Trapping Malicious Insiders in the SPDR Web

Trapping Malicious Insiders in the SPDR Web

The insider threat has assumed increasing importance as our dependence on critical cyber information infrastructure has increased. In this paper we describe an approach for thwarting and attributing insider attacks. The Sense, Prepare, Detect, and React (SPDR) approach utilizes both a highly intelli...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Haigh, J.T., Harp, S.A., O'Brien, R.C., Payne, C.N., Gohde, J., Maraist, J.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Air traffic control
Control systems
Hardware
Information systems
Intelligent sensors
Intelligent systems
Monitoring
Prototypes
Software systems
Workstations
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 10
container_issue
container_start_page 1
container_title
container_volume
creator Haigh, J.T.
Harp, S.A.
O'Brien, R.C.
Payne, C.N.
Gohde, J.
Maraist, J.
description The insider threat has assumed increasing importance as our dependence on critical cyber information infrastructure has increased. In this paper we describe an approach for thwarting and attributing insider attacks. The Sense, Prepare, Detect, and React (SPDR) approach utilizes both a highly intelligent software reasoning system to anticipate, recognize, respond to, and attribute attacks as well as a widely distributed set of hardware-based sensor-effectors to provide alerts used by the reasoning system and to implement responses as directed by it. Using hardware sensor-effectors greatly reduces the risk that a savvy malicious insider can bypass or cripple the system's monitoring and control capabilities. In this paper we describe the prototype SPDR system and the results of its successful evaluation by an independent, DARPA-sponsored Red Team. We conclude with thoughts on possible SPDR enhancements and further research.
doi_str_mv 10.1109/HICSS.2009.474
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_4755413</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4755413</ieee_id><sourcerecordid>4755413</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-4f433d2f2657d0649549ea6a4d6db1a267d046fe0157db925b8c707125f54ab63</originalsourceid><addsrcrecordid>eNotjM9LwzAYQIM_wDl39eIld2n9knzfl-YodbrCRLEFjyNdU43MWpp58L93oKcH78ET4lJBrhS4m1VV1nWuAVyOFo_ETJPVGResj8XC2QIsOzJIYE7ETJGBTDHQmThP6QNAAyqeietm8uMYhzf56HdxG7--k6yGFLswJRkHuX8Psn6-e5Gvob0Qp73fpbD451w098umXGXrp4eqvF1n0cE-wx6N6XSvmWwHjI7QBc8eO-5a5TUfLHIfQB166zS1xdaCVZp6Qt-ymYurv20MIWzGKX766WeDlgiVMb-FB0FH</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Trapping Malicious Insiders in the SPDR Web</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Haigh, J.T. ; Harp, S.A. ; O'Brien, R.C. ; Payne, C.N. ; Gohde, J. ; Maraist, J.</creator><creatorcontrib>Haigh, J.T. ; Harp, S.A. ; O'Brien, R.C. ; Payne, C.N. ; Gohde, J. ; Maraist, J.</creatorcontrib><description>The insider threat has assumed increasing importance as our dependence on critical cyber information infrastructure has increased. In this paper we describe an approach for thwarting and attributing insider attacks. The Sense, Prepare, Detect, and React (SPDR) approach utilizes both a highly intelligent software reasoning system to anticipate, recognize, respond to, and attribute attacks as well as a widely distributed set of hardware-based sensor-effectors to provide alerts used by the reasoning system and to implement responses as directed by it. Using hardware sensor-effectors greatly reduces the risk that a savvy malicious insider can bypass or cripple the system's monitoring and control capabilities. In this paper we describe the prototype SPDR system and the results of its successful evaluation by an independent, DARPA-sponsored Red Team. We conclude with thoughts on possible SPDR enhancements and further research.</description><identifier>ISSN: 1530-1605</identifier><identifier>ISBN: 9780769534503</identifier><identifier>ISBN: 0769534503</identifier><identifier>EISSN: 2572-6862</identifier><identifier>DOI: 10.1109/HICSS.2009.474</identifier><language>eng</language><publisher>IEEE</publisher><subject>Air traffic control ; Control systems ; Hardware ; Information systems ; Intelligent sensors ; Intelligent systems ; Monitoring ; Prototypes ; Software systems ; Workstations</subject><ispartof>2009 42nd Hawaii International Conference on System Sciences, 2009, p.1-10</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4755413$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4755413$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Haigh, J.T.</creatorcontrib><creatorcontrib>Harp, S.A.</creatorcontrib><creatorcontrib>O'Brien, R.C.</creatorcontrib><creatorcontrib>Payne, C.N.</creatorcontrib><creatorcontrib>Gohde, J.</creatorcontrib><creatorcontrib>Maraist, J.