Author Biography

Dr. Frank L. Greitzer is a Chief Scientist at the Pacific Northwest National Laboratory (PNNL), where he conducts R&D in human decision making for diverse problem domains. At PNNL Dr. Greitzer leads the cognitive informatics R&D focus area, which addresses human factors and social/behavioral science challenges through modeling and advanced engineering/computing approaches. This research focuses on the intelligence domain, including human behavior modeling with application to identifying/predicting malicious insider cyber activities, modeling socio-cultural factors as predictors of terrorist activities, and human information interaction concepts for enhancing intelligence analysis decision making. Dr. Greitzer’s research interests also include evaluation methods and metrics for assessing effectiveness of decision aids, analysis methods and displays. Ryan Hohimer is a Senior Research Scientist at PNNL. His research interests include knowledge representation and reasoning, probabilistic reasoning, semantic computing, cognitive modeling, image analysis, data management, and data acquisition and analysis. He is currently serving as Principal Investigator of a Laboratory-directed Research and Development project that has designed and developed the CHAMPION reasoner.

DOI

http://dx.doi.org/10.5038/1944-0472.4.2.2

Subject Area Keywords

Corporate security, Cybersecurity, Intelligence analysis, Security management, Terrorism / counterterrorism, Threat assessment

Abstract

The insider threat ranks among the most pressing cyber-security challenges that threaten government and industry information infrastructures. To date, no systematic methods have been developed that provide a complete and effective approach to prevent data leakage, espionage, and sabotage. Current practice is forensic in nature, relegating to the analyst the bulk of the responsibility to monitor, analyze, and correlate an overwhelming amount of data. We describe a predictive modeling framework that integrates a diverse set of data sources from the cyber domain, as well as inferred psychological/motivational factors that may underlie malicious insider exploits. This comprehensive threat assessment approach provides automated support for the detection of high-risk behavioral “triggers” to help focus the analyst’s attention and inform the analysis. Designed to be domain-independent, the system may be applied to many different threat and warning analysis/sense-making problems.

Recommended Citation

Greitzer, Frank L. , Ph.D. and Hohimer, Ryan E.. “Modeling Human Behavior to Anticipate Insider Attacks.” Journal of Strategic Security 4, no. 2 (2011): 25-48.
DOI: http://dx.doi.org/10.5038/1944-0472.4.2.2

Journal of Strategic Security