Abstract

The threat of malicious insiders to organisational security has historically been one of the most difficult challenges to address. Insiders often attack using authorised access and with behaviour very difficult to distinguish from normal activities. Today, insider attacks are further enabled by immense data storage capabilities, advanced searching algorithms, and the difficulty of implementing comprehensive monitoring of networked systems. Because the actions that occur during insider attacks look much like normal user activities, this exacerbates both the technical and behavioural challenges of distinguishing malicious activity from benign. Furthermore, several recent high-profile attacks have been enabled by non-malicious, or unintentional, insiders fooled by exploits from external attackers.

The COVID-19 pandemic has only exacerbated the problem. Remote work environments pose technical problems, both for monitoring employee behaviour, as well as protecting organisational assets. Psychological stresses such as lockdowns, medical issues, separation from loved ones, and potential job loss further aggravate the already weathered mindset of many employees, raising the chances of intentional or accidental insider activity.

Research into both technical and behavioural aspects of insider threat mitigation continues, but significant challenges persist:

• Data on insider attacks are difficult to obtain. One reason is that base rates of insider attacks are relatively unknown. Organisations suffering insider attacks are often reluctant to share data about those attacks publicly. Studies show over 70% of attacks are not reported externally, including many of the most common, low-level attacks. This leads to uncertainty that available data accurately represents the true nature of the problem. Furthermore, the behaviours of non-malicious users are also not available in large data sets. The ability to gather data that has external validity is also hampered by the fact that research projects do not have access to actual insiders who are in engaged in committing insider exploits. While some data collection projects attempt to approximate insider threats through role-playing, this does not fully address the need for externally valid data that reflects the actions and motivations of true insider threats. However, researchers are beginning to make advances in this area, establishing productive partnerships with industry and government collaborators that allow data access while protecting the confidentiality and privacy of individual users. We hope to highlight these successful endeavours as examples for other areas of security and privacy research where data sharing limits meaningful advances.
• The insider threat problem is not well understood. In addition to the complex challenges surrounding collection, correlation, and detection of technical indicators, researchers must also understand underlying human motivations and behaviours. This is not a traditional area of study for IT security researchers; configuring technical solutions to monitor for human deception is challenging. However, ongoing work across several programs has shown significant advancements in this area as well.
• Another significant aspect to consider is privacy and security of users and data. Advanced insider threat detection programs often aggregate data from multiple sources, including sensitive personal information such as HR data, pre-employment screening or background checks, confidential communication, or self-reported issues such as substance misuse or severe financial difficulties. Protecting this data from theft or misuse is paramount to maintaining a credible and effective insider threat program, and new research directions should be highlighted to address this critical concern.

WRIT focuses on solutions to the above challenges, as well as others, and especially encourages innovative approaches that integrate concepts from information technology, behavioural sciences, or criminology, as well as research that advances the state of art and practice in experimental methods for collecting data to address key challenges in evaluating and validating proposed models and solutions. The workshop will therefore be accessible to both non-experts interested in learning about this area and experts interesting in hearing about approaches being taken by others.

Topics of interest:

• behavioural indicators of insider risk
• insider threat indicator development
• improving insider threat detection with AI/ML
• reducing workplace violence by insiders
• increased risk of insider threat due to COVID and COVID mitigations
• data collection, aggregation, and correlation for threat indicators
• data collection of baseline user data and behaviours
• analytic approaches that address key challenges such as reducing false positives
• novel techniques/new technologies for prevention, detection, and response to insider attacks
• predictive analytics for identifying potential indicators of insider threat
• linguistic approaches to identifying potential behaviour of concern
• insider attacker behavioural models and analysis
• adversarial and game theoretic models of insider threats and attacks
• evaluation, experimentation and risk assessment of insider threat detection approaches
• improving integration with human resources to help identify and mitigate insider risk
• mobile devices and insider threats
• social networking and insider threats
• identifying unknown insider attack patterns
• sociotechnical approaches to protecting against insider threat attacks
• biometric approaches for identifying potential insider threat behaviour
• application of solutions from other domains to address insider threats
• unintentional insider threats
• research directions addressing privacy and security
• how remote work affects insider risks and behaviours

Co-Chairs

*All Accepted & Presented papers at WRIT will be reviewed for possible publication in Springer Nature's SN Computer Science journal, if authors register for ICCS 2021 too.

At the time of article submission, Please follow the given steps:

• Step I - Submit your abstract only through Easychair and wait for acceptance notification for abstract.
• Step II - Follow the instructions to submit full paper as given in the acceptance mail.

For any submission related query, pls contact us at iccs@iaasse.org

The ONLINE submission site is

  

  Click here to submit.

Submission Guidelines

Papers reporting original* and unpublished research results pertaining to the related topics are solicited. *(papers with plagiarism more than 30% will be outrightly rejected)

• Full paper manuscripts must be in English of up to 10 pages as per  format.

For authors convenience, Springer has summarized in the Author Guidelines document how a proceedings paper should be structured, how elements (headings, figures, references) should be formatted using our predefined styles, etc. The submission Guidelines can be downloaded from the given link containing the complete sets of instructions and templates for the different text preparation systems.

Springer has developed LaTeX style files and Word templates to help prepare paper. LaTeX is the preferred format for texts containing several formulae, but Word templates are also available on the following link:

https://www.springer.com/journal/42979/submission-guidelines

Submissions should NOT include the author(s), affiliation(s), e-mail address(es), and postal address(es) in the manuscripts. Papers will be selected based on their originality, timeliness, significance, relevance, and clarity of presentation. Paper submission implies the intent of at least one of the authors to register and present the paper, if accepted.