Impact of correlated private signals on continuous-time insider trading

A model of continuous-time insider trading in which a risk-neutral in-sider possesses two imperfect correlated signals of a risky asset is studied.By conditional expectation theory and filtering theory,we first establish three lemmas:normal corre-lation,equivalent pricing and equivalent profit,which can guarantee to turn our model into a model with insider knowing full information.Then we investigate the impact of the two correlated signals on the market equilibrium consisting of optimal insider trading strategy and semi-strong pricing rule.It shows that in the equilibrium,(1)the market depth is constant over time;(2)if the two noisy signals are not linerly correlated,then all private information of the insider is incorporated into prices in the end while the whole information on the asset value can not incorporated into prices in the end;(3)if the two noisy signals are linear correlated such that the insider can infer the whole information of the asset value,then our model turns into a model with insider knowing full information;(4)if the two noisy signals are the same then the total ex ant profit of the insider is increasing with the noise decreasing,while down to O as the noise going up to infinity;(5)if the two noisy signals are not linear correlated then with one noisy signal fixed,the total ex ante profit of the insider is single-peaked with a unique minimum with respect to the other noisy signal value,and furthermore as the noisy value going to O it gets its maximum,the profit in the case that the real value is observed.

Insider threat detection approach for tobacco industry based on heterogeneous graph embedding

In the tobacco industry,insider employee attack is a thorny problem that is difficult to detect.To solve this issue,this paper proposes an insider threat detection method based on heterogeneous graph embedding.First,the interrelationships between logs are fully considered,and log entries are converted into heterogeneous graphs based on these relationships.Second,the heterogeneous graph embedding is adopted and each log entry is represented as a low-dimensional feature vector.Then,normal logs and malicious logs are classified into different clusters by clustering algorithm to identify malicious logs.Finally,the effectiveness and superiority of the method is verified through experiments on the CERT dataset.The experimental results show that this method has better performance compared to some baseline methods.

Handwriting Analysis Based on Belief of Targeted Individual Supporting Insider Threat Detection

The Unintentional Insider Threat (UIT) concept highlights that insider threats might not always stem from malicious intent and can occur across various domains. This research examines how individuals with medical or psychological issues might unintentionally become insider threats due to their perception of being targeted. Insights from the survey A Survey of Unintentional Medical Insider Threat Category indicate that such perceptions can be linked to underlying health conditions. The study Emotion Analysis Based on Belief of Targeted Individual Supporting Insider Threat Detection reveals that anger is a common emotion among these individuals. The findings suggest that UITs are often linked to medical or psychological issues, with anger being prevalent. To mitigate these risks, it is recommended that Insider Threat programs integrate expertise from medicine, psychology, and cybersecurity. Additionally, handwriting analysis is proposed as a potential tool for detecting insider threats, reflecting the evolving nature of threat assessment methodologies.

Anomaly Detection Based on Discrete Wavelet Transformation for Insider Threat Classification

Unlike external attacks,insider threats arise from legitimate users who belong to the organization.These individuals may be a potential threat for hostile behavior depending on their motives.For insider detection,many intrusion detection systems learn and prevent known scenarios,but because malicious behavior has similar patterns to normal behavior,in reality,these systems can be evaded.Furthermore,because insider threats share a feature space similar to normal behavior,identifying them by detecting anomalies has limitations.This study proposes an improved anomaly detection methodology for insider threats that occur in cybersecurity in which a discrete wavelet transformation technique is applied to classify normal vs.malicious users.The discrete wavelet transformation technique easily discovers new patterns or decomposes synthesized data,making it possible to distinguish between shared characteristics.To verify the efficacy of the proposed methodology,experiments were conducted in which normal users and malicious users were classified based on insider threat scenarios provided in Carnegie Mellon University’s Computer Emergency Response Team(CERT)dataset.The experimental results indicate that the proposed methodology with discrete wavelet transformation reduced the false-positive rate by 82%to 98%compared to the case with no wavelet applied.Thus,the proposed methodology has high potential for application to similar feature spaces.

Ensemble Strategy for Insider Threat Detection from User Activity Logs

In the information era,the core business and confidential information of enterprises/organizations is stored in information systems.However,certain malicious inside network users exist hidden inside the organization;these users intentionally or unintentionally misuse the privileges of the organization to obtain sensitive information from the company.The existing approaches on insider threat detection mostly focus on monitoring,detecting,and preventing any malicious behavior generated by users within an organization’s system while ignoring the imbalanced ground-truth insider threat data impact on security.To this end,to be able to detect insider threats more effectively,a data processing tool was developed to process the detected user activity to generate information-use events,and formulated a Data Adjustment(DA)strategy to adjust the weight of the minority and majority samples.Then,an efficient ensemble strategy was utilized,which applied the extreme gradient boosting(XGBoost)model combined with the DA strategy to detect anomalous behavior.The CERT dataset was used for an insider threat to evaluate our approach,which was a real-world dataset with artificially injected insider threat events.The results demonstrated that the proposed approach can effectively detect insider threats,with an accuracy rate of 99.51%and an average recall rate of 98.16%.Compared with other classifiers,the detection performance is improved by 8.76%.

