Identification of Unintentional Perpetrator Attack Vectors using Simulation Game: A Case Study
Martin Macák, Stefan Bojnak, Barbora Buhnova
Citation: Proceedings of the 16th Conference on Computer Science and Intelligence Systems, M. Ganzha, L. Maciaszek, M. Paprzycki, D. Ślęzak (eds). ACSIS, Vol. 25, pages 349–356 (2021)
Abstract. In our digital era, insider attacks are among the serious underresearched areas of the cybersecurity landscape. A significant type of insider attack is facilitated by employees without malicious intent. They are called unintentional perpetrators. We proposed mitigating these threats using a simulation-game platform to detect the potential attack vectors. This paper introduces and implements a scenario that demonstrates the usability of this approach in a case study. This work also helps to understand players' behavior when they are not told upfront that they will be a target of social engineering attacks. Furthermore, we provide relevant acquired observations for future research.
- J. Hong, J. Kim, and J. Cho, “The trend of the security research for the insider cyber threat,” in Security Technology. Springer Berlin Heidelberg, 2009, pp. 100–107.
- M. Macak, I. Vanát, M. Merjavý, T. Jevočin, and B. Buhnova, “Towards process mining utilization in insider threat detection from audit logs,” in 2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS), 2020, pp. 1–6.
- I. A. Gheyas and A. E. Abdallah, “Detection and prediction of insider threats to cyber security: a systematic literature review and meta-analysis,” Big Data Analytics, vol. 1, no. 1, p. 6, 2016.
- L. Liu, O. De Vel, Q.-L. Han, J. Zhang, and Y. Xiang, “Detecting and preventing cyber insider threats: A survey,” IEEE Communications Surveys & Tutorials, vol. 20, no. 2, pp. 1397–1417, 2018.
- M. Macak, A. Kruzikova, L. Daubner, and B. Buhnova, “Simulation games platform for unintentional perpetrator attack vector identification,” in Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops. ACM, 2020, p. 222–229.
- I. Homoliak, F. Toffalini, J. Guarnizo, Y. Elovici, and M. Ochoa, “Insight into insiders and it: A survey of insider threat taxonomies, analysis, modeling, and countermeasures,” ACM Comput. Surv., vol. 52, no. 2, Apr. 2019. [Online]. Available: https://doi.org/10.1145/3303771
- S. Sinclair and S. W. Smith, “Preventative directions for insider threat mitigation via access control,” in Insider Attack and Cyber Security. Springer, 2008, pp. 165–194.
- T. Shimeall and R. Trzeciak, “Common sense guide to prevention and detection of insider threats,” 01 2008.
- L. Cheng, F. Liu, and D. Yao, “Enterprise data breach: causes, challenges, prevention, and future directions,” WIREs: Data Mining and Knowledge Discovery, vol. 7, no. 5, p. e1211, 2017.
- J. D’Arcy and P.-L. Teh, “Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization,” Information & Management, vol. 56, no. 7, p. 103151, 2019.
- T. Stafford, G. Deitz, and Y. Li, “The role of internal audit and user training in information security policy compliance,” Managerial Auditing Journal, vol. 33, no. 4, pp. 410–424, 2018.
- F. Salahdine and N. Kaabouch, “Social engineering attacks: A survey,” Future Internet, vol. 11, no. 4, p. 89, 2019.
- J. Davis and S. Magrath, “A survey of cyber ranges and testbeds,” DTIC Document, Tech. Rep., 2013.
- J. Vykopal, R. Oslejsek, P. Celeda, M. Vizvary, and D. Tovarnak, “Kypo cyber range: Design and use cases,” in Proceedings of the 12th International Conference on Software Technologies - Volume 1: ICSOFT,, INSTICC. SciTePress, 2017, pp. 310–321.
- MCR, “The Michigan Cyber Range.” [Online]. Available: https: //www.merit.edu/cyberrange/
- L. Rossey, “SimSpace cyber range,” aCSAC 2015 Panel: Cyber Experimentation of the Future (CEF): Catalyzing a New Generation of Experimental Cybersecurity Research.
- R. Weiss, F. Turbak, J. Mache, and M. E. Locasto, “Cybersecurity education and assessment in edurange,” IEEE Security & Privacy, no. 3, pp. 90–95, 2017.
