Academic Commons


Designing Host and Network Sensors to Mitigate the Insider Threat

Bowen, Brian M.; Ben Salem, Malek; Hershkop, Shlomo; Keromytis, Angelos D.; Stolfo, Salvatore

We propose a design for insider threat detection that combines an array of complementary techniques that aims to detect evasive adversaries. We are motivated by real world incidents and our experience with building isolated detectors: such standalone mechanisms are often easily identified and avoided by malefactors. Our work-in-progress combines host-based user-event monitoring sensors with trap-based decoys and remote network detectors to track and correlate insider activity. We identify several challenges in scaling up, deploying, and validating our architecture in real environments.



  • thumnail for DesigningSensorsInsider.pdf DesigningSensorsInsider.pdf application/pdf 150 KB Download File

Also Published In

IEEE Security & Privacy

More About This Work

Academic Units
Computer Science
Published Here
June 23, 2011