Modeling human behavior to anticipate insider attacks via system dynamics

Document Type

Conference Proceeding

Publication Date


Publication Title

Proceedings of the 2016 Spring Simulation Multiconference - TMS/DEVS Symposium on Theory of Modeling and Simulation, TMS/DEVS 2016


Insider attack, Modeling human behavior, System dynamics


© 2016 Society for Modeling & Simulation International (SCS). The problem of insider threats to computer networks overseen by the company's Information Technologies (IT) department is complex and involves many variables; the most complex variable presented is human behavior. In an operational context many fields of study come into play, the security analyst's job is to interpret the data and draw conclusions of a possible malicious threat. Patterns are to be perceived and recognized within the relevant data. Forensic software and a number of other analyst tools are used to determine suspicious activities within and outside the network. After suspicious activities are revealed alerts must be sent out to induce action to prevent attacks. The goal of this paper is to predict an inside attack derived from behavioral, computer and psycho-social risk factors by using the System Dynamics methodology and its relation to solving the problem. A stock-flow diagram is used with Vensim to model the system. The model represents probabilistic human behavior of the attacker and deterministic behavior of the system.

This document is currently not available here.