{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,4]],"date-time":"2026-01-04T22:52:57Z","timestamp":1767567177701,"version":"build-2065373602"},"reference-count":49,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2025,1,31]],"date-time":"2025-01-31T00:00:00Z","timestamp":1738281600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100018859","name":"Tamkeen","doi-asserted-by":"publisher","award":["G1104","CG001"],"award-info":[{"award-number":["G1104","CG001"]}],"id":[{"id":"10.13039\/501100018859","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["JCP"],"abstract":"<jats:p>Common data environments (CDEs) are centralized repositories in the architecture, engineering, and construction (AEC) industry designed to improve collaboration and project efficiency. However, CDEs hosted on cloud platforms face significant risks from insider threats, as stakeholders with legitimate access may act maliciously. To address these vulnerabilities, we developed a game-theoretic framework using Bayesian games that account for incomplete information, modeling both simultaneous and sequential interactions between insiders and data defenders. In the simultaneous move game, insiders and defenders act without prior knowledge of each other\u2019s decisions, while the sequential game allows the defender to respond after observing insider actions. Our analysis used Bayesian Nash Equilibrium to predict malicious insider behavior and identify optimal defense strategies for safeguarding CDE data. Through simulation experiments and validation with real project data, we illustrate how various parameters affect insider\u2013defender dynamics. Our results provide insights into effective cybersecurity strategies tailored to the AEC sector, bridging theoretical models with practical applications and supporting data security within the increasingly digitalized construction industry.<\/jats:p>","DOI":"10.3390\/jcp5010005","type":"journal-article","created":{"date-parts":[[2025,2,3]],"date-time":"2025-02-03T09:35:07Z","timestamp":1738575307000},"page":"5","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Mitigating Malicious Insider Threats to Common Data Environments in the Architecture, Engineering, and Construction Industry: An Incomplete Information Game Approach"],"prefix":"10.3390","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-4861-602X","authenticated-orcid":false,"given":"KC","family":"Lalropuia","sequence":"first","affiliation":[{"name":"S.M.A.R.T. Construction Research Group, Division of Engineering, New York University Abu Dhabi (NYUAD), Experimental Research Building, Saadiyat Island, Abu Dhabi P.O. Box 129188, United Arab Emirates"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sanjeev","family":"Goyal","sequence":"additional","affiliation":[{"name":"Division of Social Science, New York University Abu Dhabi (NYUAD), Saadiyat Island, Abu Dhabi P.O. Box 129188, United Arab Emirates"},{"name":"Faculty of Economics, University of Cambridge, Cambridge CB3 9DD, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9613-8105","authenticated-orcid":false,"given":"Borja","family":"Garc\u00eda de Soto","sequence":"additional","affiliation":[{"name":"S.M.A.R.T. Construction Research Group, Division of Engineering, New York University Abu Dhabi (NYUAD), Experimental Research Building, Saadiyat Island, Abu Dhabi P.O. Box 129188, United Arab Emirates"},{"name":"Department of Civil and Urban Engineering, Tandon School of Engineering, New York University (NYU), 6 MetroTech Center, Brooklyn, NY 11201, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dongchi","family":"Yao","sequence":"additional","affiliation":[{"name":"S.M.A.R.T. Construction Research Group, Division of Engineering, New York University Abu Dhabi (NYUAD), Experimental Research Building, Saadiyat Island, Abu Dhabi P.O. Box 129188, United Arab Emirates"},{"name":"Department of Civil and Urban Engineering, Tandon School of Engineering, New York University (NYU), 6 MetroTech Center, Brooklyn, NY 11201, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6851-2462","authenticated-orcid":false,"given":"Muammer Semih","family":"Sonkor","sequence":"additional","affiliation":[{"name":"S.M.A.R.T. Construction Research Group, Division of Engineering, New York University Abu Dhabi (NYUAD), Experimental Research Building, Saadiyat Island, Abu Dhabi P.O. Box 129188, United Arab Emirates"},{"name":"Department of Civil and Urban Engineering, Tandon School of Engineering, New York University (NYU), 6 MetroTech Center, Brooklyn, NY 11201, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,1,31]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"102682","DOI":"10.1016\/j.scs.2020.102682","article-title":"Cyber security threat modeling in the AEC industry: An example for the commissioning of the built environment","volume":"66","author":"Mantha","year":"2021","journal-title":"Sustain. Cities Soc."