Threats From Unintentional Insiders: An Assessment of an Organization's Readiness Using Machine Learning

Abstract

Today's organisations are facing a number of challenges, one of the most significant of which is ensuring the safety of their digital data. This is as a result of the fact that they are frequently faced with internal and external threats that can put the data they have been entrusted with in jeopardy of being compromised. As a result of this, this study investigates the dimension of threats associated to unintentional internal user of an organisation and utilises NARX to model and test a detection scheme associated to the menace. In addition, this study aims to provide a better understanding of the current state of the threat landscape. The data adopted for this research is primarily a 'user activity logs' dataset from CERT (release version r4.2). From the data, the study conceptualized 'Access', 'Motivation', and 'Action' to be the key dimensions influencing 'insider', whereas 'Intent', '+Action', 'Method', and 'knowledge' are the key dimension influencing 'threats'. Experimental analyses conducted by NARX within several numbers of partitions of the data point to a good detection capacity, with the greatest value of R2 coming in at 0.97. This indicates that NARX was able to detect the crucial dimension that was formulated for by the research to be the detections parameter of an inadvertent insider threat when operating under the best partition. In light of these findings, organisations can use the proposed approach to assess their preparedness for Insider attacks.