Insider Threat Discovery Model for Vehicle Tracking

Abstract

A number of simplistic and practical rule-based approaches are already in place to discover possible insider threat scenarios by using data from vehicle-tracking systems. Most of these approaches focus on known insider threat scenarios and are extended when unknown scenarios are discovered accidently or after extensive investigation. Thus, a significant landscape of insider threats scenarios remains undiscovered. Adding to this, insider threats find creative ways to inflate this undiscovered landscape. Another problem is that the cost associated with employing and training a sufficient number of people to work through the data records generated by vehicle-tracking devices is prohibitively high, if not impossible. Because of these problems, it is nearly impossible to calculate the total revenue and productivity loss as a result of insider threat activity in commercial fleets. Although various research studies indicate that anomaly detection is a valid generic approach to discover insider threats, there is unfortunately no practical evidence available to indicate that it has been used with success in a commercial environment.

The current research set out to utilise anomaly detection – a field of study within data science and machine learning – to investigate irregularities in respect of vehicle-tracking data that may lead to the discovery of insider threats. Because vehicle-tracking providers have large datasets, it was suggested that Big Data be factored in with the process of discovering insider threats.

The research in this document investigated the available data within the vehicle-tracking industry, general approaches towards the management of insider threats, and the application of anomaly detection to vehicle-tracking data. Based on this investigation, a prototype design was developed and applied to data from the vehicle-tracking industry. This application of the process model demonstrated that applying anomaly detection to vehicle-tracking data is a valid approach to discover insider threats.

The research discussed here demonstrated that using anomaly detection to discover insider threats had both advantages and disadvantages. The advantages included amongst other, being able to find undiscovered insider threat activity, whereas the disadvantages were the complexity and time-consuming nature of the processes.