Creating a Digital Twin of an Insider Threat Detection Enterprise Using Model-Based Systems Engineering
Date
2022-04
Authors
Lee, James
Alghamdi, Ahmad
Zaidi, Abbas K.
Journal Title
Journal ISSN
Volume Title
Publisher
2022 IEEE International Systems Conference (SysCon)
Abstract
Inference Enterprise Modeling (IEM) is a methodology developed to address test and evaluation limitations that insider threat detection enterprises face due to a lack of ground truth and/or missing data. IEM uses a collection of statistical, data processing, analysis, and machine learning techniques to estimate and forecast the performance of these enterprises. As part of developing the IEM method, models satisfying various detection system evaluation requirements were created. In this work, we extend IEM as a digital twin generation technique by representing modeled processes as executable UML Activity Diagrams and tracing solution processes to problem requirements using ontologies. Using the proposed framework, we can rapidly prototype a digital twin of a detection system that can also be imported and executed in systems engineering simulation software tools such as Cameo Enterprise Architecture Simulation Toolkit. Cyber security and threat detection is a continuous process that requires regular maintenance and testing throughout its lifecycle, but there often exists access issues for sensitive and private data and proprietary detection model details to perform adequate test and evaluation activities in the live production environment. To solve this issue, organizations can use a digital twin technique to create a real-time virtual counterpart of the physical system. We describe a method for creating digital twins of live and/or hypothetical insider threat detection enterprises for the purpose of performing test and evaluation activities on continuous monitoring systems that are sensitive to disruptions. In this work, we use UML Activity Diagrams to leverage the integrated simulation capabilities of Model-Based Systems Engineering (MBSE).
Description
Keywords
Digital Twin, MBSE, Insider Threat, System Engineering
Citation
J. Lee, A. Alghamdi, and A. K. Zaidi, “Creating a Digital Twin of an Insider Threat Detection Enterprise Using Model-Based Systems Engineering,” in 2022 IEEE International Systems Conference (SysCon), Montreal, QC, Canada, Apr. 2022, pp. 1–7. DOI: 10.1109/SysCon53536.2022.9773890.