A Layered Approach to Insider Threat Detection and Proactive Forensics
نویسندگان
چکیده
An insider threat is a menace to computer security as a result of unauthorized system misuse by users of an organization. A recent study jointly published by the United States Secret Service and Carnegie Mellon University [7] confirms the prevalence of computer crimes perpetrated by insiders across America’s organizations. Insider attacks can be more destructive and costly than attacks from the outside as a perpetrator often has deep understanding of and convenient accesses to a plethora of an organization’s computer resources. This paper discusses augmenting intrusion detection systems with forensics tools to enhance the discovery and prosecution of internal attacks. Our research follows two approaches: One is using intrusion detection systems (IDSs) [5] as black boxes and having them drive forensics tools. Likewise, we are looking at building our own statistical metrics for fleshing out long term changes in user behavior.
منابع مشابه
Insider Threat Analysis Using Information-Centric Modeling
Capability acquisition graphs (CAGs) provide a powerful framework for modeling insider threats, network attacks and system vulnerabilities. However, CAG-based security modeling systems have yet to be deployed in practice. This paper demonstrates the feasibility of applying CAGs to insider threat analysis. In particular, it describes the design and operation of an information-centric, graphics-o...
متن کاملAn Integrated System for Insider Threat Detection
This paper describes a proof-of-concept system for detecting insider threats. The system measures insider behavior by observing a user’s processes and threads, information about user mode and kernel mode time, network interface statistics, etc. The system is built using Microsoft’s Windows Management Instrumentation (WMI) implementation of the Web Based Enterprise Management (WBEM) standards. I...
متن کاملOutlier Detection in Random Subspaces over Data Streams: An Approach for Insider Threat Detection
Insider threat detection is an emergent concern for industries and governments due to the growing number of attacks in recent years. Several Machine Learning (ML) approaches have been developed to detect insider threats, however, they still suffer from a high number of false alarms. None of those approaches addressed the insider threat problem from the perspective of stream mining data where a ...
متن کاملContext-Aware Insider Threat Detection
We are researching ways to detect insider threats in computer usage data crossing multiple modalities – e.g., resources and devices used, network and communication patterns – and where signals of possible threat are highly contextual – e.g., detectable only after inferring user roles, peer groups, collaborators and personal history. The contexts are also dynamic – reflecting a user’s rapid shif...
متن کاملMulti-source fusion for anomaly detection: using across-domain and across-time peer-group consistency checks
We present robust anomaly detection in multi-dimensional data. We describe information fusion across multiple levels in a layered architecture to ensure accurate and reliable detection of anomalies from heterogeneous data. We consider the problem of detecting anomalous entities (e.g., people) from observation data (e.g., activities) gathered from multiple contexts or information sources over ti...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005