A Thief among Us: The Use of Finite-State Machines to

Dissect Insider Threat in Cloud Communications

Shuyuan Mary Ho¹ and Hwajung Lee²

¹Florida State University

Tallahassee, FL 32306-2100

²Radford University

Radford, VA 24142. USA

Abstract

Insider threats are both social and technological phenomena, and group dynamics can provide important

indicators to help counter insider threats. This paper discusses an experimental study that simulates insider

betrayal in an online collaborative environment. This study uses the framework of trustworthiness attribution,

wherein the authors examine the trustworthiness of a focal individual whose role was in leadership with authority

within a trusted team arrangement. Specifically, the authors adopted a finite-state machine (FSM) approach to

analyzing patterns of a group's emotional states in order to understand how members collectively distinguish

insider betrayal through computer-mediated interactions, social connectivity and coordination. Moreover, these

conditions help us understand how human observations of betrayal can be leveraged to provide early warnings to

betrayal. Of the four simulated case studies conducted, two provide baseline measures, and the other two provide

treatment measures. Findings indicate that signs of potential betrayal can be collectively identified by team

members through text and behavioral patterns – to uncover social intent that is not explicitly stated.

Keywords: Insider threats, information systems security, socio-technical system, online game simulation,
human computer interactions

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA),

Vol. 3, No. 1/2, pp. 82-98, March 2012 [pdf]