</creatorcontrib><title>Trapping Malicious Insiders in the SPDR Web</title><title>2009 42nd Hawaii International Conference on System Sciences</title><addtitle>HICSS</addtitle><description>The insider threat has assumed increasing importance as our dependence on critical cyber information infrastructure has increased. In this paper we describe an approach for thwarting and attributing insider attacks. The Sense, Prepare, Detect, and React (SPDR) approach utilizes both a highly intelligent software reasoning system to anticipate, recognize, respond to, and attribute attacks as well as a widely distributed set of hardware-based sensor-effectors to provide alerts used by the reasoning system and to implement responses as directed by it. Using hardware sensor-effectors greatly reduces the risk that a savvy malicious insider can bypass or cripple the system's monitoring and control capabilities. In this paper we describe the prototype SPDR system and the results of its successful evaluation by an independent, DARPA-sponsored Red Team. We conclude with thoughts on possible SPDR enhancements and further research.</description><subject>Air traffic control</subject><subject>Control systems</subject><subject>Hardware</subject><subject>Information systems</subject><subject>Intelligent sensors</subject><subject>Intelligent systems</subject><subject>Monitoring</subject><subject>Prototypes</subject><subject>Software systems</subject><subject>Workstations</subject><issn>1530-1605</issn><issn>2572-6862</issn><isbn>9780769534503</isbn><isbn>0769534503</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2009</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotjM9LwzAYQIM_wDl39eIld2n9knzfl-YodbrCRLEFjyNdU43MWpp58L93oKcH78ET4lJBrhS4m1VV1nWuAVyOFo_ETJPVGResj8XC2QIsOzJIYE7ETJGBTDHQmThP6QNAAyqeietm8uMYhzf56HdxG7--k6yGFLswJRkHuX8Psn6-e5Gvob0Qp73fpbD451w098umXGXrp4eqvF1n0cE-wx6N6XSvmWwHjI7QBc8eO-5a5TUfLHIfQB166zS1xdaCVZp6Qt-ymYurv20MIWzGKX766WeDlgiVMb-FB0FH</recordid><startdate>200901</startdate><enddate>200901</enddate><creator>Haigh, J.T.</creator><creator>Harp, S.A.</creator><creator>O'Brien, R.C.</creator><creator>Payne, C.N.</creator><creator>Gohde, J.</creator><creator>Maraist, J.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200901</creationdate><title>Trapping Malicious Insiders in the SPDR Web</title><author>Haigh, J.T. ; Harp, S.A. ; O'Brien, R.C. ; Payne, C.N. ; Gohde, J. ; Maraist, J.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-4f433d2f2657d0649549ea6a4d6db1a267d046fe0157db925b8c707125f54ab63</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2009</creationdate><topic>Air traffic control</topic><topic>Control systems</topic><topic>Hardware</topic><topic>Information systems</topic><topic>Intelligent sensors</topic><topic>Intelligent systems</topic><topic>Monitoring</topic><topic>Prototypes</topic><topic>Software systems</topic><topic>Workstations</topic><toplevel>online_resources</toplevel><creatorcontrib>Haigh, J.T.</creatorcontrib><creatorcontrib>Harp, S.A.</creatorcontrib><creatorcontrib>O'Brien, R.C.</creatorcontrib><creatorcontrib>Payne, C.N.</creatorcontrib><creatorcontrib>Gohde, J.</creatorcontrib><creatorcontrib>Maraist, J.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Haigh, J.T.</au><au>Harp, S.A.</au><au>O'Brien, R.C.</au><au>Payne, C.N.</au><au>Gohde, J.</au><au>Maraist, J.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Trapping Malicious Insiders in the SPDR Web</atitle><btitle>2009 42nd Hawaii International Conference on System Sciences</btitle><stitle>HICSS</stitle><date>2009-01</date><risdate>2009</risdate><spage>1</spage><epage>10</epage><pages>1-10</pages><issn>1530-1605</issn><eissn>2572-6862</eissn><isbn>9780769534503</isbn><isbn>0769534503</isbn><abstract>The insider threat has assumed increasing importance as our dependence on critical cyber information infrastructure has increased. In this paper we describe an approach for thwarting and attributing insider attacks. The Sense, Prepare, Detect, and React (SPDR) approach utilizes both a highly intelligent software reasoning system to anticipate, recognize, respond to, and attribute attacks as well as a widely distributed set of hardware-based sensor-effectors to provide alerts used by the reasoning system and to implement responses as directed by it. Using hardware sensor-effectors greatly reduces the risk that a savvy malicious insider can bypass or cripple the system's monitoring and control capabilities. In this paper we describe the prototype SPDR system and the results of its successful evaluation by an independent, DARPA-sponsored Red Team. We conclude with thoughts on possible SPDR enhancements and further research.</abstract><pub>IEEE</pub><doi>10.1109/HICSS.2009.474</doi><tpages>10</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1530-1605
ispartof 2009 42nd Hawaii International Conference on System Sciences, 2009, p.1-10
issn 1530-1605
2572-6862
language eng
recordid cdi_ieee_primary_4755413
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Air traffic control
Control systems
Hardware
Information systems
Intelligent sensors
Intelligent systems
Monitoring
Prototypes
Software systems
Workstations
title Trapping Malicious Insiders in the SPDR Web
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-06T06%3A53%3A33IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Trapping%20Malicious%20Insiders%20in%20the%20SPDR%20Web&rft.btitle=2009%2042nd%20Hawaii%20International%20Conference%20on%20System%20Sciences&rft.au=Haigh,%20J.T.&rft.date=2009-01&rft.spage=1&rft.epage=10&rft.pages=1-10&rft.issn=1530-1605&rft.eissn=2572-6862&rft.isbn=9780769534503&rft.isbn_list=0769534503&rft_id=info:doi/10.1109/HICSS.2009.474&rft_dat=%3Cieee_6IE%3E4755413%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=4755413&rfr_iscdi=true