Conference Paper

Can We Trust This User? Predicting Insider's Attitude via YouTube Usage Profiling

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Addressing the insider threat is a major issue in cyber and corporate security in order to enhance trusted computing in critical infrastructures. In this paper we study the psychosocial perspective and the implications of insider threat prediction via social media, Open Source Intelligence and user generated content classification. Inductively, we propose a prediction method by evaluating the predisposition towards law enforcement and authorities, a personal psychosocial trait closely connected to the manifestation of malevolent insiders. We propose a methodology to detect users holding negative attitude towards authorities. For doing so, we facilitate a brief analysis of the medium (YouTube), machine learning techniques and a dictionary-based approach, in order to detect comments expressing negative attitude. Thus, we can draw conclusions over a user behavior and beliefs via the content the user generated within the limits a social medium. We also use an assumption free flat data representation technique in order to decide over the user's attitude and improve the scalability of our method. Furthermore, we compare the results of each method and highlight the common behavior and characteristics manifested by the users. As privacy violations may well-rise when using such methods, their use should be restricted only on exceptional cases, e.g. when appointing security officers or decision-making staff in critical infrastructures.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... We screened 177 abstracts, evaluated 50 full-text articles, and included 37 articles-a total of 22 studies (59 %) propose novel IDPAs [9,. The other 15 papers either propose new features for IDP or discusses challenges associated with IDP [33][34][35][36][37][38][39][40][41][42][43][44][45][46][47]. Figure 1 presents the flow chart of the study selection process. In 13 papers (out of these 22 papers presenting novel algorithms), the authors have implemented and evaluated the proposed algorithms. ...
... For Fig. 2 The trend of security research for the insider cyber threat. The x-axis represents 'Year' and the y-axis represents the number of publications published in any given year example, Kandias et al. [40] have conducted a content analysis of user comments on YouTube videos looking for any negative comments on law enforcement. Theoretically, these negative comments posted by employees are likely to reflect their intent to commit malicious acts. ...
... The motive refers to the reason or cause why an insider or group of insiders will perpetrate a crime. Previous studies have grouped the features associated with motives into four broad categories [14,17,25,34,[38][39][40]: ...
Article
Full-text available
Cyber security is vital to the success of today’s digital economy. The major security threats are coming from within, as opposed to outside forces. Insider threat detection and prediction are important mitigation techniques. This study addresses the following research questions: 1) what are the research trends in insider threat detection and prediction nowadays? 2) What are the challenges associated with insider threat detection and prediction? 3) What are the best-to-date insider threat detection and prediction algorithms? We conduct a systematic review of 37 articles published in peer-reviewed journals, conference proceedings and edited books for the period of 1950–2015 to address the first two questions. Our survey suggests that game theoretic approach (GTA) is a popular source of insider threat data; the insiders’ online activities are the most widely used features in insider threat detection and prediction; most of the papers use single point estimates of threat likelihood; and graph algorithms are the most widely used tools for detecting and predicting insider threats. The key challenges facing the insider threat detection and prediction system include unbounded patterns, uneven time lags between activities, data nonstationarity, individuality, collusion attacks, high false alarm rates, class imbalance problem, undetected insider attacks, uncertainty, and the large number of free parameters in the model. To identify the best-to-date insider threat detection and prediction algorithms, our meta-analysis study excludes theoretical papers proposing conceptual algorithms from the 37 selected papers resulting in the selection of 13 papers. We rank the insider threat detection and prediction algorithms presented in the 13 selected papers based on the theoretical merits and the transparency of information. To determine the significance of rank sums, we perform “the Friedman two-way analysis of variance by ranks” test and “multiple comparisons between groups or conditions” tests.
... Along with technical countermeasures, research has proved that it is possible to detect personality characteristics shared among insiders themselves through social media [10] [11]. Social media users tend to transfer their offline behavior to the online world [12]. ...
... Modern approaches indicate that such characteristics can be extracted through social media. To this extend, conclusions over traits, such narcissism [10] or predisposition towards law enforcement [11], have been successfully extracted via Twitter and YouTube respectively, leading towards the ability of online monitoring of users behavior so as to detect potentially malevolent users. ...
... Insider threat mitigation forms a vital factor for an organization. Traits such as narcissism [10], predisposition towards law enforcement [11] and divided loyalty [25] can be extracted from social media profiles and detect potential insider threats, as a success or horror story respectively. The above mentioned traits have been examined and detected through social media and can facilitate the insider threat prediction in the digital world. ...
Conference Paper
Modern business environments have a constant need to increase their productivity, reduce costs and offer competitive products and services. This can be achieved via modeling their business processes. Yet, even in light of modelling's widespread success, one can argue that it lacks built-in security mechanisms able to detect and fight threats that may manifest throughout the process. Academic research has proposed a variety of different solutions which focus on different kinds of threat. In this paper we focus on insider threat, i.e. insiders participating in an organization's business process, who, depending on their motives, may cause severe harm to the organization. We examine existing security approaches to tackle down the aforementioned threat in enterprise business processes. We discuss their pros and cons and propose a monitoring approach that aims at mitigating the insider threat. This approach enhances business process monitoring tools with information evaluated from Social Media. It exams the online behavior of users and pinpoints potential insiders with critical roles in the organization's processes. We conclude with some observations on the monitoring results (i.e. psychometric evaluations from the social media analysis) concerning privacy violations and argue that deployment of such systems should be only allowed on exceptional cases, such as protecting critical infrastructures.
... Natural Language Processing (NLP) which uses data analysis to identify linguistic elements such as for example how grammar indicators can be used to assess phishing emails -use of imperatives, multiple verbs, intensifiers, time-related words, incorrect grammar, typos, lingo etc. [5]. Other social indicators can also be measured by NLP to identifying the sender of a stereotypical phish through, for example, foreign language identification, negative tone, demands and incorrect grammar [6]. URL mismatch is a key indicator that there is a likelihood of criminal intention in phishing email, which is often considered in terms of the destination website which may appear to be a well-known brand destination but links to a different site. ...
... Identifying phishing by picking up on emotion words e.g. urgency, intensity;also used NLP [6] Provides a fine-tuning of NLP by picking out tone e.g. ...
Chapter
Full-text available
Online advertisements delivered via social media platforms function in a similar way to phishing emails. In recent years there has been a growing awareness that political advertisements are being microtargeted and tailored to specific demographics, which is analogous to many social engineering attacks. This has led to calls for total bans on this kind of focused political advertising. Additionally, there is evidence that phishing may be entering a more developed phase using software known as Phishing as a Service to collect information on phishing or social engineering, potentially facilitating microphishing campaigns. To help understand such campaigns, a set of well-defined metrics can be borrowed from the field of digital marketing, providing novel insights which inform phishing email analysis. Our work examines in what ways digital marketing is analogous to phishing and how digital marketing metric techniques can be used to complement existing phishing email analysis. We analyse phishing email datasets collected by the University of Houston in comparison with Corporate junk email and microtargeting Facebook Ad Library datasets, thus comparing these approaches and their results using Weka, URL mismatch and visual metrics analysis. Our evaluation of the results demonstrates that phishing emails can be joined up in unexpected ways which are not revealed using traditional phishing filters. However such microphishing may have the potential to gather, store and analyse social engineering information to be used against a target at a later date in a similar way to microtargeting.
