Towards Flexible and Realistic Insider Mission Simulation

Open Access
Author:
Zhang, Tao
Graduate Program:
Information Sciences and Technology
Degree:
Master of Science
Document Type:
Master Thesis
Date of Defense:
May 16, 2018
Committee Members:
  • Peng Liu, Thesis Advisor
  • Sencun Zhu, Committee Member
  • Anna Cinzia Squicciarini, Committee Member
Keywords:
  • Insider threat
  • Insider mission
  • Mission dimension
  • Business process
  • Insider mission simulation
Abstract:
ABSTRACT With the widespread application of information technology, organizations rely more and more on networked information system to manage their daily affairs. As a result, modern organizations are increasingly vulnerable to insider threat. Insider incidences happen more and more frequently and cause significant losses. Consequently, insider attacks have become a growing concern in security area. Lacking real world insider threat data, researches in insider threat have been seriously constrained. In this paper, we are going to introduce a simulation framework to help simulate organizational behavior with insider mission performed internally. With simulated insider mission, we are able to generate insider threat data based on the event logs of our simulator. In addition to event log, we can provide all the ground truth information regarding the malicious insider, intranet system and organization. In the paper, we will also present and discuss the measures taken to achieve high-fidelity insider threat data. In addition, we construct insider mission simulator to be flexible, offering various insider mission scenarios and attacking strategies. Moreover, we are going to incorporate varieties of obfuscation techniques into insider mission simulation. In this way, we can easily generate diverse insider data sets to support test and validation for intrusion detection systems.