A Novel Approach for Detection Insider Attacker Using Body Language

One of most important challenges in cyber security is detecting the insider attacker (a person or an employee with an authorized access to resources and data of an organization then uses that access - either wittingly or unwittingly - to harm organization security). This paper propose approach to obtain early indicator to insider attacker before doing the crime. The previous security systems focus on the technical anomaly of an employee to discover the insider attacker and can’t discover it, if there isn’t technical anomaly. This paper attempt to discover insider attacker when there isn’t technical anomaly, Where presented body language-based approach to give earlier alarm of insider attacker. By using three of negative body language gestures (Cross Arms, Clasped Hands, Covering the Mouth) which referred to feeling of insecure, ready for an attack, doubt and a lack of self-confidence, these feelings are the closest to the feelings of the internal attacker. These gestures obtained by use skeleton features from video stream provided by Orbbec Astra Pro camera after passed to rule based classifier to recognize each one of the three body language gestures. Then determined the degree of trust based on the duration of the gesture and the number of occurrences of the same gesture or different gestures and depending on the degree of trust, the organization is alerted to the questionable employees. The test performs on ten of employees, four insider attackers were planted among them, and the results show 70% accuracy of detects the insiders, this approach will detect insider attacker before started his malicious work.