{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T03:03:57Z","timestamp":1760238237363,"version":"build-2065373602"},"reference-count":43,"publisher":"MDPI AG","issue":"8","license":[{"start":{"date-parts":[[2020,7,29]],"date-time":"2020-07-29T00:00:00Z","timestamp":1595980800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"Insider threats that occur within organizations cause more serious damage than external threats. However, there are many factors that are difficult to determine, such as the definition, classification, and severity of security breaches; hence, it is necessary to analyze system logs and user behavior-based scenarios within organizations. The reality is that qualitative judgment criteria are different for everyone to apply, and there is no detailed verification procedure to compare them objectively. In this study, realistic insider threats were examined through the definition, classification, and correlation\/association analysis of various human\u2013machine logs of acts associated with security breaches that occur in an organization. In addition, a quantitative process and decision-making tool were developed for insider threats by establishing various internal information leakage scenarios. As a result, insider threats were assessed quantitatively and a decision-making process was completed that enabled case analysis based on several insider threat scenarios. This study will enable precise modeling of insider threats that occur in real organizations and will support an objective process and a decision-making system to establish a range of required information for security protection measures.<\/jats:p>","DOI":"10.3390\/sym12081255","type":"journal-article","created":{"date-parts":[[2020,7,30]],"date-time":"2020-07-30T12:15:38Z","timestamp":1596111338000},"page":"1255","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Study on Inside Threats Based on Analytic Hierarchy Process"],"prefix":"10.3390","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1524-3710","authenticated-orcid":false,"given":"Sang","family":"Seo","sequence":"first","affiliation":[{"name":"Department of Computer Science, Kyonggi University, 16227, Gyeonggi-do 154-42, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6370-9744","authenticated-orcid":false,"given":"Dohoon","family":"Kim","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Kyonggi University, 16227, Gyeonggi-do 154-42, Korea"}]}],"member":"1968","published-online":{"date-parts":[[2020,7,29]]},"reference":[{"unstructured":"(2020, May 14). Insider Threat Report. Available online: https:\/\/www.fortinet.com\/content\/dam\/fortinet\/assets\/threat-reports\/insider-threat-report.pdf.","key":"ref_1"},{"unstructured":"(2020, May 14). Insider Threat Intelligence Report. Available online: https:\/\/nationalinsiderthreatsig.org\/itrmresources\/DTex%202018%20Insider%20Threat%20Intelligence%20Report.pdf.","key":"ref_2"},{"doi-asserted-by":"crossref","unstructured":"Bishop, M., and Gates, C. (2008, January 12\u201314). Defining the insider threat. Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research, Oak Ridge, TN, USA.","key":"ref_3","DOI":"10.1145\/1413140.1413158"},{"doi-asserted-by":"crossref","unstructured":"Kandias, M., Mylonas, A., Virvilis, N., Theoharidou, M., and Gritzalis, D. (2010, January 30\u201331). An insider threat prediction model. Proceedings of the International Conference on Trust, Privacy and Security in Digital Business, Bilbao, Spain.","key":"ref_4","DOI":"10.1007\/978-3-642-15152-1_3"},{"key":"ref_5","first-page":"69","article-title":"A survey of insider attack detection research","volume":"39","author":"Salem","year":"2008","journal-title":"Adv. Inf. Secur."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3303771","article-title":"Insight into insiders and IT: A survey of insider threat taxonomies, analysis, modeling, and countermeasures","volume":"52","author":"Homoliak","year":"2019","journal-title":"ACM Comput. Surv."},{"unstructured":"(2020, May 14). SEI Cyber Minute: Insider Threats. April 2017. Available online: http:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?assetid=496626.","key":"ref_7"},{"unstructured":"Cappelli, D., Moore, A., Trzeciak, R., and Shimeall, T.J. (2009). Common Sense Guide to Prevention and Detection of Insider Threats, Software Engineering Institute. [3rd ed.]