Predicting malicious insider threat activity is an increasingly difficult challenge as evidenced by the WikiLeaks events occurring late last year. Despite research into the psychology and motivation of malicious insiders, predicting insider attacks is a non-trivial process. According to Greitzer and Frincke (2010), the two most significant challenges in developing a predictive analytic methodology for insider threat detection are: (1) defining precursors--events prior to the attack)--in terms of observable cyber and psychosocial indicators; and (2) developing a methodology that integrates these indicators. Researchers from government, industry, and academia have proposed promising technical solutions for detecting insider threat activity; often based on violation of some policy, e.g., unauthorized use of removable media. However, very few of these solutions provide predictive analytic capabilities that can: (a) predict the likelihood of malicious insider threat activity with a high degree of certainty and fidelity; or (b) be used operationally in an enterprise environment.

This symposium explores how government, academia, and industry can develop data-driven, high-fidelity, predictive analytics for insider threat detection and mitigation. Identifying operational methodologies for predicting insider threat behavior based on user behavior is critical as organizations seek to prevent fraud, theft of intellectual property, sabotage, and espionage. The topics areas will discuss predictive analytic-based approaches to Insider Threat detection, solution development, and future vision, as well as related issues. Novel research involving new methods or insight into developing predictive analytics for insider threat detection and defense is appropriate for this symposium.

In order for insider threat detection to realize its larger potential, it is important to investigate:

1. •Motivators, characteristics and behaviors representative of malicious insider activity.   
   

2. •Automated predictive analysis and classification techniques that can, detect, categorize, predict, and mitigate malicious insider threat behavior,
   

3. •The integration of scalable technology-based insider threat detection tools with equally scalable analytics, and
   

4. •The manner in which sensors of the future will be able to perform robust, on-sensor, predictive analysis prior to data store ingest.
   

5. •Baseline data which can be used by researchers  to  generate predictors of malicious insider behavior, by providing comparison data for differentiating  behaviors and other characteristics  of malicious insiders from "normal" employees.
   

Ron C. Dodge is an active duty Colonel in the Army and is an Associate Professor in the Electrical Engineering and Computer Science department at the United States Military Academy.  He is the Associate Dean for Information and Education Technology and teaches operating systems and security courses.  Ron’s current research focuses are information warfare, virtualization, security protocols, and performance planning and capacity management.  He is a frequent speaker at national and international IA conferences.