Academic Commons

Articles

Designing Host and Network Sensors to Mitigate the Insider Threat

Bowen, Brian M.; Ben Salem, Malek; Hershkop, Shlomo; Keromytis, Angelos D.; Stolfo, Salvatore

We propose a design for insider threat detection that combines an array of complementary techniques that aims to detect evasive adversaries. We are motivated by real world incidents and our experience with building isolated detectors: such standalone mechanisms are often easily identified and avoided by malefactors. Our work-in-progress combines host-based user-event monitoring sensors with trap-based decoys and remote network detectors to track and correlate insider activity. We identify several challenges in scaling up, deploying, and validating our architecture in real environments.

Subjects

Files

  • thumnail for DesigningSensorsInsider.pdf DesigningSensorsInsider.pdf application/pdf 150 KB Download File

Also Published In

Title
IEEE Security & Privacy
DOI
https://doi.org/10.1109/MSP.2009.109

More About This Work

Academic Units
Computer Science
Published Here
June 23, 2011
Academic Commons provides global access to research and scholarship produced at Columbia University, Barnard College, Teachers College, Union Theological Seminary and Jewish Theological Seminary. Academic Commons is managed by the Columbia University Libraries.