Insider Threat Simulation Through Ant Colonies and ProB
摘要
In cyber-security, insider threats are particularly challenging to prevent because they are carried out by individuals who already have legitimate access to the information system (IS). In fact, insiders exploit their privileges to perform malicious actions. In previous works we proposed to tackle this problem via a backward symbolic search built on a formal B specification of the IS. Unfortunately this approach is not performant because many proof obligations and constraints must be solved interactively. In this paper, we provide a heuristic-based forward search built on the ant colony optimization algorithm called API (Ant-based Path Identification) that we implemented using ProB. We show how API can be used to search for malicious scenarios and we present the results of our experiments in comparison with other approaches.