An Architecture for Contextual Insider Threat Detection
نویسندگان
چکیده
Recent studies have shown there is a growing concern about the damage possible when trusted organization insiders behave maliciously. In particular, data exfiltration can lead to loss of revenue, damage to an organization’s reputation, and disruption of service for critical infrastructure systems. In this work, we introduce the Contextually Adaptive INsider threat architecture (CAIN), which incorporates contextual and risk-based access control with anomaly detection. While traditional Mandatory Access Control (MAC) can offer high assurance for information security, its rigid structure can hinder workers’ productivity. The goal of CAIN is to balance these dual goals of data protection and flexible access. This paper outlines the design goals of CAIN, as well as the behavior of its components. We also describe our initial design for building a prototype of our system and our future work.
منابع مشابه
Context-Aware Insider Threat Detection
We are researching ways to detect insider threats in computer usage data crossing multiple modalities – e.g., resources and devices used, network and communication patterns – and where signals of possible threat are highly contextual – e.g., detectable only after inferring user roles, peer groups, collaborators and personal history. The contexts are also dynamic – reflecting a user’s rapid shif...
متن کاملInsider Threat Detection in PRODIGAL
This paper reports on insider threat detection research, during which a prototype system (PRODIGAL) was developed and operated as a testbed for exploring a range of detection and analysis methods. The data and test environment, system components, and the core method of unsupervised detection of insider threat leads are presented to document this work and benefit others working in the insider th...
متن کاملDefending Insider Threat
Network threat confronting organizations comes from not only outsider threat, but also insider threat. Nowadays, insider threat is widely recognized as an important issue of security management. However, tools and controls on how to fight against it are still in the research phase. Security architecture for defending insider threat is presented, which is composed of four parts: monitoring platf...
متن کاملOutlier Detection in Random Subspaces over Data Streams: An Approach for Insider Threat Detection
Insider threat detection is an emergent concern for industries and governments due to the growing number of attacks in recent years. Several Machine Learning (ML) approaches have been developed to detect insider threats, however, they still suffer from a high number of false alarms. None of those approaches addressed the insider threat problem from the perspective of stream mining data where a ...
متن کاملAn Ontology for Insider Threat Indicators: Development and Application
We describe our ongoing development of an insider threat indicator ontology. Our ontology is intended to serve as a standardized expression method for potential indicators of malicious insider activity, as well as a formalization of much of our team’s research on insider threat detection, prevention, and mitigation. This ontology bridges the gap between natural language descriptions of ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009