},{"key":"ref_2","unstructured":"Watson, S. (2023, November 24). Cyber-Security: What Will It Take for Construction to Act? Construction News. Available online: https:\/\/www.constructionnews.co.uk\/tech\/cyber-security-what-will-it-take-for-construction-to-act-22-01-2018\/."},{"key":"ref_3","unstructured":"FinalCode (2016). Managing CAD File Data Leakage Risks in Design-Centric Businesses, FinalCode. Available online: https:\/\/www.finalcode.com\/en\/wp-content\/uploads\/2017\/08\/FC-WP-CAD-ManagingFileDataLeakage-072516d.pdf."},{"key":"ref_4","unstructured":"Sawyer, T., and Rubenstone, J. (2024, February 04). Construction Cybercrime Is on the Rise. Engineering News-Record (ENR). Available online: https:\/\/www.enr.com\/articles\/46832-construction-cybercrime-is-on-the-rise."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"103851","DOI":"10.1016\/j.autcon.2021.103851","article-title":"Distributed common data environment using blockchain and Interplanetary File System for secure BIM-based collaborative design","volume":"130","author":"Tao","year":"2021","journal-title":"Autom. Constr."},{"key":"ref_6","unstructured":"Sonkor, M.S., and Garc\u00eda de Soto, B. (2021, January 20\u201322). Towards Secure Construction Networks: A Data-Sharing Architecture Utilizing Blockchain Technology and Decentralized Storage. Proceedings of the Construction Blockchain Consortium Conference 2021 (CBC2021), London, UK."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"349","DOI":"10.3846\/jcem.2022.16682","article-title":"Cybersecurity Assessment of BIM\/CDE Design Environment Using Cyber Assessment Framework","volume":"28","author":"Turk","year":"2022","journal-title":"J. Civ. Eng. Manag."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"103988","DOI":"10.1016\/j.autcon.2021.103988","article-title":"A systemic framework for addressing cybersecurity in construction","volume":"133","author":"Turk","year":"2022","journal-title":"Autom. Constr."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"04022095","DOI":"10.1061\/(ASCE)CO.1943-7862.0002344","article-title":"Understanding the Significance of Cybersecurity in the Construction Industry: Survey Findings","volume":"148","author":"Turk","year":"2022","journal-title":"J. Constr. Eng. Manag."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Maglaras, L., Janicke, H., and Ferrag, M.A. (2022). Cybersecurity of Critical Infrastructures: Challenges and Solutions. Sensors, 22.","DOI":"10.3390\/s22145105"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1186\/s41044-016-0006-0","article-title":"Detection and prediction of insider threats to cyber security: A systematic literature review and meta-analysis","volume":"1","author":"Gheyas","year":"2016","journal-title":"Big Data Anal."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Hu, P., Li, H., Fu, H., Cansever, D., and Mohapatra, P. (May, January 26). Dynamic defense strategy against advanced persistent threat with insiders. Proceedings of the 2015 IEEE Conference on Computer Communications (INFOCOM), Hong Kong, China.","DOI":"10.1109\/INFOCOM.2015.7218444"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Ni, S., Zou, S., and Chen, J. (2022). Evolutionary Game Model of Internal Threats to Nuclear Security in Spent Fuel Reprocessing Plants Based on RDEU Theory. Sustainability, 14.","DOI":"10.3390\/su14042163"},{"key":"ref_14","unstructured":"Kim, K.-N., Suh, Y.-A., Schneider, E., and Yim, M.-S. (2015, January 7\u20138). Physical Protection System Design Analysis against Insider Threat based on Game Theoretic Modeling. Proceedings of the Transactions of the Korean Nuclear Society Spring Meeting, Jeju, Korea."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"301","DOI":"10.1016\/j.anucene.2017.05.006","article-title":"A study of insider threat in nuclear security analysis using game theoretic modeling","volume":"108","author":"Kim","year":"2017","journal-title":"Ann. Nucl. Energy"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1016\/j.ijcip.2008.08.001","article-title":"Game-theoretic modeling and analysis of insider threats","volume":"1","author":"Liu","year":"2008","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"859","DOI":"10.1016\/j.cose.2010.06.002","article-title":"A game-based intrusion detection mechanism to confront internal attackers","volume":"29","author":"Kantzavelou","year":"2010","journal-title":"Comput. Secur."