Game Theory for Insider Threat Detection and Mitigation: A Review

Abstract

: Malicious insiders pose serious threat to organizations, institutions, and governments’ critical infrastructure because of their access to confidential data, systems, and resources. This threat, often referred to as the insider threat, is most of the time regarded as a human factor problemoften driven by motivation, opportunity, and capability. As long as the insider problem is treated as a technology problem, the natural recourse for detection and mitigation is to the use of technical and procedural controls. Such an approach is not advisable when confronting strategic human adversaries, since it may fail to account for the dynamic nature of the conflict between the contending parties who happen to be self-interested and intelligent agents. Game theory, with its rich analytical and modelling techniques, offers mathematical tools and procedures that capture the dynamic interplay between the security apparatus of an organization and the malicious insider. This paper presents a literature review of previous works on insider threat detection and mitigation using game theoretic principles