... Hence, it differs from other kinds of cyber-security issues such as malware or intrusion detection due to the unpredictable nature of human beings. Previous works in this domain proposed several solutions mostly focused on detection of masquerade behaviors using machine learning (ML) approaches [5], [18], [15], [13], [17], [25], [26], [30]. Among those, we can identify the two-classes/multiclasses techniques [5], [18], [15], [13], which require labeled malicious samples for the training phase, and therefore consider a certain knowledge of the attacking scenarios for their correct recognition. ...
... Previous works in this domain proposed several solutions mostly focused on detection of masquerade behaviors using machine learning (ML) approaches [5], [18], [15], [13], [17], [25], [26], [30]. Among those, we can identify the two-classes/multiclasses techniques [5], [18], [15], [13], which require labeled malicious samples for the training phase, and therefore consider a certain knowledge of the attacking scenarios for their correct recognition. In contrast to two-classes/multi-classes techniques, there exist one-class approaches [17], [25], [26], [30], which do not require any malicious samples for training, and therefore are advantageous for anomaly detection of a wider range of masquerader behaviors [13], [25]. ...
Conference Paper
Full-text available
Masqueraders are users who take control of a machine and perform malicious activities such as data exfiltration or system misuse on behalf of legitimate users. In the literature, there are various approaches for detecting masqueraders by modeling legitimate users' behavior during their daily tasks and automatically determine whether they are doing something suspicious. Usually, these techniques model user behavior using features extracted from various sources, such as file system, network activities, system calls, etc. In this work, we propose a one-class anomaly detection approach that measures similarities between a history of a user and events recorded in a time window of the user's session which is to be classified. The idea behind our solution is the application of a graph partitioning technique on weighted oriented graphs generated from such event sequences, while considering that strongly connected nodes have to belong into the same cluster. First, a history of vertex clusters is build per each user and then this history is compared to a new input by using a similarity function, which leads either to the acceptance or rejection of a new input. This makes our approach substantially different from existing general graph-based approaches that consider graphs as a single entity. The approach can be applied for different kinds of homogeneous event sequences; however, successful application of the approach will be demonstrated on file system access events only. The linear time complexity of the approach was demonstrated in the experiments and the performance evaluation was done using two state-of-the-art datasets - WUIL and TWOS - both of them containing file system access logs of legitimate users and masquerade attackers; for WUIL dataset we achieved an average per-user AUC of 0.94, a TPR over 95%, and a FPR less than 10%, while for TWOS dataset we achieved an average per-user AUC of 0.851, a TPR over 91% and a FPR around 11%.
... Hence, it differs from other kinds of cyber-security issues such as malware or intrusion detection due to the unpredictable nature of human beings. Previous works in this domain proposed several solutions mostly focused on detection of masquerade behaviors using machine learning (ML) approaches [5], [18], [15], [13], [17], [25], [26], [30]. Among those, we can identify the two-classes/multiclasses techniques [5], [18], [15], [13], which require labeled malicious samples for the training phase, and therefore consider a certain knowledge of the attacking scenarios for their correct recognition. ...
... Previous works in this domain proposed several solutions mostly focused on detection of masquerade behaviors using machine learning (ML) approaches [5], [18], [15], [13], [17], [25], [26], [30]. Among those, we can identify the two-classes/multiclasses techniques [5], [18], [15], [13], which require labeled malicious samples for the training phase, and therefore consider a certain knowledge of the attacking scenarios for their correct recognition. In contrast to two-classes/multi-classes techniques, there exist one-class approaches [17], [25], [26], [30], which do not require any malicious samples for training, and therefore are advantageous for anomaly detection of a wider range of masquerader behaviors [13], [25]. ...
Preprint
Full-text available
Masqueraders are users who take control of a machine and perform malicious activities such as data exfiltration or system misuse on behalf of legitimate users. In the literature, there are various approaches for detecting masqueraders by modeling legitimate users' behavior during their daily tasks and automatically determine whether they are doing something suspicious. Usually, these techniques model user behavior using features extracted from various sources, such as file system, network activities, system calls, etc. In this work, we propose a one-class anomaly detection approach that measures similarities between a history of a user and events recorded in a time window of the user's session which is to be classified. The idea behind our solution is the application of a graph partitioning technique on weighted oriented graphs generated from such event sequences, while considering that strongly connected nodes have to belong into the same cluster. First, a history of vertex clusters is build per each user and then this history is compared to a new input by using a similarity function, which leads either to the acceptance or rejection of a new input. This makes our approach substantially different from existing general graph-based approaches that consider graphs as a single entity. The approach can be applied for different kinds of homogeneous event sequences; however, successful application of the approach will be demonstrated on file system access events only. The linear time complexity of the approach was demonstrated in the experiments and the performance evaluation was done using two state-of-the-art datasets - WUIL and TWOS - both of them containing file system access logs of legitimate users and masquerade attackers; for WUIL dataset we achieved an average per-user AUC of 0.94, a TPR over 95%, and a FPR less than 10%, while for TWOS dataset we achieved an average per-user AUC of 0.851, a TPR over 91% and a FPR around 11%.
... Kandias et. al. proposed a methodology to detect users holding a negative attitude towards authorities using social activities analysis by machine learning approaches for social network applications [12]. Agent-based modeling is an approach to detect/predict user behaviour and decisions in different scenarios as analyzed by [23]. ...
... In Social Perspective, authors proposed a framework for insider threat prediction and detection using individuals social activities. Mitigation of insider threat and provision of a threat control method is covered in [12] but insider attack avoidance approaches are missing. Geo-Social access control framework proposed to predict and prevent insider threat by using social analysis of employees [2]. ...
Conference Paper
Full-text available
Cloud computing is now among the most extensively used mean for resource sharing as SaaS, PaaS, and IaaS. Computing Scenarios have been emerged into cloud computing instead of distributed computing. It has provided an efficient and flexible way for dynamic services meeting needs and challenges of the time in cost effective manners. Virtual environments provided the opportunity to migrate traditional systems to the cloud. Cloud service providers and Administrators generally have full access on Virtual Machines (VMs) whereas tenants have limited access on respective VMs. Cloud Admins as well as remote administrators also have full access rights on respective resources and may pose severe insiders threats on which tenants haven shown their concerns. Securing these resources are the key issues. In this paper, available practices for cloud security are investigated and a self-managed framework is introduced to mitigate malicious insider threats posed to these virtual environments.
... As far as data privacy is concerned, it is demonstrated that Cambridge Analytica is still alive and we can export people's behavioural characteristics without their consent just by acquiring publicly available data (Pitropakis et al., 2020;Kandias et al., 2013;Isaak & Hanna, 2018). This information, being public and anonymized, is exempt from the request for approval by an ethics committee (Eysenbach & Till, 2001). ...
Article
Full-text available
With the growth that social networks have experienced in recent years, it is entirely impossible to moderate content manually. Thanks to the different existing techniques in natural language processing, it is possible to generate predictive models that automatically classify texts into different categories. However, a weakness has been detected concerning the language used to train such models. This work aimed to develop a predictive model based on BERT, capable of detecting racist and xenophobic messages in tweets written in Spanish. A comparison was made with different Deep Learning models. A total of five predictive models were developed, two based on BERT and three using other deep learning techniques, CNN, LSTM and a model combining CNN + LSTM techniques. After exhaustively analyzing the results obtained by the different models, it was found that the one that got the best metrics was BETO, a BERT-based model trained only with texts written in Spanish. The results of our study show that the BETO model achieves a precision of 85.22% compared to the 82.00% precision of the mBERT model. The rest of the models obtained between 79.34% and 80.48% precision. On this basis, it has been possible to justify the vital importance of developing native transfer learning models for solving Natural Language Processing (NLP) problems in Spanish. Our main contribution is the achievement of promising results in the field of racism and hate speech in Spanish by applying different deep learning techniques.
