The insider threats have always been one of the most severe challenges to cybersecurity. It can lead to the destruction of the organisation’s internal network system and information leakage, which seriously threaten the confidentiality, integrity and availability of data. To make matters worse, since the attacker has authorized access to the internal network, they can launch the attack from the inside and erase their attack trace, which makes it challenging to track and forensics. A blockchain traceability system for insider threats is proposed in this paper to mitigate the issue. First, this paper constructs an insider threat model of the internal network from a different perspective: insider attack forensics and prevent insider attacker from escaping. Then, we analyze why it is difficult to track attackers and obtain evidence when an insider threat has occurred. After that, the blockchain traceability system is designed in terms of data structure, transaction structure, block structure, consensus algorithm, data storage algorithm, and query algorithm, while using differential privacy to protect user privacy. We deployed this blockchain traceability system and conducted experiments, and the results show that it can achieve the goal of mitigating insider threats.

中文翻译：

---

跟踪内部攻击者：针对内部威胁的区块链可追溯性系统。

内部威胁一直是网络安全面临的最严峻挑战之一。它可能导致组织内部网络系统的破坏和信息泄漏，从而严重威胁数据的机密性，完整性和可用性。更糟糕的是，由于攻击者已授权访问内部网络，因此他们可以从内部发起攻击并清除攻击痕迹，这使跟踪和取证变得颇具挑战性。为了缓解这一问题，本文提出了一种针对内部威胁的区块链可追溯系统。首先，本文从不同角度构建了内部网络的内部威胁模型：内部攻击取证和防止内部攻击者逃脱。然后，我们分析了为什么在内部威胁发生时难以跟踪攻击者并获取证据。然后，从数据结构，交易结构，块结构，共识算法，数据存储算法，查询算法等方面设计了区块链可追溯系统，同时利用差分隐私保护用户隐私。我们部署了该区块链可追溯系统并进行了实验，结果表明它可以达到减轻内部威胁的目的。