- J. Mirkovic, T. V. Benzel, T. Faber, R. Braden, J. T. Wroclawski, and S. Schwab, “The Deter Project,” 2010.
- C. Pham, D. Tang, K.-i. Chinen, and R. Beuran, “Cyris: A cyber range instantiation system for facilitating security training,” in Proceedings of the Seventh Symposium on Information and Communication Technology, ser. SoICT ’16. New York, NY, USA: ACM, 2016, pp. 251–258.
- R. Beuran, D. Tang, C. Pham, K.-i. Chinen, Y. Tan, and Y. Shinoda, “Integrated framework for hands-on cybersecurity training: CyTrONE,” Computers & Security, vol. 78, pp. 43–59, 2018.
- A. J. Ferguson, “Fostering e-mail security awareness: The west point carronade,” Educause Quarterly, vol. 28, no. 1, pp. 54–57, 2005.
- M. Silic and P. B. Lowry, “Using design-science based gamification to improve organizational security training and compliance,” Journal of Management Information Systems (JMIS)(accepted 01-Aug-2019), 2019.
- W. van der Aalst, Process Mining: Data Science in Action, 2nd ed. Springer Publishing Company, Incorporated, 2016.
- J. E. Cook and A. L. Wolf, “Automating process discovery through event-data analysis,” in Proceedings of the 17th International Conference on Software Engineering, ser. ICSE ’95. New York, NY, USA: Association for Computing Machinery, 1995, p. 73–82.
- A. Datta, “Automating the discovery of as-is business process models: Probabilistic and algorithmic approaches,” Information Systems Research, vol. 9, no. 3, pp. 275–301, 1998.
- R. Agrawal, D. Gunopulos, and F. Leymann, “Mining process models from workflow logs,” in Advances in Database Technology — EDBT’98. Berlin, Heidelberg: Springer Berlin Heidelberg, 1998, pp. 467–483.
- W. van der Aalst, T. Weijters, and L. Maruster, “Workflow mining: Discovering process models from event logs,” IEEE transactions on knowledge and data engineering, vol. 16, no. 9, pp. 1128–1142, 2004.
- B. F. van Dongen, A. A. De Medeiros, and L. Wen, “Process mining: Overview and outlook of petri net discovery algorithms,” in transactions on petri nets and other models of concurrency II. Springer, 2009, pp. 225–242.
- A. Weijters, W. M. van der Aalst, and A. A. De Medeiros, “Process mining with the heuristics miner-algorithm,” Technische Universiteit Eindhoven, Tech. Rep. WP, vol. 166, pp. 1–34, 2006.
- C. W. Günther and W. M. P. van der Aalst, “Fuzzy mining – adaptive process simplification based on multi-perspective metrics,” in Business Process Management. Berlin, Heidelberg: Springer Berlin Heidelberg, 2007, pp. 328–343.
- E. Lamma, P. Mello, M. Montali, F. Riguzzi, and S. Storari, “Inducing declarative logic-based models from labeled traces,” in Business Process Management. Springer Berlin Heidelberg, 2007, pp. 344–359.
- J. Carmona, B. van Dongen, A. Solti, and M. Weidlich, Conformance Checking. Springer, 2018.
- A. Rozinat and W. M. van der Aalst, “Conformance checking of processes based on monitoring real behavior,” Information Systems, vol. 33, no. 1, pp. 64–95, 2008.
- W. van der Aalst, A. Adriansyah, and B. van Dongen, “Replaying history on process models for conformance checking and performance analysis,” Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, vol. 2, no. 2, pp. 182–192, 2012.
- D. Fahland and W. M. van der Aalst, “Model repair—aligning process models to reality,” Information Systems, vol. 47, pp. 220–243, 2015.
- A. Burattin, A. Sperduti, and M. Veluscek, “Business models enhancement through discovery of roles.” in CIDM, 2013, pp. 103–110.
- P. Jaisook and W. Premchaiswadi, “Time performance analysis of medical treatment processes by using disco,” in 13th Int. Conference on ICT and Knowledge Engineering. IEEE, 2015, pp. 110–115.