. Version 3.1.","key":"ref_8"},{"unstructured":"(2020, May 14). Vormetric Insider Threat Report. Technical Report. Available online: https:\/\/dtr.thalesesecurity.com\/insiderthreat\/2015\/pdf\/2015-vormetric-insider-threat-press-deck-v3.pdf.","key":"ref_9"},{"doi-asserted-by":"crossref","unstructured":"Young, W.T., Memory, A., Goldberg, H.G., and Senator, T.E. (2014, January 18\u201321). Detecting unknown insider threat scenarios. Proceedings of the 2014 IEEE Security and Privacy Workshops, San Jose, CA, USA.","key":"ref_10","DOI":"10.1109\/SPW.2014.42"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"503","DOI":"10.1109\/JSYST.2015.2438442","article-title":"Automated insider threat detection system using user and role-based profile assessment","volume":"11","author":"Legg","year":"2015","journal-title":"IEEE Syst. J."},{"doi-asserted-by":"crossref","unstructured":"Kim, J., Park, M., Kim, H., Cho, S., and Kang, P. (2019). Insider threat detection based on user behavior modeling and anomaly detection algorithms. Appl. Sci., 9.","key":"ref_12","DOI":"10.3390\/app9194018"},{"doi-asserted-by":"crossref","unstructured":"Park, K., Woo, S., Moon, D., and Choi, H. (2018). Secure cyber deception architecture and decoy injection to mitigate the insider threat. Symmetry, 10.","key":"ref_13","DOI":"10.3390\/sym10010014"},{"doi-asserted-by":"crossref","unstructured":"Vidal, J.M., and Monge, M.A.S. (2020). Obfuscation of malicious behaviors for thwarting masquerade detection systems based on locality features. Sensors, 20.","key":"ref_14","DOI":"10.3390\/s20072084"},{"doi-asserted-by":"crossref","unstructured":"Sagar, R., Jhaveri, R., and Borrego, C. (2020). Applications in security and evasions in machine learning: A survey. Electronics, 9.","key":"ref_15","DOI":"10.3390\/electronics9010097"},{"doi-asserted-by":"crossref","unstructured":"Alom, M.Z., Taha, T.M., Yakopcic, C., Westberg, S., Sidike, P., Nasrin, M.S., Hasan, M., Van Essen, B.C., Awwal, A.A.S., and Asari, V.K. (2019). A state-of-the-art survey on deep learning theory and architectures. Electronics, 8.","key":"ref_16","DOI":"10.3390\/electronics8030292"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1016\/j.jnca.2016.09.014","article-title":"Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model","volume":"77","author":"Li","year":"2017","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"3958","DOI":"10.3390\/s90503958","article-title":"Using reputation systems and non-deterministic routing to secure wireless sensor networks","volume":"9","author":"Moya","year":"2009","journal-title":"Sensors"},{"doi-asserted-by":"crossref","unstructured":"Fung, C.J., Baysal, O., Zhang, J., Aib, I., and Boutaba, R. (2008). Trust management for host-based collaborative intrusion detection. Int. Work. Distrib. Syst. Oper. Manag., 109\u2013122.","key":"ref_19","DOI":"10.1007\/978-3-540-87353-2_9"},{"doi-asserted-by":"crossref","unstructured":"Fung, C.J., Zhang, J., Aib, I., and Boutaba, R. (2009, January 1\u20135). Robust and scalable trust management for collaborative intrusion detection. Proceedings of the 2009 IFIP\/IEEE International Symposium on Integrated Network Management, Long Island, NY, USA.","key":"ref_20","DOI":"10.1109\/INM.2009.5188784"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1109\/TCSS.2014.2377811","article-title":"Behavioral analysis of insider threat: A survey and bootstrapped prediction in imbalanced data","volume":"1","author":"Azaria","year":"2014","journal-title":"IEEE Trans. Comput. Soc. Syst."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1007\/978-1-4419-7133-3_5","article-title":"Combining traditional cyber security audit data with psychosocial data: Towards predictive modeling for insider threat mitigation","volume":"49","author":"Greitzer","year":"2010","journal-title":"Insid. Threat. Cyber Secur."},{"unstructured":"Maloof, M.A., and Stephens, G.D. (2007, January 5\u20137). Elicit: A system for detecting insiders who violate need-to-know. Proceedings of the International Workshop on Recent Advances in Intrusion Detection, Gold Coast, Australia.","key":"ref_23"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1109\/MSP.2009.110","article-title":"Detecting insider theft of trade secrets","volume":"7","author":"Caputo","year":"2009","journal-title":"IEEE Secur. Priv."},{"doi-asserted-by":"crossref","unstructured":"Mathew, S., Petropoulos, M., Ngo, H.Q., and Upadhyaya, S. (2010, January 15\u201317). A data-centric approach to insider attack detection in database systems. Proceedings of the International Workshop on Recent Advances in Intrusion Detection, Ottawa, ON, Canada.","key":"ref_25","DOI":"10.1007\/978-3-642-15512-3_20"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"238","DOI":"10.1016\/j.ins.2016.06.038","article-title":"Anomalous query access detection in RBAC-administered databases with random forest and PCA","volume":"369","author":"Ronao","year":"2016","journal-title":"Inf. Sci."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"5906368","DOI":"10.1155\/2018\/5906368","article-title":"Distance measurement methods for improved insider threat detection","volume":"2018","author":"Lo","year":"2018","journal-title":"Secur. Commun. Netw."