dynamics methodology and its relation to solving the problem. A stock-flow diagram is used with Vensim to model the system. The model represents probabilistic human behavior of the attacker and deterministic behavior of the system.