... -YouTube is large source of public videos where opinions can be expressed freely; -It is also a source of different type of religions for spreading their views and thoughts using public videos. It is not only an entertainment source, but it is a source of learning, thoughts, and changing behavior of any person thoughts; -YouTube videos and comments contain some characteristics and the appropriate phraseology of interest [19] [12]; -YouTube often contain contents which are used to change human mind towards religions, because people are free to express their negative attitude towards any religions; -Generally, users join YouTube to participate. ...
Article
On YouTube, billions of videos are watched online and millions of short messages are posted each day. YouTube along with other social networking sites are used by individuals and extremist groups for spreading hatred among users. In this paper, we consider religion as the most targeted domain for spreading hate speech among people of different religions. We present a methodology for the detection of religion-based hate videos on YouTube. Messages posted on YouTube videos generally express the opinions of users’ related to that video. We provide a novel dataset for religious hate speech detection on Youtube comments. The proposed methodology applies data mining techniques on extracted comments from religious videos in order to filter religion-oriented messages and detect those videos which are used for spreading hate. The supervised learning algorithms: Support Vector Machine (SVM), Logistic Regression (LR), and k-Nearest Neighbor (k-NN) are used for baseline results.
... Likewise, social media open APIs were also used in the past way before the Cambridge Analytica scandal emerged for insider threat prediction or detection [29]. Kandias et al. [30][31][32] gathered publicly available data from Twitter and created a taxonomy to classify users based on their usage intensity, Klout score and influence. They were also able to gather YouTube comments and classify them using Machine Learning techniques, determining political affiliation and predisposition to law enforcement. ...
Article
Full-text available
The proliferation of social media platforms changed the way people interact online. However, engagement with social media comes with a price, the users’ privacy. Breaches of users’ privacy, such as the Cambridge Analytica scandal, can reveal how the users’ data can be weaponized in political campaigns, which many times trigger hate speech and anti-immigration views. Hate speech detection is a challenging task due to the different sources of hate that can have an impact on the language used, as well as the lack of relevant annotated data. To tackle this, we collected and manually annotated an immigration-related dataset of publicly available Tweets in UK, US, and Canadian English. In an empirical study, we explored anti-immigration speech detection utilizing various language features (word n-grams, character n-grams) and measured their impact on a number of trained classifiers. Our work demonstrates that using word n-grams results in higher precision, recall, and f-score as compared to character n-grams. Finally, we discuss the implications of these results for future work on hate-speech detection and social media data analysis in general.
... Although promising, existing studies remain narrow in focus, dealing mainly with text analysis using LIWC. An exception to this commonality is the framework proposed by Kandias, Stavrou, Bozovic, Mitrou, and Gritzalis (2013), that aimed to examine insiders' motivation by analyzing the content they generated and made public online. In their study, the researchers compared the performance of several machine learning techniques in classifying YouTube comments. ...
Article
Full-text available
An insider threat is a threat that comes from people within the organization being attacked. It can be described as a function of the motivation, opportunity, and capability of the insider. Compared to managing the dimensions of opportunity and capability, assessing one's motivation in committing malicious acts poses more challenges to organizations because it usually involves a more obtrusive process of psychological examination. The existing body of research in psycholinguistics suggests that automated text analysis of electronic communications can be an alternative for predicting and detecting insider threat through unobtrusive behavior monitoring. However, a major challenge in employing this approach is that it is difficult to minimize the risk of missing any potential threat while maintaining an acceptable false alarm rate. To deal with the trade-off between the risk of missed catches and the false alarm rate, we propose a unified psycholinguistic framework that consolidates multiple text analyzers to carry out sentiment analysis, emotion analysis, and topic modeling on electronic communications for unobtrusive psychological assessment. The user scenarios presented in this paper demonstrated how the trade-off issue can be attenuated with different text analyzers working collaboratively to provide more comprehensive summaries of users' psychological states.
... For the purpose of assessing the trustworthiness of entities such as actors or documents, Mayhew et al. [2015] proposed behavior-based access control (BBAC), which is based on a sequential combination of k-means clustering and SVM. Dealing with NLP in comments of YouTube users, Kandias et al. [2013] employed SVM, logistic regression, and Naïve Bayes classifiers in order to predict users with negative/radical political attitudes, assuming these attitudes to be precursors of insider threat. ...
Preprint
Full-text available
Insider threats are one of today's most challenging cybersecurity issues that are not well addressed by commonly employed security solutions. Despite several scientific works published in this domain, we argue that the field can benefit from the proposed structural taxonomy and novel categorization of research that contribute to the organization and disambiguation of insider threat incidents and the defense solutions used against them. The objective of our categorization is to systematize knowledge in insider threat research, while leveraging existing grounded theory method for rigorous literature review. The proposed categorization depicts the workflow among particular categories that include: 1) Incidents and datasets, 2) Analysis of attackers, 3) Simulations, and 4) Defense solutions. Special attention is paid to the definitions and taxonomies of the insider threat; we present a structural taxonomy of insider threat incidents, which is based on existing taxonomies and the 5W1H questions of the information gathering problem. Our survey will enhance researchers' efforts in the domain of insider threat, because it provides: a) a novel structural taxonomy that contributes to orthogonal classification of incidents and defining the scope of defense solutions employed against them, b) an updated overview on publicly available datasets that can be used to test new detection solutions against other works, c) references of existing case studies and frameworks modeling insiders' behaviors for the purpose of reviewing defense solutions or extending their coverage, and d) a discussion of existing trends and further research directions that can be used for reasoning in the insider threat domain.
...  Real-world system log data [21]  Real data injected with synthetic anomalies [22]  Game-theoretic approach (GTA) [23]  Social media data Simulated data drawn from stochastic models [24]  Simulated data drawn from stochastic models which are developed from real data In academic literature, mostly behavior -based modeling has been presented to detect insider threat. This model can be grouped to system behaviors and user behaviors. ...
... It presents a theoretical work that consists in defining formally an opinion-oriented model. We have experimented by using it in order to rank forum messages from the most to the least interesting [2,3]. ...
Article
Full-text available
Social media is the collective of online communications channels dedicated to community-based input, interaction, content-sharing and collaboration. Social media has become a central point of a person’s daily life for many people around the world with the ability to be connected to these sites through access to cellphones, tablets, and computers. The ease of sharing information has allowed people to keep in contact with friends and family and keep them updated on life changes, views of various subjects, collaborate on projects, and much more. It has also made it possible for groups or individuals who can unlike or retweet your posts. User’s opinions may be any of forms such as Text, Image, Audio, and video. In this work, take Text format to mining the users’ attitude for the social network. The user may tweet a comment using any of the social media to a particular topic from different place and time. K-Means Clustering is the task of grouping a set of objects in such a way that objects in the same group are more similar to each other than to those in other groups. Popular notions of clusters include groups with small distances among the Cluster members, dense areas of the data space, and intervals of particular statistical distributions. Using clustering techniques we group the similar and dissimilar of users’ attitude.
