Skip to content. Skip to main navigation.

UTA researchers explore ‘insider threats’ from computer network users who access prohibited information

Jingguo Wang

Jingguo Wang, UTA associate professor of information systems and operations management

If a bank employee improperly accesses a customer’s records, how can the privacy threat be detected and stopped? Such “insider threats,” when authorized users abuse legitimate access to a computer system, are one of the thorniest problems in cybersecurity.

New research by Jingguo Wang, a University of Texas at Arlington associate professor of information systems and operations management and Raghav Rao, a State University of New York at Buffalo professor of management science and systems, aims to combat insider threats by mapping out the spots in systems that are most vulnerable and developing countermeasures aimed at mitigating those threats.

“We took Routine Activity Theory, a criminology theory typically used to analyze predatory crimes like robbery, and extended it into the virtual world to understand how users behave in information systems,” said Wang. “We could then measure the risk in each application based on the behavior of users.” 

The study is supported by two grants totaling $500,000 from the National Science Foundation’s Secure and Trustworthy Cyberspace initiative, and is one of the first large-scale studies of how insiders behave on a network that allows them to view sensitive information.

Matthew Wright

Matthew Wright, UTA associate professor of computer science and engineering

It is one example of the critical work UTA researchers are doing in the area of cybersecurity and Internet privacy. In one project, Matthew Wright, an associate professor of computer science and engineering, is developing new systems to protect users against powerful eavesdroppers. In another project, Wang and Wright are collaborating on tools to help information technology experts and security managers choose more effective user authentication technologies.

The 2015 Vormetric Insider Threat Report found that 55 percent of cybersecurity professionals said privileged users, such as managers with access to sensitive information, pose the biggest insider threat to organizations. Eighty-nine percent of respondents said they felt their organization is now more at risk from an insider attack.

The results of the study’s first phase were published in the March 2015 edition of MIS Quarterly. Researchers mapped out the risks for data breaches in specific applications. A second phase is in progress and aims to better understand the scenarios that lead users to explore places in a network they shouldn’t. This phase will use both data mining and surveys to study the motivations of employees to look at forbidden materials. 

For the first phase of their study on insider threats, Wang and Rao partnered with a financial institution that gave them access to the behavior logs of thousands of internal users on their network. Financial institutions are particularly prone to insider threats as they are highly reliant on information technology and store sensitive and valuable information such as customer and account data.

By analyzing seven months’ worth of data, the researchers were able to see how the institution’s staff behaved on their network. Some incidents did occur where employees accessed information that should have been off-limits.

These incidents of improper access could be due to flaws in system security or problematic access controls. In some cases, they were malicious attacks, while in others the insiders had no ill intent but caused potential problems through their negligence or improper use of sensitive information.

The results of this research will help build new access control tools as well as the means to effectively detect insiders poking around forbidden areas.

Personal Privacy

UTA researchers are also working on developing systems to protect the privacy of users such as whistleblowers, journalists and intelligence services against possible attacks.

Wright received a $250,000 National Science Foundation Grant in 2014 to quantify the capabilities of their powerful adversaries and develop defenses to overcome them.

He is focusing on smarter route selection as a way to route traffic around eavesdroppers, preventing them from learning enough to break the anonymity of users. The research will also examine ways to add noise to the traffic to confuse adversaries.

“With large-scale monitoring of online communications ever more prevalent, we need to try to ensure the anonymity of users, “ said Wright. “New systems designs coming from this research should contribute to preventing eavesdroppers and malicious attacks."

Wright plans to use the Tor anonymity system to evaluate his designs. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It was initially developed by the U.S. Navy to protect government communications.

User authentication

In a new security initiative, Wang and Wright have recently paired up to study systems for user authentication, such as passwords or fingerprint scanners, and how companies choose which systems to use.

Companies and other organizations have been slow to adopt new user authentication technologies, preferring in many cases to rely on traditional and often less secure password-based user authentication.

Wang currently is working with Wright to develop and analyze new web-based tools that could help IT and security managers decide on the options that provide the best authentication schemes for their organizations. 

The two researchers are focusing first on the needs of the healthcare industry, where the widespread adoption of electronic health records has made effective user authentication critical to protect sensitive patient information.

This research was funded by a seed grant through UTA’s Interdisciplinary Research Program, established in July 2015 to support the development of early interdisciplinary research ideas to a level where they can compete for external competitive grants.

About the University of Texas at Arlington

The University of Texas at Arlington is a comprehensive research institution of more than 51,000 students in campus-based and online degree programs and is the second-largest institution in The University of Texas System. The Chronicle of Higher Education ranked UTA as one of the 20 fastest-growing public research universities in the nation in 2014.  The University is a Hispanic-Serving Institution and is ranked as a “Best for Vets” college by Military Times magazine. Visit to learn more, and find UTA rankings and recognition at