Detection of Insider Selective Forwarding Attack Based on Monitor Node and Trust Mechanism in WSN

The security problems of wireless sensor networks (WSN) have attracted people’s wide attention. In this paper, after we have summarized the existing security problems and solutions in WSN, we find that the insider attack to WSN is hard to solve. Insider attack is different from outsider attack, because it can’t be solved by the traditional encryption and message authentication. Therefore, a reliable secure routing protocol should be proposed in order to defense the insider attack. In this paper, we focus on insider selective forwarding attack. The existing detection mechanisms, such as watchdog, multipath retreat, neighbor-based monitoring and so on, have both advantages and disadvantages. According to their characteristics, we proposed a secure routing protocol based on monitor node and trust mechanism. The reputation value is made up with packet forwarding rate and node’s residual energy. So this detection and routing mechanism is universal because it can take account of both the safety and lifetime of network. Finally, we use OPNET simulation to verify the performance of our algorithm.

Insider Attack Detection Using Deep Belief Neural Network in Cloud Computing

Cloud computing is a high network infrastructure where users,owners,third users,authorized users,and customers can access and store their information quickly.The use of cloud computing has realized the rapid increase of information in every field and the need for a centralized location for processing efficiently.This cloud is nowadays highly affected by internal threats of the user.Sensitive applications such as banking,hospital,and business are more likely affected by real user threats.An intruder is presented as a user and set as a member of the network.After becoming an insider in the network,they will try to attack or steal sensitive data during information sharing or conversation.The major issue in today's technological development is identifying the insider threat in the cloud network.When data are lost,compromising cloud users is difficult.Privacy and security are not ensured,and then,the usage of the cloud is not trusted.Several solutions are available for the external security of the cloud network.However,insider or internal threats need to be addressed.In this research work,we focus on a solution for identifying an insider attack using the artificial intelligence technique.An insider attack is possible by using nodes of weak users’systems.They will log in using a weak user id,connect to a network,and pretend to be a trusted node.Then,they can easily attack and hack information as an insider,and identifying them is very difficult.These types of attacks need intelligent solutions.A machine learning approach is widely used for security issues.To date,the existing lags can classify the attackers accurately.This information hijacking process is very absurd,which motivates young researchers to provide a solution for internal threats.In our proposed work,we track the attackers using a user interaction behavior pattern and deep learning technique.The usage of mouse movements and clicks and keystrokes of the real user is stored in a database.The deep belief neural network is designed using a restricted Boltzmann machine(RBM)so that the layer of RBM communicates with the previous and subsequent layers.The result is evaluated using a Cooja simulator based on the cloud environment.The accuracy and F-measure are highly improved compared with when using the existing long short-term memory and support vector machine.

Insiders' Hedging for Jump Diffusion Processes with Applications to Index Tracking

The hedging problem for insiders is very important in the financial market.The locally risk minimizing hedging was adopted to solve this problem.Since the market was incomplete,the minimal martingale measure was chosen as the equivalent martingale measure.By the F-S decomposition,the expression of the locally risk minimizing strategy was presented.Finally,the local risk minimization was applied to index tracking and its relationship with tracking error variance (TEV)-minimizing strategy was obtained.

Do Auditors Postpone Reporting in Response to Insider Trading？ A Korean Perspective

How do auditors react to insider trading in client firms？ This paper examines the effects of insider trading on the audit report date. Insiders tend to urge managers to manage earnings to make more profits through trading their own firm＇s shares. If auditors play an important role in monitoring managers, they may pay more attention to insider trading, which may delay the filing of audit reports. We find that the more the insiders trade their stocks, the longer the audit report lag is. In addition, to address the effectiveness of auditors＇ efforts to prevent managers from earnings management, we test whether an extra effort by auditors can reduce aggressive accounting. We also find that auditors deter aggressive accounting by stretching report lag in response to insider trading, implying that auditors＇ efforts weaken insiders＇ opportunistic behavior. This study contributes to the literature by providing evidence that insider trading is a significant determinant of the audit report lag. We suggest that auditors are interested in insiders＇ activity and it can enhance the quality of accounting information.

