Software to Pre-empt the Insider Threat
Researchers at the Air Force Institute of Technology at Wright Patterson Air Force Base have been working on a method to identify threats from individuals inside of an organization based on changes in the words and terms certain people might use in their emails.
Apparently, by using data mining techniques to examine emails and develop a picture of a social network within an organization, Gilbert Peterson and his associates are confident that their work could help companies or organizations organization sniff out insider threats by analyzing e-mail activity or find individuals among potentially tens of thousands of employees with latent interests in sensitive topics.
Peterson and his colleagues have developed an approach to assist investigators looking for such insider threats based on an extended version of Probabilistic Latent Semantic Indexing (PLSI). This extended technology is designed to be able to determine individuals’ interests from emails and then graph the social network that shows their various interactions. By using this technique, Peterson’s team suggests that people who have previously been interested in sensitive topics without communicating with others within the organization are often the ones to be the likely “insider threat.”The abstract of the paper:
Despite a technology bias that focuses on external electronic threats, insiders pose the greatest threat to an organisation. This paper discusses an approach to assist investigators in identifying potential insider threats. We discern employees' interests from e-mail using an extended version of PLSI. These interests are transformed into implicit and explicit social network graphs, which are used to locate potential insiders by identifying individuals who feel alienated from the organisation or have a hidden interest in a sensitive topic. By applying this technique to the Enron e-mail corpus, a small number of employees appear as potential insider threats.
It is interesting that the software was tested on emails from Enron, and was able to identify certain individuals likely to be an insider threat. But generally, insiders pose serious threats to all types of organizations ranging from multinational companies to military installations. As I posted a few weeks ago, however, nothing can stop a disgruntled employ from doing damage.