Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data

The problem of insider threat is receiving increasing attention both within the computer science community as well as government and industry. This paper starts by presenting a broad, multidisciplinary survey of insider threat capturing contributions from computer scientists, psychologists, criminologists, and security practitioners. Subsequently, we present the behavioral analysis of insider threat (BAIT) framework, in which we conduct a detailed experiment involving 795 subjects on Amazon Mechanical Turk (AMT) in order to gauge the behaviors that real human subjects follow when attempting to exfiltrate data from within an organization. In the real world, the number of actual insiders found is very small, so supervised machine-learning methods encounter a challenge. Unlike past works, we develop bootstrapping algorithms that learn from highly imbalanced data, mostly unlabeled, and almost no history of user behavior from an insider threat perspective. We develop and evaluate seven algorithms using BAIT and show that they can produce a realistic (and acceptable) balance of precision and recall.