Mitigating Malicious Insider Threats to Common Data Environments in the Architecture, Engineering, and Construction Industry: An Incomplete Information Game Approach

Mitigating Malicious Insider Threats to Common Data Environments in the Architecture, Engineering, and Construction Industry: An Incomplete Information Game Approach

Common data environments (CDEs) are centralized repositories in the architecture, engineering, and construction (AEC) industry designed to improve collaboration and project efficiency. However, CDEs hosted on cloud platforms face significant risks from insider threats, as stakeholders with legitimat...

Full description

Saved in:
Bibliographic Details
Main Authors: KC Lalropuia, Sanjeev Goyal, Borja García de Soto, Dongchi Yao, Muammer Semih Sonkor
Format: Article
Language:English
Published: MDPI AG 2025-01-01
Series:Journal of Cybersecurity and Privacy
Subjects:
AEC industry
Bayesian game theory
common data environment (CDE)
cybersecurity insider threats
Monte Carlo simulation
Online Access:https://www.mdpi.com/2624-800X/5/1/5
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Common data environments (CDEs) are centralized repositories in the architecture, engineering, and construction (AEC) industry designed to improve collaboration and project efficiency. However, CDEs hosted on cloud platforms face significant risks from insider threats, as stakeholders with legitimate access may act maliciously. To address these vulnerabilities, we developed a game-theoretic framework using Bayesian games that account for incomplete information, modeling both simultaneous and sequential interactions between insiders and data defenders. In the simultaneous move game, insiders and defenders act without prior knowledge of each other’s decisions, while the sequential game allows the defender to respond after observing insider actions. Our analysis used Bayesian Nash Equilibrium to predict malicious insider behavior and identify optimal defense strategies for safeguarding CDE data. Through simulation experiments and validation with real project data, we illustrate how various parameters affect insider–defender dynamics. Our results provide insights into effective cybersecurity strategies tailored to the AEC sector, bridging theoretical models with practical applications and supporting data security within the increasingly digitalized construction industry.
ISSN:2624-800X

Similar Items