Inside the Mind of the Insider: Towards Insider Threat Detection Using Psychophysiological Signals

Yessir Hashem, Hassan Takabi
+, Mohammad GhasemiGol, and Ram Dantu
 

Department of Computer Science and Engineering

University of North Texas, Denton, TX, USA
YassirHashem@my.unt.edu
, {Takabi, Mohammad.ghasemigol, Ram.Dantu}@unt.edu

 

Abstract

Insider threat is a great challenge for most organizations in today’s digital world. It has received substantial research attention as a significant source of information security threat that could cause more financial losses and damages than any other threats. However, designing an effective monitoring and detection framework is a very challenging task. In this paper, we examine the use of human bio-signals to detect the malicious activities and show that its applicability for insider threats detection. We employ a combination of the electroencephalography (EEG) and the electrocardiogram (ECG) signals to provide a framework for insider threat monitoring and detection. We empirically tested the framework with ten subjects and used several activities scenarios. We found that our framework able to achieve up to 90% detection accuracy of the malicious activities when using the electroencephalography (EEG) signals alone. We then examined the effectiveness of adding the electrocardiogram (ECG) signals to our framework and results show that by adding the ECG the accuracy of detecting the malicious activity increases by about 5%. Thus, our framework shows that human brain and heart signals can reveal valuable knowledge about the malicious behaviors and could be an effective solution for detecting insider threats.

 

Keywords: Insider Threat, Brain Computer Interface, Electrocardiogram, Electroencephalography, Physiological Indicators

 

+: Corresponding author: Hassan Takabi
Computer Science and Engineering Department, University of North Texas, 3940 N.Elm St, Denton, TX 76207, USA
Tel: +1-940-565-2385, Web: http://www.cse.unt.edu/~takabi

 

Journal of Internet Services and Information Security (JISIS), 6(1): 20-36, February 2016 [pdf]