ABSTRACT
Major research efforts have been devoted to the exploration of threats posed by malicious attacks from current employees who, in most cases, are disgruntled with the organization. These so-called “insider threats” could be detected and caught given the right intrusion detection mechanisms. This chapter presents an efficient intrusion tolerant system consisting of four states and three control actions. Sensors and analyzers in the intrusion detection mechanism are used for the study of the user behavior to establish any suspicious event in order to determine the states. Meanwhile, the operator in the intrusion detection mechanism plays an important role in the control actions used for the mitigation of the threats. The operator is a human, the success of its actions depends on situational awareness, mental workload, and multitasking. In addition, the control actions are determined using transition probabilities and cost of business disruption and loss of information. The transition probabilities are computed using the likelihood principle for insider threat causes based on dispositional and situational forces. Different inferences are established to determine the likelihood of insider threats with the highest likelihood recorded for a highly skilled employee performing an insider attack for situational reward.
