Mitigating Insider Threats in Virtual Environments With Deception Detection
Abstract
Insider threats pose a severe risk to DOD networks and the missions they support. With trusted access, insiders can manipulate critical and sensitive cyber systems. These threats can be difficult to detect, given their trusted access. There is a need for early indications and warnings of deceptive activity so that the damage from these malicious actors can be stopped or limited as quickly as possible. Current deception detection capabilities include behavioral and physical biometrics, but these techniques do not address unencountered users. This study researches the merit of using human-computer interaction (HCI) features for a deception detection capability. With data collected in an online survey, machine learning is used to classify deceptive or potentially deceptive online behavior using keyboard and mouse movement. This study demonstrates the potential for utilizing (HCI) as an indicator for deception and offers the possibility of detecting deception in unencountered users. It expands the effectiveness of early insider threat detection by demonstrating the ability to classify concealed or deceptive user activity without the need for a user-specific model created from per-user historical data.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2021
- Accession Number
- AD1150944
Entities
People
- Jamie Francona
Organizations
- Naval Postgraduate School