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"101908","DOI":"10.1016\/j.cose.2020.101908","article-title":"Insider Threat Risk Prediction based on Bayesian Network","volume":"96","author":"Elmrabit","year":"2020","journal-title":"Comput. Secur."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Crampton, J., Jajodia, S., and Mayes, K. (2013, January 9\u201313). Managing the Weakest Link. Proceedings of the Computer Security\u2014ESORICS 2013, Egham, UK.","DOI":"10.1007\/978-3-642-40203-6"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Feng, X., Zheng, Z., Cansever, D., Swami, A., and Mohapatra, P. (2016, January 1\u20133). Stealthy attacks with insider information: A game theoretic model with asymmetric feedback. Proceedings of the MILCOM 2016\u20142016 IEEE Military Communications Conference, Baltimore, MD, USA.","DOI":"10.1109\/MILCOM.2016.7795339"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"502","DOI":"10.1007\/978-3-030-64793-3_28","article-title":"Security Games with Insider Threats","volume":"Volume 12513","author":"Zhu","year":"2020","journal-title":"Decision and Game Theory for Security"},{"key":"ref_22","first-page":"1","article-title":"Mitigating Inadvertent Insider Threats with Incentives","volume":"Volume 5628","author":"Dingledine","year":"2009","journal-title":"Financial Cryptography and Data Security"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Gataullin, T.M., Gataullin, S.T., and Ivanova, K.V. (2020, January 28\u201330). Synergetic Effects in Game Theory. Proceedings of the 2020 13th International Conference \u201cManagement of Large-Scale System Development\u201d (MLSD), Moscow, Russia.","DOI":"10.1109\/MLSD49919.2020.9247673"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"1131","DOI":"10.1109\/TIFS.2020.3029898","article-title":"Insider Threat Modeling: An Adversarial Risk Analysis Approach","volume":"16","author":"Joshi","year":"2021","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Hu, T., Xin, B., Liu, X., Chen, T., Ding, K., and Zhang, X. (2020). Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats. Sensors, 20.","DOI":"10.3390\/s20185297"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Kim, J., Park, M., Kim, H., Cho, S., and Kang, P. (2019). Insider Threat Detection Based on User Behavior Modeling and Anomaly Detection Algorithms. Appl. Sci., 9.","DOI":"10.3390\/app9194018"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Hall, A.J., Pitropakis, N., Buchanan, W.J., and Moradpoor, N. (2018, January 10\u201313). Predicting Malicious Insider Threat Scenarios Using Organizational Data and a Heterogeneous Stack-Classifier. Proceedings of the 2018 IEEE International Conference on Big Data (Big Data), Seattle, WA, USA.","DOI":"10.1109\/BigData.2018.8621922"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Al-Shehari, T., and Alsowail, R.A. (2021). An Insider Data Leakage Detection Using One-Hot Encoding, Synthetic Minority Oversampling and Machine Learning Techniques. Entropy, 23.","DOI":"10.3390\/e23101258"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1109\/TCSS.2014.2377811","article-title":"Behavioral Analysis of Insider Threat: A Survey and Bootstrapped Prediction in Imbalanced Data","volume":"1","author":"Azaria","year":"2014","journal-title":"IEEE Trans. Comput. Soc. Syst."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"660","DOI":"10.1109\/TCSS.2018.2857473","article-title":"Scenario-Based Insider Threat Detection From Cyber Activities","volume":"5","author":"Chattopadhyay","year":"2018","journal-title":"IEEE Trans. Comput. Soc. Syst."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Brdiczka, O., Liu, J., Price, B., Shen, J., Patil, A., Chow, R., Bart, E., and Ducheneaut, N. (2012, January 24\u201325). Proactive Insider Threat Detection through Graph Learning and Psychological Context. Proceedings of the 2012 IEEE Symposium on Security and Privacy Workshops, San Francisco, CA, USA.","DOI":"10.1109\/SPW.2012.29"},{"key":"ref_32","unstructured":"Fudenberg, D., and Tirole, J. (1991). Game Theory, MIT Press."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2480741.2480742","article-title":"Game theory meets network security and privacy","volume":"45","author":"Manshaei","year":"2013","journal-title":"ACM Comput. Surv."},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"601","DOI":"10.1109\/TSC.2014.2363474","article-title":"From RBAC to ABAC: Constructing Flexible Data Access Control for Cloud Storage Services","volume":"8","author":"Zhu","year":"2015","journal-title":"IEEE Trans. Serv. Comput."