... Kandias et al. proposed using negative attitudes towards authority as the main psychosocial feature for detecting insider threats, because these attitudes were found to be a main trait of malicious insiders [84]. To extract user attitudes, the authors proposed gathering records of employees' social media activities for analysis [78,79,80]. The authors performed experiments on datasets obtained from crawled YouTube comments. ...
Article
Full-text available
The ability to detect insider threats is important for many organisations. However, the field of insider threat detection is not well understood. In this paper, we survey existing insider threat detection mechanisms to provide a better understanding of the field.We identify and categorise insider behaviours into four classes - biometric behaviours, cyber behaviours, communication behaviours, and psychosocial behaviours. Each class is further comprised of several independent research fields of anomaly detection. Our survey reveals that there is significant scope for further research in many of those research fields, with many machine learning algorithms and features that have not been explored. We identify and summarise the unexplored areas as future directions.
... There are three basic approaches to the study of malicious behavior in OSNs: (i) focusing on link analysis (URLs, clickstreams, etc.) [9], (ii) focusing on content mining (hash tag mining, comments or status semantics analysis, image processing etc.) [10], and (iii) focusing on networks features (centrality, connectivity, degrees, community detection, shortest path, small world properties, etc.) [11]. Each of these approaches mines different categories of data crawled from online platforms in an attempt to extract valuable insights on the interrelations of the social graph. ...
... Kandias et al. proposed using negative attitudes towards authority as the main psychosocial feature for detecting insider threats, because these attitudes were found to be a main trait of malicious insiders [84]. To extract user attitudes, the authors proposed gathering records of employees' social media activities for analysis [78,79,80]. The authors performed experiments on datasets obtained from crawled YouTube comments. ...
Article
Full-text available
The negotiation of stakeholder values as a collaborative process throughout technology development has been studied extensively within the fields of Computer Supported Cooperative Work and Human-Computer Interaction. Despite their increasing significance for cybersecurity incident response, there is a gap in research on values of importance to the design of open-source intelligence (OSINT) technologies for this purpose. In this paper, we investigate which values and value conflicts emerge due to the application and development of machine learning (ML) based OSINT technologies to assist cyber security incident response operators. For this purpose, we employ a triangulation of methods, consisting of a systematic survey of the technical literature on the development of OSINT artefacts for cybersecurity (N = 73) and an empirical value sensitive design case study, comprising semi-structured interviews with stakeholders (N = 9) as well as a focus group (N = 7) with developers. Based on our results, we identify implications relevant to the research on and design of OSINT artefacts for cybersecurity incident response.
Article
Full-text available
Insider threats are one of today’s most challenging cybersecurity issues that are not well addressed by commonly employed security solutions. In this work, we propose structural taxonomy and novel categorization of research that contribute to the organization and disambiguation of insider threat incidents and the defense solutions used against them. The objective of our categorization is to systematize knowledge in insider threat research while using an existing grounded theory method for rigorous literature review. The proposed categorization depicts the workflow among particular categories that include incidents and datasets, analysis of incidents, simulations, and defense solutions. Special attention is paid to the definitions and taxonomies of the insider threat; we present a structural taxonomy of insider threat incidents that is based on existing taxonomies and the 5W1H questions of the information gathering problem. Our survey will enhance researchers’ efforts in the domain of insider threat because it provides (1) a novel structural taxonomy that contributes to orthogonal classification of incidents and defining the scope of defense solutions employed against them, (2) an overview on publicly available datasets that can be used to test new detection solutions against other works, (3) references of existing case studies and frameworks modeling insiders’ behaviors for the purpose of reviewing defense solutions or extending their coverage, and (4) a discussion of existing trends and further research directions that can be used for reasoning in the insider threat domain.
Chapter
Insider threat has always been an important hidden danger of information system security, and the detection of insider threat is the main concern of information system organizers. Before the anomaly detection, the process of feature extraction often causes a part of information loss, and the detection of insider threats in a single time point often causes false positives. Therefore, this paper proposes a user behavior analysis model, by aggregating user behavior in a period of time, comprehensively characterizing user attributes, and then detecting internal attacks. Firstly, the user behavior characteristics are extracted from the multi-domain features extracted from the audit log, and then the XGBoost algorithm is used to train. The experimental results on a user behavior dataset show that the XGBoost algorithm can be used to identify the insider threats. The value of F-measure is up to 99.96% which is better than SVM and random forest algorithm.
Article
This study examines the evolution of the city of Athens’ destination image from 2005 to 2015, in order to exploit the impact of the recent economic recession on individual perceptions. It uses advanced web content mining to analyze Tripadvisor messages that were posted in Athens Travel Forum. The findings show that the image of Athens has remained positive, facing a significant, but short-term, shift during the first years of the crisis. The findings also reveal that the destination image of Athens is only partially shared by people residing inside and outside Greece, and that non-Greek residents have more favorable perceptions towards the destination. The study expands understanding on destination image literature by demonstrating the normative nature of destination images, which - once established - can be particularly resistant to change, even during long term crises.
Article
Online Social Networks (OSN) are not only a popular communication and entertainment platform but also a means of self-representation. In this paper, we adopt an interdisciplinary approach combining Open Source Intelligence (OSINT) and user-generated content classification techniques with a user-driven stress test as applied to a Greek community of OSN users. The main goal of the paper is to study the chronicity of the stress level users experience, as depicted by OSN user generated content. In order to achieve that, we investigate whether collected data are able to facilitate the process of stress level detection. To this end, we perform unsupervised flat data classification of the user-generated content and formulate two working clusters which classify usage patterns that depict medium-to-low and medium-to-high stress levels respectively. To address the main goal of the paper, we divide user-generated content into chronologically defined sub-periods in order to study potential usage fluctuations over time. To this extent, we follow a process that includes (a) content classification into predefined categories of interest, (b) usage pattern metrics extraction and (c) metrics and clusters utilisation towards usage pattern fluctuation detection both through the prism of users' usual usage pattern and its correlation to the depicted stress level. Such an approach enables detection of time periods when usage pattern deviates from the usual and correlates such deviations to user experienced stress level. Finally, we highlight and comment on the emerging ethical issues regarding the classification of OSN user-generated content.
Article
Full-text available
With the increasing popularity of social network services (SNSs), there have been many attempts to analyze the users of SNSs. By doing so, the characteristics and preferences of the users can be understood, which can help companies provide personalized information and services that they need or are relevant for them. This study aimed to analyze the usage behavior of Korean Twitter users from various perspectives to deepen the understanding of it. For this research goal, an online survey was conducted for the users of Twitter and the data about their actual usage were collected using the open API of Twitter. Factor analysis of the data revealed five factors that explain about 69.3% of the usage variables. It was also investigated how the factors are related to gender, age, and brand preferences. The results showed that the usage behavior of Twitter is largely affected by age (p
Conference Paper
Business process modeling has facilitated modern enterprises to cope with the constant need to increase their productivity, reduce costs and offer competitive products and services. Despite modeling’s and process management’s widespread success, one may argue that it lacks of built-in security mechanisms able to detect and deter threats that may manifest throughout the process. To this end, a variety of different solutions have been proposed by researchers which focus on different threat types. In this paper we examine the insider threat through business processes. Depending on their motives, insiders participating in an organization’s business process may manifest delinquently in a way that causes severe impact to the organization. We examine existing security approaches to tackle down the aforementioned threat in enterprise business processes and propose a preliminary model for a monitoring approach that aims at mitigating the insider threat. This approach enhances business process monitoring tools with information evaluated from Social Media by examining the online behavior of users and pinpoints potential insiders with critical roles in the organization’s processes. Also, this approach highlights the threat introduced in the processes operated by such users. We conclude with some observations on the monitoring results (i.e. psychometric evaluations from the social media analysis) concerning privacy violations and argue that deployment of such systems should be allowed solely on exceptional cases, such as protecting critical infrastructures or monitoring decision making personnel.
