A multi-perspective approach to insider threat detection

A multi-perspective approach to insider threat detection

Insider Threat has become one of the most important types of attacks to identify and combat for both government and commercial organizations in recent years. The irreversible financial and security damages that can result from this type of threat have placed Insider Threat among the most important p...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Raissi-Dehkordi, M., Carr, D.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Colluding Insiders
Cybersecurity
Engines
File servers
Insider Attack
Insider Threat
Malicious Insider
Measurement
Monitoring
Servers
Support vector machines
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Insider Threat has become one of the most important types of attacks to identify and combat for both government and commercial organizations in recent years. The irreversible financial and security damages that can result from this type of threat have placed Insider Threat among the most important problems in cybersecurity [1]. The complexity of the problem is mainly due to the fact that the attacker is a legitimate user of the system, which makes it very difficult to draw a clear line between legitimate and malicious actions. This paper presents a multi-perspective approach for detection of insider threats in typical enterprise networks. In this approach, multiple detection engines monitor network activities from different perspectives and use the aggregate information to adjust their detection sensitivities. Experimental results from our studies show that this approach results in reduced false alarm probability as well as an increased ability to detect attacks by colluding insiders.
ISSN:2155-7578
2155-7586
DOI:10.1109/MILCOM.2011.6127457