Insider threats that occur within organizations cause more serious damage than external threats. However, there are many factors that are difficult to determine, such as the definition, classification, and severity of security breaches; hence, it is necessary to analyze system logs and user behavior-based scenarios within organizations. The reality is that qualitative judgment criteria are different for everyone to apply, and there is no detailed verification procedure to compare them objectively. In this study, realistic insider threats were examined through the definition, classification, and correlation/association analysis of various human–machine logs of acts associated with security breaches that occur in an organization. In addition, a quantitative process and decision-making tool were developed for insider threats by establishing various internal information leakage scenarios. As a result, insider threats were assessed quantitatively and a decision-making process was completed that enabled case analysis based on several insider threat scenarios. This study will enable precise modeling of insider threats that occur in real organizations and will support an objective process and a decision-making system to establish a range of required information for security protection measures.

中文翻译：

---

基于层次分析法的内部威胁研究

组织内部发生的内部威胁比外部威胁造成更严重的损害。但是，存在许多难以确定的因素，例如安全漏洞的定义、分类和严重程度；因此，有必要分析组织内的系统日志和基于用户行为的场景。现实情况是，每个人适用的定性判断标准都不一样，也没有详细的验证程序来客观比较。在这项研究中，通过对与组织中发生的安全漏洞相关的各种人机日志的定义、分类和关联/关联分析，检查了现实的内部威胁。此外，通过建立各种内部信息泄露情景，开发了针对内部威胁的量化流程和决策工具。因此，对内部威胁进行了定量评估，并完成了基于多个内部威胁情景进行案例分析的决策过程。这项研究将能够对真实组织中发生的内部威胁进行精确建模，并将支持客观过程和决策系统，以建立一系列安全保护措施所需的信息。