Home

Designing Host and Network Sensors to Mitigate the Insider Threat

Brian M. Bowen; Malek Ben Salem; Shlomo Hershkop; Angelos D. Keromytis; Salvatore Stolfo

Title:
Designing Host and Network Sensors to Mitigate the Insider Threat
Author(s):
Bowen, Brian M.
Ben Salem, Malek
Hershkop, Shlomo
Keromytis, Angelos D.
Stolfo, Salvatore
Date:
Type:
Articles
Department:
Computer Science
Volume:
7
Permanent URL:
Book/Journal Title:
IEEE Security & Privacy
Abstract:
We propose a design for insider threat detection that combines an array of complementary techniques that aims to detect evasive adversaries. We are motivated by real world incidents and our experience with building isolated detectors: such standalone mechanisms are often easily identified and avoided by malefactors. Our work-in-progress combines host-based user-event monitoring sensors with trap-based decoys and remote network detectors to track and correlate insider activity. We identify several challenges in scaling up, deploying, and validating our architecture in real environments.
Subject(s):
Computer science
Publisher DOI:
http://dx.doi.org/10.1109/MSP.2009.109
Item views:
120
Metadata:
View

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services.