Visible to the public A Framework for Data-Driven Physical Security and Insider Threat Detection

TitleA Framework for Data-Driven Physical Security and Insider Threat Detection
Publication TypeConference Paper
Year of Publication2018
AuthorsMavroeidis, V., Vishi, K., Jøsang, A.
Conference Name2018 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM)
KeywordsAccess Control, anomaly detection, Attack Pattern Reconstruction, Data analysis, data analytics, data-driven physical security, digital forensics, forensic data analysis, Forensics, Human Behavior, insider threat, Insider Threat Detection, insider threats mitigation, intrusion attempts, Metrics, ontological framework, Ontologies, ontologies (artificial intelligence), organizational security policies, Organizations, physical security, physical security architecture, Physical Security Definition, policy-based governance, provenance graphs, PSO, pubcrawl, resilience, risk management, rule-based anomaly detection, security of data, Security Ontology, Security Provenance, security provenance solution, security weaknesses

This paper presents PSO, an ontological framework and a methodology for improving physical security and insider threat detection. PSO can facilitate forensic data analysis and proactively mitigate insider threats by leveraging rule-based anomaly detection. In all too many cases, rule-based anomaly detection can detect employee deviations from organizational security policies. In addition, PSO can be considered a security provenance solution because of its ability to fully reconstruct attack patterns. Provenance graphs can be further analyzed to identify deceptive actions and overcome analytical mistakes that can result in bad decision-making, such as false attribution. Moreover, the information can be used to enrich the available intelligence (about intrusion attempts) that can form use cases to detect and remediate limitations in the system, such as loosely-coupled provenance graphs that in many cases indicate weaknesses in the physical security architecture. Ultimately, validation of the framework through use cases demonstrates and proves that PS0 can improve an organization's security posture in terms of physical security and insider threat detection.

Citation Keymavroeidis_framework_2018