We are excited to share the latest research on leveraging AI to help combat insider threats in Canada’s critical infrastructure! Our team at TT-ISDA, in collaboration with Project CANVAS, has developed an innovative Attribute Property Mapping System (APMS) using ChatGPT-3.5 to identify and possibly help mitigate insider threats.
Key Highlights:
In recent years, Canada has faced a growing threat to its national security and critical infrastructure due to insider threats. The TT-ISDA explores the application of Large Language Models (LLMs) in identifying and mitigating these threats through an iterative experiment using the Attribute Property Mapping System (APMS). The study leverages the capabilities of ChatGPT-3.5 to analyze and predict insider threats, aiming to bridge gaps in existing security frameworks by incorporating AI-driven insights.
The research begins with a comprehensive review of insider threat guidelines from Five Eyes (FVYE) partners and other global frameworks, identifying a critical gap in the broad scope of monitored factors. The paper details the methodology employed, which includes the collection of real-world case studies and fictional scenarios to train the LLM. These cases are parsed into attributes such as National Critical Infrastructure (NCI) sectors, motivations, threat types, and responding departments, forming the basis for the APMS.
Through a series of prompt engineering techniques, the study refines the LLM’s ability to consistently apply these attributes and generate actionable insights. The findings highlight the effectiveness of LLMs in identifying insider threats, the challenges faced in the initial research design, and the iterative improvements made to enhance model accuracy and consistency. The statistical analysis reveals strong associations between motivations and mitigation measures, while also uncovering areas for further research and development.
The research sets a foundation for utilizing LLMs in insider threat detection, proposing a more adaptive and precise approach to threat mitigation. The study emphasizes the need for continuous improvement in AI-driven security measures, tailored to the unique context of Canada’s critical infrastructure sectors. Future directions include exploring the consistency of ChatGPT in using predefined definitions, assessing its judgment capabilities, and integrating updated security frameworks to enhance the robustness of insider threat programs.
There is alot more work to be done but stay tuned for the formal published version of this paper through Pulse & Praxis: The Journal for Critical Infrastructure Protection, Security and Resilience.
Provide your input or explain how and why you would like to collaborate with Project CANVAS or the TT-ISDA team
Contact us
Contact form