Conference Paper
Social media and Web 2.0 have enabled internet users to contribute online content, which may be crawled and utilized for a variety of reasons, from personalized advertising to behaviour prediction/profiling. In this paper, our goal is to present a horror and a success story from the digital world of Social Media, in order to: (a). present a political affiliation profiling method, the Panopticon method, in order to reveal this threat and contribute in raising the social awareness over it. (b). describe an insider threat prediction method by evaluating the predisposition towards law enforcement and authorities, a personal psychosocial trait closely connected to the manifestation of malevolent insiders. The experimental test case of both methodologies is an extensive Greek community of YouTube users. In order to demonstrate our cases, we performed graph theoretic and content analysis of the collected dataset and showed how and what kind of personal data can be derived via data mining on publicly available YouTube data. As both methodologies set user’s privacy and dignity at stake, we provide the reader with an analysis of the legal means for each case, so as to effectively be prevented from a privacy violation threat and also present the exceptional cases, such as the selection of security officers of critical infrastructures, where such methodologies could be used.
Article
Fragmentation has been recently proposed as a promising approach to protect the confidentiality of sensitive associations whenever data need to undergo external release or storage. By splitting attributes among different fragments, fragmentation guarantees confidentiality of the associations among these attributes under the assumption that such associations cannot be reconstructed by re-combining the fragments. We note that the requirement that fragments do not have attributes in common, imposed by previous proposals, is only a necessary, but not sufficient, condition to ensure that information in different fragments cannot be recombined as dependencies may exist among data enabling some form of linkability. In this paper, we identify the problem of improper information leakage due to data dependencies, provide a formulation of the problem based on a natural graphical modeling, and present an approach to tackle it in an efficient and scalable way.
Conference Paper
Full-text available
Social media have widened society’s opportunities for communication, while they offer ways to perform employees’ screening and profiling. Our goal in this paper is to develop an insider threat prediction method by (e)valuating a users’ personality trait of narcissism, which is deemed to be closely connected to the manifestation of malevolent insiders. We utilize graph theory tools in order to detect influence of and usage deviation. Then, we categorize the users according to a proposed taxonomy. Thus we detect individuals with narcissistic characteristics and manage to test groups of people under the prism of group homogeneity. Furthermore, we compare and classify users to larger sub-communities consisting of people of the same profession. The analysis is based on an extensive crawling of Greek users of Twitter. As the application of this method may lead to infringement of privacy rights, its use should be reserved for exceptional cases, such as the selection of security officers or of critical infrastructures decision-making staff.
Conference Paper
Full-text available
In many insider crimes, managers and other coworkers observed that the offenders had exhibited signs of stress, disgruntlement, or other issues, but no alarms were raised. Barriers to using such psychosocial indicators include the inability to recognize the signs and the failure to record the behaviors so that they can be assessed. A psychosocial model was developed to assess an employee's behavior associated with an increased risk of insider abuse. The model is based on case studies and research literature on factors/correlates associated with precursor behavioral manifestations of individuals committing insider crimes. To test the model's agreement with human resources and management professionals, we conducted an experiment with positive results. If implemented in an operational setting, the model would be part of a set of management tools for employee assessment to identify employees who pose a greater insider threat.
Article
Full-text available
The annual incidence of insider attacks continues to grow, and there are indications this trend will continue. While there are a number of existing tools that can accurately identify known attacks, these are reactive (as opposed to proactive) in their enforcement, and may be eluded by previously unseen, adversarial behaviors. This paper proposes an approach that combines Structural Anomaly Detection (SA) from social and information networks and Psychological Profiling (PP) of individuals. SA uses technologies including graph analysis, dynamic tracking, and machine learning to detect structural anomalies in large-scale information network data, while PP constructs dynamic psychological profiles from behavioral patterns. Threats are finally identified through a fusion and ranking of outcomes from SA and PP. The proposed approach is illustrated by applying it to a large data set from a massively multi-player online game, World of War craft (WoW). The data set contains behavior traces from over 350,000 characters observed over a period of 6 months. SA is used to predict if and when characters quit their guild (a player association with similarities to a club or workgroup in non-gaming contexts), possibly causing damage to these social groups. PP serves to estimate the five-factor personality model for all characters. Both threads show good results on the gaming data set and thus validate the proposed approach.
Conference Paper
Full-text available
Smartphones constantly interweave into everyday life, as they accompany individuals in different contexts. Smartphones include a combination of heterogeneous data sources, which can prove essential when combating crime. In this paper we examine potential evidence that may be collected from smartphones. We also examine the available connection channels for evidence transfer during a forensic investigation. We propose a Proactive Smartphone Investigation Scheme that focuses on ad hoc acquisition of smartphone evidence. We also, take into consideration the legal implications of the proposed scheme, as it is essential that the scheme includes prevention mechanisms, so as to protect individuals from misuse by investigators or malicious entities. © 2012 IFIP International Federation for Information Processing.
Conference Paper
Full-text available
Smartphones are multi-purpose ubiquitous devices, which face both, smartphone-specific and typical security threats. This paper describes a method for risk assessment that is tailored for smartphones. The method does not treat this kind of device as a single entity. Instead, it identifies smartphone assets and provides a detailed list of specific applicable threats. For threats that use application permissions as the attack vector, risk triplets are facilitated. The triplets associate assets to threats and permission combinations. Then, risk is assessed as a combination of asset impact and threat likelihood. The method utilizes user input, with respect to impact valuation, coupled with statistics for threat likelihood calculation. Finally, the paper provides a case study, which demonstrates the risk assessment method in the Android platform. © 2012 IFIP International Federation for Information Processing.
Article
Full-text available
Current and former employees, contractors, and other organizational "insiders" pose a substantial threat by virtue of their knowledge of and access to their employers' systems and/or databases and their ability to bypass existing physical and electronic security measures through legitimate means. Previous efforts to study insider incidents have focused on narrow areas of industry and have not examined the incidents from both behavioral and technical perspectives simultaneously. These gaps in the literature have made it difficult for organizations to develop a comprehensive understanding of the insider threat and address the issue from an approach that draws on human resources, corporate security, and information security perspectives. The Secret Service National Threat Assessment Center and the CERT Coordination Center of Carnegie Mellon University's Software Engineering Institute joined efforts to conduct a unique study of insider incidents, the Insider Threat Study (ITS), examining actual cases identified through public reporting or as a computer fraud case investigated by the Secret Service. Each case was analyzed from a behavioral and a technical perspective to identify behaviors and communications in which the insiders engaged -- both online and offline -- prior to and including the insiders' harmful activities. The research focused on the following major topic areas: components of the incident, detection of the incident and identification of the insider, pre-incident planning and communication, nature of harm to the organization, law enforcement and organizational response, characteristics of the insider and the organization, insider background and history, and insider technical expertise and interests. Section 1 of this report presents an overview of the ITS, including its background, scope, and study methods. Section 2 reports the findings and implications specific to research conducted on insider threat cases in the banking and finance sector.