Merger Announcement Effects and the Amendment of Insider Trading Laws in Brazil

Although Brazil has a long history of having insider trading laws （IT laws） in place and became the first emerging country to enforce the IT laws （Bhattacharya ＆ Daouk, 2002）, criminal sanctions and hefty monetary penalties were only made possible by the amendment of its laws against IT on October 31, 2001. We study the stock price effects of merger announcements made by 151 firms over two periods, before and after the change of IT laws. Our empirical results suggest that target firms attained positive price run-ups in pre-announcement windows before, but not after, the legal regime change. While acquiring firms had strong positive pre-announcement reactions in both legal regimes, the abnormal returns （AR） decreased in the more stringent legal regime. These results indicate that more stringent IT laws may deter IT and improve market efficiency in an emerging country.

Earnings Restatements and Insider Trading： An Empirical Analysis

This study examines the relationship between earnings quality and insider trading. Using downward earnings restatement firms to identify low-quality earnings, we find that insiders outsell non-earnings restatement firms of their holdings over the period from two years before to one year after the beginning of the restatement period. In addition, the amounts of restatement are positively associated with the excess insider selling. We also provide evidence that excess insider selling predicts excessive earnings manipulations that eventually lead to GAAP （Generally Accepted Accounting Principles） violation. Some researchers argued that insider trading can be an efficient way of transferring insider information to the capital markets. Our evidence of intensive insider selling in the context of earnings restatements implies that insiders disregard their fiduciary duties to the shareholders during the periods of deteriorating financial performance.

A Multi-Leveled Approach to Intrusion Detection and the Insider Threat

When considering Intrusion Detection and the Insider Threat, most researchers tend to focus on the network architecture rather than the database which is the primary target of data theft. It is understood that the network level is adequate for many intrusions where entry into the system is being sought however it is grossly inadequate when considering the database and the authorized insider. Recent writings suggest that there have been many attempts to address the insider threat phenomena in regards to database technologies by the utilization of detection methodologies, policy management systems and behavior analysis methods however, there appears to be a lacking in the development of adequate solutions that will achieve the level of detection that is required. While it is true that Authorization is the cornerstone to the security of the database implementation, authorization alone is not enough to prevent the authorized entity from initiating malicious activities in regards to the data stored within the database. Behavior of the authorized entity must also be considered along with current data access control policies. Each of the previously mentioned approaches to intrusion detection at the database level has been considered individually, however, there has been limited research in producing a multileveled approach to achieve a robust solution. The research presented outlines the development of a detection framework by introducing a process that is to be implemented in conjunction with information requests. By utilizing this approach, an effective and robust methodology has been achieved that can be used to determine the probability of an intrusion by the authorized entity, which ultimately address the insider threat phenomena at its most basic level.

Evaluation of Hypervisor Stability towards Insider Attacks

Virtualization technology plays a key role in cloud computing.Thus,the security issues of virtualization tools（hypervisors,emulators,etc.） should be under precise consideration.However,threats of insider attacks are underestimated.The virtualization tools and hypervisors have been poorly protected from this type of attacks.Furthermore,hypervisor is one of the most critical elements in cloud computing infrastructure.Firstly,hypervisor vulnerabilities analysis is provided.Secondly,a formal model of insider attack on hypervisor is developed.Consequently,on the basis of the formal attack model,we propose a new methodology of hypervisor stability evaluation.In this paper,certain security countermeasures are considered that should be integrated in hypervisor software architecture.

The Influence of Differential Leadership on Employees’Affective Commitment:A Perspective of the Insiders and Outsiders

From the perspective of the insiders and outsiders,this study explores the influence of differential leadership on employees’affective commitment and the moderating effect of leader’s self-enhancing humor and individual traditionality.The results show that the differential leadership has a positive impact on the organizational affective commitment of employees,the leader’s self-enhancing humor and the employees’traditionality play a positive regulatory role respectively.Moreover,compared with the outsiders,the low traditionality has a stronger influence on the relationship between differential leadership and organizational affective commitment of the insiders.This paper enriches the research on the influence of leadership style on employee’s affective commitment,proposes and verifies the moderation of leader’s self-enhancing humor and employee’s traditionality,which complements the boundary conditions for the effectiveness of differential leadership style.

