Integrating Cyber Deception Into Attribute-Based Access Control (ABAC) for Insider Threat Detection

Abstract

Read online

Insider threat is an ever-present challenge to corporate security. The availability of knowledge and privileges to insiders makes it extremely difficult to prevent, detect or deter malicious insider activities. In the literature, several studies have proposed deception-based approaches to mitigate insider threats through different layers of corporate systems. However, the integration of access control and cyber deception methods has not been adequately discussed. In this paper, we integrate Attribute-based Access Control (ABAC) with honey-based deception techniques to effectively track insiders, particularly in the context of a dynamic work environment. To the best of our knowledge, this is the first study to design, implement and evaluate this integration. Our evaluation results show that the proposed framework reliably identifies sensitive attributes in the system and generates indistinguishable honey values to protect them with an average similarity score of 0.90 to the truth.

Keywords

• Insider threat
• defensive deception
• attribute-based access control (ABAC)
• honey attribute
• sensitivity estimation