Article
Full-text available
This paper discusses the future of employee privacy in social media.Part I reviews the extant legal landscape with an emphasis on three general areas of employer activity related to employees’ online activities: (1) monitoring and surveillance of employee social media profiles, (2) evaluation of applicants’ social media profiles and online speech in making hiring decisions, and (3) limiting employees’ off-duty online activities.Part II reports the results of an empirical research project into the expectations of young employees regarding the role of social media in the workplace. We asked respondents about a wide range of topics related to social media, such as the extent of personal information they post online, the privacy-protective measures they employ on social media sites, their level of concern regarding their privacy online, and their attitudes and expectations regarding the use of social media in the workplace. Despite granting employers access to information about their private lives by participating online, respondents expect that work life and private life should be generally segregated — and that actions in one domain should not affect the other.Guided by the survey findings and legal examples from international jurisdictions, in Part III we offer workable recommendations designed to protect employees’ desire to maintain some separation between personal and professional contexts.
Conference Paper
Full-text available
ICT outsourcing may introduce several risks. This paper attempts to mitigate this problem by applying an auctio- ning scheme. By adopting the scheme, the involved organiza- tion selects one or more potential outsourced service providers via an auction similar to the FCC spectrum ones. The project is divided in sub-projects, bidders are pre-evaluated, in terms of security and each bid is assessed in terms of cost and appropri- ate security metrics. The bidding process continues according to the auction rules allocating all the sub-projects to the best bidders. The ultimate goal is to achieve upgraded security, while keeping the cost at a reasonable level and meeting adequ- ate security requirements. In this direction our model provokes competition and motivates providers to place superior bids, in terms of security, while providing flexibility to the organizati- on. The auction process is demonstrated through a case study, where the outsourcer is a critical infrastructure organization.
Article
Full-text available
Despite the well documented and emerging insider threat to information systems, there is currently no substantial effort devoted to addressing the problem of internal IT misuse. In fact, the great majority of misuse counter measures address forms of abuse originating from external factors (i.e. the perceived threat from unauthorized users). This paper suggests a new and innovative approach of dealing with insiders that abuse IT systems. The proposed solution estimates the level of threat that is likely to originate from a particular insider by introducing a threat evaluation system based on certain profiles of user behaviour. However, a substantial amount of work is required, in order to materialize and validate the proposed solutions.
Book
Secure Electronic Voting is an edited volume, which includes chapters authored by leading experts in the field of security and voting systems. The chapters identify and describe the given capabilities and the strong limitations, as well as the current trends and future perspectives of electronic voting technologies, with emphasis in security and privacy. Secure Electronic Voting includes state-of-the-art material on existing and emerging electronic and Internet voting technologies, which may eventually lead to the development of adequately secure e-voting systems. This book also includes an overview of the legal framework with respect to voting, a description of the user requirements for the development of a secure e-voting system, and a discussion on the relevant technical and social concerns. Secure Electronic Voting includes, also, three case studies on the use and evaluation of e-voting systems in three different real world environments.
Conference Paper
Cloud computing is an emerging technology paradigm, enabling and facilitating the dynamic and versatile provision of computational resources and services. Even though the advantages offered by cloud computing are several, there still exist second thoughts on the security and privacy of the cloud services. Use of cloud services affects the security posture of organizations and critical infrastructures, therefore it is necessary that new threats and risks introduced by this new paradigm are clearly understood and mitigated. In this paper we focus on the insider threat in cloud computing, a topic which has not received research focus, as of now. We address the problem in a holistic way, differentiating between the two possible scenarios: a) defending against a malicious insider working for the cloud provider, and b) defending against an insider working for an organization which chooses to outsource parts or the whole IT infrastructure into the cloud. We identify the potential problems for each scenario and propose the appropriate countermeasures, in an effort to mitigate the problem.
Article
Assessing risk in interdependent infrastructures is a challenging topic due to its complexity and the nature of critical infrastructures. This paper describes a methodology for assessing the risk of an infrastructure or a sector, taking into account the presence of interdependencies between infrastructures and sectors. Although the proposed methodology is compatible with current information systems practices, our approach focuses on the consequences to the society and not on the infrastructure itself. The methodology is accompanied by a comprehensive case example.
Conference Paper
Insider threat is a major issue in cyber and corporate security. In this paper we study the psychosocial perspective of the insider via social media, Open Source Intelligence, and user generated content classification. Inductively, we propose a prediction method by evaluating the predisposition towards law enforcement and authorities, a personal psychosocial trait closely connected to the manifestation of malevolent insiders. We propose a methodology to detect users holding a negative attitude towards authorities. For doing so we facilitate the use of machine learning techniques and of a dictionary-based approach, so as to detect comments expressing negative attitude. Thus, we can draw conclusions over a user behavior and beliefs via the content the user generated within the limits a social medium. We also use an assumption free flat data representation technique in order to decide over the user's attitude. Furthermore, we compare the results of each method and highlight the common behavior manifested by the users. The demonstration is applied on a crawled community of users on YouTube.
Article
This article, which largely tracks my remarks at Mississippi College's Social Media Symposium, examines expectations of privacy in social media such as weblogs (blogs), Facebook pages, and Twitter tweets. Social media is diverse and ever-diversifying, and while I address some of that complexity, I focus on the core functionality, which provides the groundwork for further conversation as the technology and related social norms develop. As one would expect, just as with our offline communications and other online communications, in some we have an expectation of privacy that is recognized by current law, in some we have an expectation of privacy that should be recognized by current law, and in some we have no legitimate expectation of privacy. The article begins with a short (and personal) history of social media and then discusses the theory of information privacy, after which follows an explanation of, and then application of, the governing constitutional law. This is an area in which statutes should, and to some extent do, expand upon the constitutional floor, and the article ends with a consideration of those statutes and needs for improvements therein, including via statutory frameworks like that recently adopted by the American Bar Association.
Article
The emerging paradigm of ubiquitous computing promises unprecedented levels of support of human activities by information technologies working invisibly in the background and providing their services in an unobtrusive and effortless manner. At the same time, these systems will bring about so far inconceivable levels of surveillance, collection of personal data, their merging and continuous transfer and processing, creating unprecedented threats to privacy and data protection. As a consequence ubiquitous computing is also challenging central human values that are affiliated to privacy, embracing items like individual autonomy, democracy or societal sustainability. The inherent threats to privacy have been recognised from the very beginning of the development of this vision and numerous attempts have been undertaken to reconcile the obviously conflicting objectives of ubiquitous computing and the principles of current data protection. The core of contemporary data protection is based on a general limitation of the generation, processing and use of personally identifiable data, supplemented by sets of rules which define exceptions from the general prohibition and regulate these specific cases. A major stream of efforts to preserve privacy under the new technological regime focused on the integration of privacy protection principles into ubiquitous computing technologies; in more recent times, the suitability of current regulatory framework for the emerging new paradigm of information technologies moved closer to the centre of attention. Both directions, the development of privacy enhancing, ubiquitous computing technologies and adaptations of legislation to accommodate the enormous threats for privacy possess certain mitigating potentials, but are either insufficient or incompatible with the core objectives of the new technical paradigm. Measures that are sufficient to confront the vision of ubiquitous computing with more than an illusion of privacy will probably also require changes in the paradigm of current data protection principles and a reshaping of the vision towards societal sustainability.
