By Omeiza Ajayi

ABUJA: A Nigerian-born United States-based researcher, Olusesi Balogun of Georgia State University, has unveiled a pioneering cybersecurity framework that embeds deception technology directly into access control systems.

According to Mr Balogun “The research, supported by the U.S. National Science Foundation, represents the first known integration of Attribute-Based Access Control, or ABAC, with deception methods powered by artificial intelligence.

The innovation targets insider threats: attacks launched by trusted employees, contractors, or associates, which experts widely regard as among the most damaging and elusive risks to modern organizations.

A recent survey by Cybersecurity Insiders found that more than 90 percent of organizations consider insider threats as difficult or harder to detect than external cyber attacks.

Unlike outside hackers, insiders already possess organization’s knowledge and credentials, making their activity especially dangerous and difficult to distinguish from routine behaviour.

ABAC, a widely used model, regulates access based on the attributes of users, resources, and environments. By embedding AI-inspired deception directly into this model, Balogun’s team has created a new defense layer that malicious insiders cannot easily bypass.

 “Traditional access control assumes insiders can always be trusted,” Balogun explained. “Our framework challenges that assumption by embedding deception into the rules themselves, forcing malicious insiders to expose their intentions when they attempt to abuse access privileges.”

The system introduces three key innovations: a Sensitivity Estimator that automatically identifies highly confidential data, a Honey Attribute Generator that creates realistic decoy information known as honey attributes, and a Monitoring Unit that tracks activity and raises alerts when decoys are accessed. Together, these components make it possible to mislead malicious insiders and detect them early without disrupting legitimate operations.

Pilot studies demonstrated the framework’s effectiveness on large-scale datasets. The honey attributes were nearly indistinguishable from genuine data, achieving an average similarity score of 0.90.

In a healthcare case study, hospitals could embed honey attributes into patient records, catching intruders attempting to steal medical information without interrupting legitimate care. The same approach, Balogun emphasized, could be applied in several organizations including banking, education, and government agencies.

The work arrives at a time when insider incidents are climbing worldwide, costing businesses billions of dollars in damages and reputational harm. High-profile cases of insider leaks and sabotage in government and corporate environments underscore the urgent need for stronger defenses. By making deception an everyday part of access control, Mr. Balogun’s framework turns a longstanding weakness into an opportunity to trap attackers.

Cybersecurity observers note that this development marks a turning point in how institutions protect themselves from within. By making malicious insiders second-guess every move, Mr. Balogun’s research transforms insider threat detection from a reactive process into a proactive shield, offering organizations a new way to outsmart attackers on the inside.

The research also involved collaboration with Dr. Daniel Takabi of Old Dominion University in Virginia and Dr. Manar Alohaly of Princess Nourah University in Saudi Arabia.