An insider user authentication method based on improved temporal convolutional network

With the rapid development of information technology,information system security and insider threat detection have become important topics for organizational management.In the current network environment,user behavioral bio-data presents the characteristics of nonlinearity and temporal sequence.Most of the existing research on authentication based on user behavioral biometrics adopts the method of manual feature extraction.They do not adequately capture the nonlinear and time-sequential dependencies of behavioral bio-data,and also do not adequately reflect the personalized usage characteristics of users,leading to bottlenecks in the performance of the authentication algorithm.In order to solve the above problems,this paper proposes a Temporal Convolutional Network method based on an Efficient Channel Attention mechanism(ECA-TCN)to extract user mouse dynamics features and constructs an one-class Support Vector Machine(OCSVM)for each user for authentication.Experimental results show that compared with four existing deep learning algorithms,the method retains more adequate key information and improves the classification performance of the neural network.In the final authentication,the Area Under the Curve(AUC)can reach 96%.

“攘外”勿忘“安内”——谈insider威胁研究(上)

引言 媒体连篇累牍的关于黑客入侵的报道,在引导人们增强信息安全意识的同时,也把人们的注意力强烈地导向到重视防范来自外部的信息安全事件。这固然是重要的,但却是片面的。对信息安全保障的威胁,从来就来自“内”、“外”两个方面,而且外因通过内因起作用,堡垒最容易从内部攻破。尽管各种威胁列表中一般总不忘把“Insider threat(内部人员威胁)”列入其中,但由于缺乏有效的内部人员威胁解决方案,甚至很少有这方面的研究项目,大多数人对内部人员威胁的认识仅限于泛泛的概念层面上,长此以往。

Publication behaviour and(dis)qualification of chief editors in Turkish national Social Sciences journals

Purpose:This study investigated the publication behaviour of 573 chief editors managing 432 Social Sciences journals in Turkey.Direct inquiries into editorial qualifications are rare,and this research aims to shed light on editors’scientific leadership capabilities.Design/methodology/approach:This study contrasts insider publication behaviour in national journals with international articles in journals indexed by the Web of Science(WOS)and Scopus.It argues that editors demonstrating a consistent ability to publish in competitive WOS and Scopus indexed journals signal high qualifications,while editors with persistent insider behaviour and strong local orientation signal low qualification.Scientific leadership capability is measured by first-authored publications.Correlation and various regression tests are conducted to identify significant determinants of publication behaviour.Findings:International publications are rare and concentrated on a few individuals,while insider publications are endemic and constitute nearly 40%of all national articles.Editors publish 3.2 insider papers and 8.1 national papers for every SSCI article.62%(58%)of the editors have no SSCI(Scopus)article,53%(63%)do not have a single lead-authored WOS(Scopus)article,and 89%publish at least one insider paper.Only a minority consistently publish in international journals;a fifth of the editors have three or more SSCI publications,and a quarter have three or more Scopus articles.Editors with foreign Ph.D.degrees are the most qualified and internationally oriented,whereas non-mobile editors are the most underqualified and underperform other editors by every measure.Illustrating the overall lack of qualification,nearly half of the professor editors and the majority of the WOS and Scopus indexed journal editors have no record of SSCI or Scopus publications.Research limitations:This research relies on local settings that encourage national publications at the expense of international journals.Findings should be evaluated in light of this setting and bearing in mind that narrow localities are more prone to peer favouritism.Practical implications:Incompetent and nepotistic editors pose an imminent threat to Turkish national literature.A lasting solution would likely include the dismissal and replacement of unqualified editors,as well as delisting and closure of dozens of journals that operate in questionable ways and serve little scientific purpose.Originality/value:To my knowledge,this is the first study to document the publication behaviour of national journal chief editors.

“攘外”勿忘“安内”——谈insider威胁研究(下)

第二次兰德会议 第二次兰德会议围绕着三个议题展开了讨论:1.长期的研究挑战和目标;2.insider威胁模型;3.使用商业和政府定制产品的短期解决方案.在会议报告中,还包括了10篇附录,分别就非技术解决方案、insider威胁理论模型等做了研究.

信息安全Insider问题研究与对策

本文分析了信息安全人才现状，研究了信息安全与Insider的关系，提出了信息安全人才培养使用的对策与建议，为我军从事信息技术与信息安全专业人才培养提供决策参考依据。

Existence of Linear Strategy Equilibrium in Insider Trading with Partial Observations

This paper investigates a linear strategy equilibrium in insider trading in continuous time allowing market makers to know some information on the value of a stock. By the use of filtering theory,the authors prove that in a monopoly market, there exists a unique equilibrium of linear strategy of intensity in a closed form, such that the insider can make positive profits and at which, all of the private information on the value of the stock is released; and the more accurate the information on the value of the stock observed by the market makers, the less the positive profits are made by the insider, and even go to zero. However, there is no Nash equilibrium in a Cournot competition market between two insiders if they both adopt a linear strategy of intensity.