期刊名称:Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications
印刷版ISSN:2093-5374
电子版ISSN:2093-5382
出版年度:2013
卷号:4
期号:4
页码:1-19
出版社:Innovative Information Science & Technology Research Group
摘要:Analyzing historical cases of insider crimes to identify patterns or specific indicators of attack is a challenging task, particularly when using large volumes of free-text input sources, such as court documents and media reports. In this workshop paper, we offer a new process for processing, or coding, free-text descriptions of insider crimes for future analysis; specifically, we study cases of in- sider threat sabotage. Our method is based on a triad of discrete descriptors which allow for a quick, accurate, and repeatable characterizations of any event in the timeline of an insider attack. While the majority of this paper is concerned with reporting our development efforts and describing the current state of the project, we will brie.y address some initial findings based on analysis conducted on the results of our coding efforts. In general, we found our new method increased the ease with which an- alysts could distinguish between technical events (those involving IT systems) and behavioral events (individual or interpersonal events not involving IT systems). Also, this coding technique also al- lowed for consistent comparison of events across cases. For instance, from 49 cases of insider threat sabotage, we determined that the majority had behavioral events prior to technical events, indicating a potential area for further study
