Abstract
Insider attack has become a major threat in financial sector and is a very serious and pervasive security problem. Currently, there is no insider threat ontology in this domain and such an ontology is critical to developing countermeasures against insider attacks. In this paper, we create an ontology focusing on insider attacks in the banking domain targeting database systems. We define the taxonomy used in this ontology and identify the relationships between the ontology classes. The resulting structure is a domain ontology mapped onto the Suggested Upper Merged Ontology (SUMO), Friend of a Friend(FOAF) and Finance ontologies to make our work integrable to the systems that use these ontologies and to create a broad knowledge base. The attack types we formulate in the ontology are masquerade, privilege elevation, privilege abuse and collusion attacks. Our model could be used to systematically evaluate any insider threat detection schemes in a realistic way and discover attacks that share similarities with previously identified attacks.