Understanding insider threat attacks using natural language processing: Automatically mapping organic narrative reports to existing insider threat frameworks

Traditionally cyber security has focused on defending against external threats, over the last decade we have seen an increasing awareness of the threat posed by internal actors. Current approaches to reducing this risk have been based upon technical controls, psychologically understanding the insider’s decision-making processes or sociological approaches ensuring constructive workplace behaviour. However, it is clear that these controls are not enough to mitigate this threat with a 2019 report suggesting that 34% of breaches involved internal actors. There are a number of Insider threat frameworks that bridge the gap between these views, creating a holistic view of insider threat. These models can be difficult to contextualise within an organisation and hence developing actionable insight is challenging. An important task in understanding an insider attack is to gather a 360-degree understanding of the incident across multiple business areas: e.g. co-workers, HR, IT, etc. can be key to understanding the attack. We propose a new approach to gathering organic narratives of an insider threat incident that then uses a computational approach to map these narratives to an existing insider threat framework. Leveraging Natural Language Processing (NLP) we exploit a large collection of insider threat reporting to create an understanding of insider threat. This understanding is then applied to a set of reports of a single attack to generate a computational representation of the attack. This representation is then successfully mapped to an existing, manual insider threat framework

Interlinked Computing in 2040: Safety, Truth, Ownership and Accountability

Computer systems are increasingly interconnected, magnifying benefits and risks, especially with AI integration. Using a Delphi-based method, we interviewed technology futurists about potential trends towards 2040 and their societal impacts. Our findings highlight five key forecasts related to artificial intelligence and system complexity, and suggest six interventions to mitigate negative impacts

Interhemispheric survey of polar cap aurora

This study investigates the interhemispheric nature of polar cap auroras via ultraviolet imaging, combined with particle data, to determine whether they occur on open or closed field lines. Data from the SSUSI (Special Sensor Ultraviolet Spectrographic Imager) instrument on board the DMSP (Defence Meteorological Satellite Program) spacecraft are examined. The DMSP spacecraft are in 90-min orbits; hence, images of each hemisphere are separated by 45 min providing a good opportunity for interhemispheric study. 21 polar cap arc (PCA) events are recorded in December 2015 which have particle data from the SSJ/4 particle spectrometer associated with an arc in at least one hemisphere. Nine events are found to contain "arcs" consistent with a closed field line mechanism, that is, arcs associated with an ion signature present in both hemispheres. Six events contained arcs that were consistent with an "open field line" mechanism, that is, they were associated with electron-only precipitation. Events containing arcs that were not consistent with either of these expectations are also explored, including an example of a "non-conjugate" theta aurora and an interesting example of auroral morphology similar to a PCA which is associated with a geomagnetic storm. Seasonal effects are also investigated through a statistical analysis of PCAs over 4 months in 2015. It is found that PCAs are visible in the SSUSI data at least 20% of the time and that it is likely some are missed due to the spacecraft field of view and poor sensitivity in the summer hemisphere due to increased solar illumination.</p

Multi-instrument observation of simultaneous polar cap auroras on open and closed magnetic field lines

Multi-instrument observation of simultaneous polar cap auroras on open and closed magnetic field line