Article
The current study examined differences between individuals self-reporting computer-related deviant behaviors and those reporting no computer-related deviant behaviors. The study focused on the Big-5 personality characteristics, moral decision making, and exploitive manipulative amoral dishonesty characteristics. It was hypothesized that computer deviants would be more introverted, exploitive and manipulative, neurotic, less open to experience, and lower on social moral choice than individuals not reporting deviant computer-related behavior. As predicted, computer deviants scored lower on social moral choice and were more exploitive and manipulative. Implications of these findings and suggestions for further research in this area are discussed.
Article
The practices of public surveillance, which include the monitoring of individuals in public through a variety of media (e.g., video, data, online), are among the least understood and controversial challenges to privacy in an age of information technologies. The fragmentary nature of privacy policy in the United States reflects not only the oppositional pulls of diverse vested interests, but also the ambivalence of unsettled intuitions on mundane phenomena such as shopper cards, closed-circuit television, and biometrics. This Article, which extends earlier work on the problem of privacy in public, explains why some of the prominent theoretical approaches to privacy, which were developed over time to meet traditional privacy challenges, yield unsatisfactory conclusions in the case of public surveillance. It posits a new construct, "contextual integrity," as an alternative benchmark for privacy, to capture the nature of challenges posed by information technologies. Contextual integrity ties adequate protection for privacy to norms of specific contexts, demanding that information gathering and dissemination be appropriate to that context and obey the governing norms of distribution within it. Building on the idea of "spheres of justice," developed by political philosopher Michael Walzer, this Article argues that public surveillance violates a right to privacy because it violates contextual integrity; as such, it constitutes injustice and even tyranny.
Article
Privacy is a concept in disarray. Nobody can articulate what it means. As one commentator has observed, privacy suffers from an embarrassment of meanings. Privacy is far too vague a concept to guide adjudication and lawmaking, as abstract incantations of the importance of privacy do not fare well when pitted against more concretely-stated countervailing interests. In 1960, the famous torts scholar William Prosser attempted to make sense of the landscape of privacy law by identifying four different interests. But Prosser focused only on tort law, and the law of information privacy is significantly more vast and complex, extending to Fourth Amendment law, the constitutional right to information privacy, evidentiary privileges, dozens of federal privacy statutes, and hundreds of state statutes. Moreover, Prosser wrote over 40 years ago, and new technologies have given rise to a panoply of new privacy harms. A new taxonomy to understand privacy violations is thus sorely needed. This article develops a taxonomy to identify privacy problems in a comprehensive and concrete manner. It endeavors to guide the law toward a more coherent understanding of privacy and to serve as a framework for the future development of the field of privacy law.
Chapter
The notion of insider has multiple facets. An organization needs to identify which ones to respond to. The selection, implementetion and maintenance of information security countermeasures requires a complex combination of organisational policies, functions and processes, which form Information Security Management. This chapter examines the role of current information security management practices in addressing the insider threat. Most approaches focus on frameworks for regulating insider behaviour and do not allow for the various cultural responses to the regulatory and compliance framework. Such responses are not only determined by enforcement of policies and awareness programs, but also by various psychological and organisational factors at an individual or group level. Crime theories offer techniques that focus on such cultural responses and can be used to enhance the information security management design. The chapter examines the applicability of several crime theories and concludes that they can contribute in providing additional controls and redesign of information security management processes better suited to responding to the insider threat.
Article
SPam over Internet Telephony (SPIT) is a potential source of future annoyance in Voice over IP (VoIP) systems. A typical way to launch a SPIT attack is the use of an automated procedure (i.e., bot), which generates calls and produces unsolicited audio messages. A known way to protect against SPAM is a Reverse Turing Test, called CAPTCHA (Completely Automated Public Turing Test to Tell Computer and Humans Apart). In this paper, we evaluate existing audio CAPTCHA, as this type of format is more suitable for VoIP systems, to help them fight bots. To do so, we first suggest specific attributes-requirements that an audio CAPTCHA should meet in order to be effective. Then, we evaluate this set of popular audio CAPTCHA, and demonstrate that there is no existing implementation suitable enough for VoIP environments. Next, we develop and implement a new audio CAPTCHA, which is suitable for SIP-based VoIP telephony. Finally, the new CAPTCHA is tested against users and bots and demonstrated to be efficient.
Conference Paper
The adoption of smartphones, devices transforming from simple communication devices to smart and multipurpose devices, is constantly increasing. Amongst the main reasons for their vast pervasiveness are their small size, their enhanced functionality, as well as their ability to host many useful and attractive applications. Furthermore, recent studies estimate that application installation in smartphones acquired from official application repositories, such as the Apple Store, will continue to increase. In this context, the official application repositories might become attractive to attackers trying to distribute malware via these repositories. The paper examines the security inefficiencies related to application distribution via application repositories. Our contribution focuses on surveying the application management procedures enforced during application distribution in the popular smartphone platforms (i.e. Android, Black-Berry, Apple iOS, Symbian, Windows Phone), as well as on proposing a scheme for an application management system suited for secure application distribution via application repositories.
Conference Paper
Information systems face several security threats, some of which originate by insiders. This paper presents a novel, interdisciplinary insider threat prediction model. It combines approaches, techniques, and tools from computer science and psychology. It utilizes real time monitoring, capturing the user’s technological trait in an information system and analyzing it for misbehavior. In parallel, the model is using data from psychometric tests, so as to assess for each user the predisposition to malicious acts and the stress level, which is an enabler for the user to overcome his moral inhibitions, under the condition that the collection of such data complies with the legal framework. The model combines the above mentioned information, categorizes users, and identifies those that require additional monitoring, as they can potentially be dangerous for the information system and the organization.
Article
Insider threat is widely recognised as an issue of utmost importance for IS security management. In this paper, we investigate the approach followed by ISO17799, the dominant standard in IS security management, in addressing this type of threat. We unfold the criminology theory that has designated the measures against insider misuse suggested by the standard, i.e. the General Deterrence Theory, and explore the possible enhancements to the standard that could result from the study of more recent criminology theories. The paper concludes with supporting the argument for a multiparadigm and multidisciplinary approach towards IS security management and insider threat mitigation.
Article
Studies have shown a connection between the individual personality of the user and the way he or she behaves on line. Today many millions of people around the world are connected by being members of various Internet social networks. Ross et al. (2009) studied the connection between the personality of the individual users and their behavior on a social network. They based their study on the self-reports of users of Facebook, one of the most popular social networks, and measured five personality factors using the NEO-PI-R (Costa & McCrae, 1992) questionnaire. They found that while there was a connection between the personalities of surfers and their behavior on Facebook, it was not strong. This study is based on that of Ross et al. (2009), but in our study the self-reports of subjects, were replaced by more objective criteria, measurements of the user-information upload on Facebook. A strong connection was found between personality and Facebook behavior. Implications of the results are discussed.
Article
A considerable research stream in information systems security has elaborated several propositions as to how privacy and anonymity can be protected, the most prominent of which make use of encryption and digital signing. Since privacy protection is a persistent topic in most electronically performed activities, the icreasing popularity of Internet has driven researchers to approach privacy protection in a holistic way. As a result, privacy-enhancing technologies have been put forth, aiming at protecting users against privacy and anonymity threats and vulnerabilities. Nowadays, that privacy protection has to be incorporated in most IT applications is one of the least controversial statements. This paper describes Privacy Protector, a technological means for enhancing privacy in an IT application development process. Privacy Protector comprises of a set of software services that have been built upon generic, privacy-focused user requirements. The paper also describes an API that can be used for incorporating Privacy Protector in the development framework of an IT application.
