Mitigating Malicious Insider Threats to Common Data Environments in the Architecture, Engineering, and Construction Industry: An Incomplete Information Game Approach
Common data environments (CDEs) are centralized repositories in the architecture, engineering, and construction (AEC) industry designed to improve collaboration and project efficiency. However, CDEs hosted on cloud platforms face significant risks from insider threats, as stakeholders with legitimat...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-01-01
|
| Series: | Journal of Cybersecurity and Privacy |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2624-800X/5/1/5 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849342199738662912 |
|---|---|
| author | KC Lalropuia Sanjeev Goyal Borja García de Soto Dongchi Yao Muammer Semih Sonkor |
| author_facet | KC Lalropuia Sanjeev Goyal Borja García de Soto Dongchi Yao Muammer Semih Sonkor |
| author_sort | KC Lalropuia |
| collection | DOAJ |
| description | Common data environments (CDEs) are centralized repositories in the architecture, engineering, and construction (AEC) industry designed to improve collaboration and project efficiency. However, CDEs hosted on cloud platforms face significant risks from insider threats, as stakeholders with legitimate access may act maliciously. To address these vulnerabilities, we developed a game-theoretic framework using Bayesian games that account for incomplete information, modeling both simultaneous and sequential interactions between insiders and data defenders. In the simultaneous move game, insiders and defenders act without prior knowledge of each other’s decisions, while the sequential game allows the defender to respond after observing insider actions. Our analysis used Bayesian Nash Equilibrium to predict malicious insider behavior and identify optimal defense strategies for safeguarding CDE data. Through simulation experiments and validation with real project data, we illustrate how various parameters affect insider–defender dynamics. Our results provide insights into effective cybersecurity strategies tailored to the AEC sector, bridging theoretical models with practical applications and supporting data security within the increasingly digitalized construction industry. |
| format | Article |
| id | doaj-art-197b54e33e5a4bdb805b6d021d03a802 |
| institution | Kabale University |
| issn | 2624-800X |
| language | English |
| publishDate | 2025-01-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Journal of Cybersecurity and Privacy |
| spelling | doaj-art-197b54e33e5a4bdb805b6d021d03a8022025-08-20T03:43:27ZengMDPI AGJournal of Cybersecurity and Privacy2624-800X2025-01-0151510.3390/jcp5010005Mitigating Malicious Insider Threats to Common Data Environments in the Architecture, Engineering, and Construction Industry: An Incomplete Information Game ApproachKC Lalropuia0Sanjeev Goyal1Borja García de Soto2Dongchi Yao3Muammer Semih Sonkor4S.M.A.R.T. Construction Research Group, Division of Engineering, New York University Abu Dhabi (NYUAD), Experimental Research Building, Saadiyat Island, Abu Dhabi P.O. Box 129188, United Arab EmiratesDivision of Social Science, New York University Abu Dhabi (NYUAD), Saadiyat Island, Abu Dhabi P.O. Box 129188, United Arab EmiratesS.M.A.R.T. Construction Research Group, Division of Engineering, New York University Abu Dhabi (NYUAD), Experimental Research Building, Saadiyat Island, Abu Dhabi P.O. Box 129188, United Arab EmiratesS.M.A.R.T. Construction Research Group, Division of Engineering, New York University Abu Dhabi (NYUAD), Experimental Research Building, Saadiyat Island, Abu Dhabi P.O. Box 129188, United Arab EmiratesS.M.A.R.T. Construction Research Group, Division of Engineering, New York University Abu Dhabi (NYUAD), Experimental Research Building, Saadiyat Island, Abu Dhabi P.O. Box 129188, United Arab EmiratesCommon data environments (CDEs) are centralized repositories in the architecture, engineering, and construction (AEC) industry designed to improve collaboration and project efficiency. However, CDEs hosted on cloud platforms face significant risks from insider threats, as stakeholders with legitimate access may act maliciously. To address these vulnerabilities, we developed a game-theoretic framework using Bayesian games that account for incomplete information, modeling both simultaneous and sequential interactions between insiders and data defenders. In the simultaneous move game, insiders and defenders act without prior knowledge of each other’s decisions, while the sequential game allows the defender to respond after observing insider actions. Our analysis used Bayesian Nash Equilibrium to predict malicious insider behavior and identify optimal defense strategies for safeguarding CDE data. Through simulation experiments and validation with real project data, we illustrate how various parameters affect insider–defender dynamics. Our results provide insights into effective cybersecurity strategies tailored to the AEC sector, bridging theoretical models with practical applications and supporting data security within the increasingly digitalized construction industry.https://www.mdpi.com/2624-800X/5/1/5AEC industryBayesian game theorycommon data environment (CDE)cybersecurity insider threatsMonte Carlo simulation |
| spellingShingle | KC Lalropuia Sanjeev Goyal Borja García de Soto Dongchi Yao Muammer Semih Sonkor Mitigating Malicious Insider Threats to Common Data Environments in the Architecture, Engineering, and Construction Industry: An Incomplete Information Game Approach Journal of Cybersecurity and Privacy AEC industry Bayesian game theory common data environment (CDE) cybersecurity insider threats Monte Carlo simulation |
| title | Mitigating Malicious Insider Threats to Common Data Environments in the Architecture, Engineering, and Construction Industry: An Incomplete Information Game Approach |
| title_full | Mitigating Malicious Insider Threats to Common Data Environments in the Architecture, Engineering, and Construction Industry: An Incomplete Information Game Approach |
| title_fullStr | Mitigating Malicious Insider Threats to Common Data Environments in the Architecture, Engineering, and Construction Industry: An Incomplete Information Game Approach |
| title_full_unstemmed | Mitigating Malicious Insider Threats to Common Data Environments in the Architecture, Engineering, and Construction Industry: An Incomplete Information Game Approach |
| title_short | Mitigating Malicious Insider Threats to Common Data Environments in the Architecture, Engineering, and Construction Industry: An Incomplete Information Game Approach |
| title_sort | mitigating malicious insider threats to common data environments in the architecture engineering and construction industry an incomplete information game approach |
| topic | AEC industry Bayesian game theory common data environment (CDE) cybersecurity insider threats Monte Carlo simulation |
| url | https://www.mdpi.com/2624-800X/5/1/5 |
| work_keys_str_mv | AT kclalropuia mitigatingmaliciousinsiderthreatstocommondataenvironmentsinthearchitectureengineeringandconstructionindustryanincompleteinformationgameapproach AT sanjeevgoyal mitigatingmaliciousinsiderthreatstocommondataenvironmentsinthearchitectureengineeringandconstructionindustryanincompleteinformationgameapproach AT borjagarciadesoto mitigatingmaliciousinsiderthreatstocommondataenvironmentsinthearchitectureengineeringandconstructionindustryanincompleteinformationgameapproach AT dongchiyao mitigatingmaliciousinsiderthreatstocommondataenvironmentsinthearchitectureengineeringandconstructionindustryanincompleteinformationgameapproach AT muammersemihsonkor mitigatingmaliciousinsiderthreatstocommondataenvironmentsinthearchitectureengineeringandconstructionindustryanincompleteinformationgameapproach |