Page 117 - KDU INTERNATIONAL JOURNAL OF CRIMINAL JUSTICE
P. 117

KDU International Journal of Criminal Justice (KDUIJCJ)
                                                                 Volume I | Issue II| July 2024



               for insider  threat and espionage  detection. A Bayesian network is a graphical
               representation that depicts the causal relationships between different variables

               involved in  the threat  detection process.  In the context of insider  threat  and
               espionage,  variables  can  include  user  behaviors,  access  privileges,  job  roles,
               communication patterns, and external threat intelligence, among others.


               The network structure  illustrates  the  dependencies  between  these  variables,
               indicating how changes in one variable can influence the probabilities of other

               variables. The modeling process starts with defining the variables of interest and
               their relationships based on expert knowledge, domain expertise, and historical

               data.  Each variable  is  represented  as  a  node  in  the  network,  and  the  edges
               between  nodes  represent  the  dependencies  and  causal  relationships.  Prior

               probabilities  are  assigned  to  the  variables  based  on  available  information,
               representing  the  beliefs  or  assumptions  about  their  initial  states.  Updating

               probabilities is a fundamental aspect of Bayesian networks. As new evidence or
               observations become available, the network is updated using Bayes' theorem to
               revise the probabilities of the variables. This allows for the incorporation of real-

               time data and  the adjustment of beliefs based  on the observed behaviours or
               events. The updated probabilities reflect the current state of the variables and

               can help identify potential insider threats or espionage activities.

               Bayesian network modeling enables the detection of suspicious behaviours and

               anomalies by assessing the joint probabilities of multiple variables. For example,
               if an employee exhibits unusual access patterns, the network can evaluate the
               conditional probabilities of related variables, such as communication patterns,

               job  roles,  or  previous  incidents,  to  determine  the  overall  risk  level.  By
               considering  multiple factors simultaneously, Bayesian  networks offer a more

               comprehensive and  accurate  assessment  of  the  threat  landscape.  Moreover,
               Bayesian networks can facilitate proactive risk mitigation by enabling "what-if"

               scenario analysis. By modifying the probabilities of certain variables within the

                                                                                       106
   112   113   114   115   116   117   118   119   120   121   122