An Ontology for Insider Threat Indicators Development and Applications

Abstract

We describe our ongoing development of an insider threat indicator ontology. Our ontology is intended to serve as a standardized expression method for potential indicators of malicious insider activity, as well as a formalization of much of our team's research on insider threat detection, prevention, and mitigation. This ontology bridges the gap between natural language descriptions of malicious insiders, malicious insider activity, and machine-generated data that analysts and investigators use to detect behavioral and technical observables of insider activity. The ontology provides a mechanism for sharing and testing indicators of insider threat across multiple participants without compromising organization-sensitive data, thereby enhancing the data fusion and information sharing capabilities of the insider threat detection domain.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2014
Accession Number
ADA615757

Entities

People

  • Daniel L. Costa
  • Derrick L. Spooner
  • George J. Silowash
  • Matthew L. Collins
  • Michael J. Albrethsen
  • Samuel J. Perl

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Cyber Threats
  • Detection
  • Engineering
  • Human Resources
  • Indicators
  • Information Exchange
  • Information Systems
  • Insider Threats
  • Intellectual Property
  • Language
  • Models
  • National Security
  • Natural Languages
  • Ontologies
  • Security
  • Software Development
  • Threats

Readers

  • Cybersecurity.
  • Geospatial Intelligence and Artificial Intelligence Analytics