A preliminary model of end user sophistication for insider threat prediction in IT systems

The dangers that originate from acts of IT system misuse by legitimate users constitute a separate category of threats with well documented consequences for the integrity, privacy and availability of computer systems and networks. Amongst the various properties of malicious legitimate users one of the most notable ones is the level of his/her sophistication. Various studies indicate that user sophistication and the potential to misuse IT systems are properties that are strongly related. This paper presents a methodology that automates the process of gauging end user sophistication. The establishment of suitable metrics to characterize end user sophistication is discussed followed by an experimental verification of the metrics on a sample of 60 legitimate users, using the UNIX Operating System. The results indicate that a combination of application execution audits and computational resource utilization metrics could be used to characterize the level of IT sophistication of an end user. Although additional testing in a greater variety of computational environments is required in order to validate the derived preliminary scheme, it is considered that the derived methodology could serve as a component of experimental insider threat prediction processes, or any other model that requires a procedure to measure the level of IT knowledge of a legitimate user base.