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Perera, S., Ingirige, B., Ruikar, K., and Obonyo, E. (2017). Innovation in e-business: Issues related to adoption for micro and SME organisations. Advances in Construction ICT and e-Business, Routledge.","DOI":"10.4324\/9781315690698"},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Vasilyevna, N.B. (2008, January 13\u201315). An RBAC Design with Discretionary and Mandatory Features. Proceedings of the 2008 International Symposium on Ubiquitous Multimedia Computing, Hobart, Australia.","DOI":"10.1109\/UMC.2008.60"},{"key":"ref_37","unstructured":"Autodesk (2023, April 09). Security Whitepaper. Available online: https:\/\/construction.autodesk.com\/resources\/guides\/acc-security-whitepaper\/."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3303771","article-title":"Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures","volume":"52","author":"Homoliak","year":"2020","journal-title":"ACM Comput. Surv."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"103682","DOI":"10.1016\/j.autcon.2021.103682","article-title":"BIM security: A critical review and recommendations using encryption strategy and blockchain","volume":"126","author":"Das","year":"2021","journal-title":"Autom. Constr."},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"245","DOI":"10.2166\/hydro.2002.0024","article-title":"Verification and application of a mathematical model for the assessment of the effect of guiding walls on the hydraulic efficiency of chlorination tanks","volume":"4","author":"Stamou","year":"2002","journal-title":"J. Hydroinform."},{"key":"ref_41","unstructured":"Yao, D. (2024, April 02). Game-Models-Simulation-Code. GitHub. Available online: https:\/\/github.com\/SMART-NYUAD\/Game-models-simulation-code."},{"key":"ref_42","unstructured":"Hughes, W., and Murdoch, J. (2001). Roles in Construction Projects: Analysis and Terminology, Construction Industry Publications."},{"key":"ref_43","unstructured":"FIRST (2019). Common Vulnerability Scoring System Version 3.1, FIRST. Available online: https:\/\/www.first.org\/cvss\/v3.1\/specification-document."},{"key":"ref_44","unstructured":"Parker, D.B. (1998). Fighting Computer Crime: A New Framework for Protecting Information, Wiley."},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"110","DOI":"10.1109\/MEX.1987.4307079","article-title":"Mind over Machine: The Power of Human Intuition and Expertise in the Era of the Computer","volume":"2","author":"Dreyfus","year":"1987","journal-title":"IEEE Expert"},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"(2022). Information Security, Cybersecurity and Privacy Protection\u2014Information Security Management Systems\u2014Requirements (Standard No. ISO\/IEC ISO\/IEC 27001:2022). Available online: https:\/\/www.iso.org\/standard\/27001.","DOI":"10.2307\/j.ctv30qq13d"},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"256","DOI":"10.1007\/978-3-031-36757-1_17","article-title":"Validating Trust in Human Decisions to Improve Expert Models Based on Small Data Sets","volume":"Volume 483","author":"Shishkov","year":"2023","journal-title":"Business Modeling and Software Design"},{"key":"ref_48","doi-asserted-by":"crossref","first-page":"844","DOI":"10.1007\/978-3-030-63322-6_72","article-title":"Using an Expert Panel to Validate the Malaysian SMEs-Software Process Improvement Model (MSME-SPI)","volume":"Volume 1294","author":"Silhavy","year":"2020","journal-title":"Software Engineering Perspectives in Intelligent Systems"},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"429","DOI":"10.1007\/s11416-024-00529-x","article-title":"Next gen cybersecurity paradigm towards artificial general intelligence: Russian market challenges and future global technological trends","volume":"20","author":"Pleshakova","year":"2024","journal-title":"J. Comput. Virol. Hacking Tech."}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/5\/1\/5\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T16:25:10Z","timestamp":1760027110000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/5\/1\/5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,31]]},"references-count":49,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,3]]}},"alternative-id":["jcp5010005"],"URL":"https:\/\/doi.org\/10.3390\/jcp5010005","relation":{},"ISSN":["2624-800X"],"issn-type":[{"type":"electronic","value":"2624-800X"}],"subject":[],"published":{"date-parts":[[2025,1,31]]}}}