Mitigation of Insider Risks using Distributed Agent Detection, Filtering, and Signaling

An insider-robust approach to file integrity verification is developed using interacting strata of mobile agents. Previous approaches relied upon monolithic architectures, or more recently, agent frameworks using a centralized control mechanism or common reporting repository. However, any such distinct tampering-point introduces vulnerabilities, especially from knowledgeable insiders capable of abusing security-critical resources. In the Collaborative Object Notification Framework for Insider Defense using Autonomous Network Transactions (CONFIDANT), the mechanisms for tampering detection, decision-making, and alert signaling are distributed and corroborated by autonomous agents. In this paper, the CONFIDANT file integrity verification framework is presented focusing on insider defense aspects. User capability classes are defined and critical physical tampering points in intrusion detection architectures are identified. CONFIDANT mitigation techniques of insider tampering exposures and example scenarios are presented.