},{"key":"ref_28","first-page":"80","article-title":"Generating test data for insider threat detectors","volume":"5","author":"Lindauer","year":"2014","journal-title":"J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"838","DOI":"10.1016\/j.cose.2018.03.006","article-title":"Insider-threat detection using Gaussian mixture models and sensitivity profiles","volume":"77","author":"Tabash","year":"2018","journal-title":"Comput. Secur."},{"doi-asserted-by":"crossref","unstructured":"Moustafa, N., Creech, G., and Slay, J. (2017). Big data analytics for intrusion detection system: Statistical decision-making using finite dirichlet mixture models. Data Analytics and Decision Support for Cybersecurity, Springer.","key":"ref_30","DOI":"10.1007\/978-3-319-59439-2_5"},{"unstructured":"Tuor, A., Kaplan, S., Hutchinson, B., Nichols, N., and Robinson, S. (2017, January 4\u20135). Deep learning for unsupervised insider threat detection in structured cybersecurity data streams. Proceedings of the Workshops at the Thirty-First AAAI Conference on Artificial Intelligence, San Francisco, CA, USA.","key":"ref_31"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"14786","DOI":"10.3390\/s140814786","article-title":"Security analysis and improvements of authentication and access control in the internet of things","volume":"14","author":"Ndibanje","year":"2014","journal-title":"Sensors"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"11883","DOI":"10.3390\/en81011883","article-title":"State of the art authentication, access control, and secure integration in smart grid","volume":"8","author":"Saxena","year":"2015","journal-title":"Energies"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1016\/j.ijcip.2008.08.001","article-title":"Game-theoretic modeling and analysis of insider threats","volume":"1","author":"Liu","year":"2008","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"859","DOI":"10.1016\/j.cose.2010.06.002","article-title":"A game-based intrusion detection mechanism to confront internal attackers","volume":"29","author":"Kantzavelou","year":"2010","journal-title":"Comput. Secur."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"140","DOI":"10.3390\/g5030140","article-title":"Learning in networks-An experimental study using stationary concepts","volume":"5","author":"Berninghaus","year":"2014","journal-title":"Games"},{"key":"ref_37","first-page":"529","article-title":"Cyber insider threats situation awareness using game theory and information fusion-based user behavior predicting algorithm","volume":"8","author":"Tang","year":"2011","journal-title":"J. Inf. Comput. Sci."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"597","DOI":"10.1109\/TSMCB.2009.2033564","article-title":"Maintaining defender\u2019s reputation in anomaly detection against insider attacks","volume":"40","author":"Zhang","year":"2010","journal-title":"IEEE Trans. Syst. Man. Cybern. Part B Cybern."},{"unstructured":"Chinchani, R., Iyer, A., Ngo, H.Q., and Upadhyaya, S. (July, January 28). Towards a theory of insider threat assessment. Proceedings of the 2005 International Conference on Dependable Systems and Networks, Yokohama, Japan.","key":"ref_39"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"31843","DOI":"10.3390\/s151229887","article-title":"A security assessment mechanism for software-defined networking-based mobile networks","volume":"15","author":"Luo","year":"2015","journal-title":"Sensors"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1080\/19361610.2011.529413","article-title":"Insider threat detection using a graph-based approach","volume":"6","author":"Eberle","year":"2010","journal-title":"J. Appl. Secur. Res."},{"doi-asserted-by":"crossref","unstructured":"Serketzis, N., Katos, V., Ilioudis, C., Baltatzis, D., and Pangalos, G. (2019). Improving forensic triage efficiency through cyber threat intelligence. Futur. Internet, 11.","key":"ref_42","DOI":"10.3390\/fi11070162"},{"key":"ref_43","first-page":"83","article-title":"Decision making with the analytic hierarchy process","volume":"1","author":"Saaty","year":"2008","journal-title":"Int. J. Ser. Sci."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/12\/8\/1255\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T09:52:41Z","timestamp":1760176361000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/12\/8\/1255"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,7,29]]},"references-count":43,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2020,8]]}},"alternative-id":["sym12081255"],"URL":"https:\/\/doi.org\/10.3390\/sym12081255","relation":{},"ISSN":["2073-8994"],"issn-type":[{"type":"electronic","value":"2073-8994"}],"subject":[],"published":{"date-parts":[[2020,7,29]]}}}