Article
Past studies suggest that computer security countermeasures such as security policies, systems, and awareness programs would be effective in preventing computer abuse in organizations. They are based on the general deterrence theory, which posits that when an organization implements countermeasures that threaten abusers, its computer abuse problems would be deterred. However, computer abuse problems persist in many organizations despite these measures. This article proposes a new model of computer abuse that extends the traditional model with the social criminology theories. Focusing on computer abuse within organizations, the model explains the phenomenon through social lenses such as social bonds and social learning. The new model contributes to our theoretical body of knowledge on computer abuse by providing a new angle for approaching the problem. It suggests to practitioners that both technical and social solutions should be implemented to reduce the pervasive computer abuse problems.
Article
Participation in online social networking sites (hereafter "OSNS") has dramatically increased in recent years. Services such as the well known Facebook and Myspace but also Frienster, WAYN, Bebo, Google's Orkut and many others have millions of registered active users and are continuously growing. The most common model of such sites is based on the presentation of the participants' profiles and the visualisation of their network of relations to others. Also, OSNS connect participants' profiles to their public identities, using real names and other real-world identification signs (like pictures, videos, e-mail addresses, etc.) in order to enable interaction and communication between real-world subjects. Hence, a site like Facebook cannot purely be considered as a playground for "virtual bodies" in which identities are flexible and disconnected from "real-world bodies". Not only is the provision of accurate, current and complete registration information from the users encouraged, it is even required by Facebook's terms of use. This requirement, along with the service's mission of organizing the real social life of its members, provides important incentives for users to publish only real and valid information about themselves. This accurate information being provided, privacy threats derive from interactions on Facebook. In this paper, I argue that the main privacy risk on Facebook is the one of "de-contextualization" of the information provided by the participants. According to me, this "de-contextualization" threat is due to three major characteristics of Facebook: 1) the simplification of social relations, 2) the large information dissemination and 3) the network globalization and normalization effects of Facebook. The "de-contextualization" phenomenon not only threatens the right to data protection, meaning the right to control the informational identity a Human being projects in a certain context. More fundamentally it threatens the right to privacy as a Human right: the right of the human being to be a conscious multiple and relational self without unjustified discrimination.
Article
In the last decade we have seen a dramatic shift away from sociological explanations of deviant behavior toward developing theoretical perspectives on societal reactions to and definitions of deviance and crime. Labeling and conflict formulations have become major foci of sociological theorizing as well as the sounding boards for most of the controversy and discourse in the field of deviance. This shift in focus was deemed necessary to redress the previous imbalance of attention to the deviant behavior itself (Akers, 1968), and it clearly has had that effect. Unfortunately, it also has led to the neglect of theoretical developments in the etiology of deviant behavior. Neither labeling nor conflict perspectives has offered a general explanation of deviant behavior, although some conflict theorists have offered preliminary but incomplete efforts in that direction (Taylor, et al., 1973; Spitzer, 1975). There have been other efforts directed toward explaining deviant behavior, but these have been fairly narrow in scope; they have usually been limited either to a specific type of deviant behavior or to a restricted range of substantive variables. For example, a good deal of attention has been paid to the modern resurrection of deterrence theory (Gibbs, 1975; 1977; Waldo and Chiricos, 1972, Tittle, 1975; Silberman, 1976; Erickson et al., 1977; Meier and Johnson, 1977; Geerken and Gove, 1977). The scope of deterrence theory has been changed little, however, since its statement by the classical criminologists two centuries ago and is limited to the actual or perceived certainty, severity, and celerity of formally administered legal sanctions for violations of the criminal law. Another example is Travis Hirschi’ s (1969) control (social bonding) theory which is a more general explanation of deviance than deterrence theory, but which is, in turn, primarily restricted to informal social control which comes from individuals being bonded to groups and institutions.
Article
To investigate whether the long-term preservation of the authenticity of electronic healthcare records (EHR) is possible. To propose a mechanism that enables the secure validation of an EHR for long periods, far beyond the lifespan of a digital signature and at least as long as the lifetime of a patient. The study is based on the fact that although the attributes of data authenticity, i.e. integrity and origin verifiability, can be preserved by digital signatures, the necessary period for the retention of EHRs is far beyond the lifespan of a simple digital signature. It is identified that the lifespan of signed data is restricted by the validity period of the relevant keys and the digital certificates, by the future unavailability of signature-verification data, and by suppression of trust relationships. In this paper, the notarization paradigm is exploited, and a mechanism for cumulative notarization of signed EHR is proposed. The proposed mechanism implements a successive trust transition towards new entities, modern technologies, and refreshed data, eliminating any dependency of the relying party on ceased entities, obsolete data, or weak old technologies. The mechanism also exhibits strength against various threat scenarios. A future relying party will have to trust only the fresh technology and information provided by the last notary, in order to verify the authenticity of an old signed EHR. A Cumulatively Notarized Signature is strong even in the case of the compromise of a notary in the chain.
Predicting the insider threat via social media: The youtube case
  • M Kandias
  • V Stavrou
  • N Bosovic
  • D Gritzalis
Kandias, M., Stavrou, V., Bosovic, N., and Gritzalis, D., "Predicting the insider threat via social media: The YouTube case", 12 th Workshop on Privacy in the Electronic Society, 2013.
Privacy, Accountability and Trust: Challenges and Opportunities
  • C Castelluccia
  • P Druschel
  • S Hübner
  • A Pasic
  • B Preneel
  • H Tschofenig
Castelluccia, C., Druschel, P., Hübner, S., Pasic, A., Preneel, B., and Tschofenig, H., " Privacy, accountability and trust: Challen-ges and opportunities ", Technical Report, ENISA, 2011.
Towards an interdisciplinary infosec education model
  • D Gritzalis
  • M Theoharidou
  • E Kalimeri
Gritzalis, D., Theoharidou, M., and Kalimeri, E., "Towards an interdisciplinary InfoSec education model", 4 th IFIP World Conference on Information Security Education, pp. 22-35, 2005.
Which side are you on? A new Panopticon vs privacy
  • M Kandias
  • L Mitrou
  • V Stavrou
  • D Gritzalis
Proactive insider threat detection through graph learning and psychological context
  • O Brdiczka
  • J Liu
  • B Price
  • J Shen
  • A Patil
  • R Chow
  • N Ducheneaut
Brdiczka, O., Liu, J., Price, B., Shen, J., Patil, A., Chow, R., and Ducheneaut, N., "Proactive insider threat detection through graph learning and psychological context", 33 rd IEEE Symposium on Security and Privacy, IEEE, pp. 142-149, 2012.
The Insider Threat: An introduction to detecting and deterring an insider spy
  • Fbi
FBI, "The Insider Threat: An introduction to detecting and deterring an insider spy", 2012. http://www.fbi.gov/about-us/ investigate/counterintelligence/ the-insider-threat.
  • C Castelluccia
  • P Druschel
  • S Hübner
  • A Pasic
  • B Preneel
  • H Tschofenig
Castelluccia, C., Druschel, P., Hübner, S., Pasic, A., Preneel, B., and Tschofenig, H., "Privacy, accountability and trust: Challenges and opportunities", Technical Report, ENISA, 2011.
Which side are you on? A new Panopticon vs privacy
  • kandias
Towards an interdisciplinary infosec education model
  • gritzalis