Detecting insider threats by monitoring system call activity

One approach to detecting insider misbehavior is to monitor system call activity and watch for danger signs or unusual behavior. We describe an experimental system designed to test this approach. We tested the system's ability to detect common insider misbehavior by examining file system and pr...

Full description

Saved in:
Bibliographic Details
Main Authors: Nguyen, N., Reiher, P., Kuenning, G.H.
Format: Conference Proceeding
Language:English
Subjects:
Companies
Computer science
Computer security
Computerized monitoring
Data mining
File systems
Intrusion detection
System testing
Telecommunication traffic
Watches
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:One approach to detecting insider misbehavior is to monitor system call activity and watch for danger signs or unusual behavior. We describe an experimental system designed to test this approach. We tested the system's ability to detect common insider misbehavior by examining file system and process-related system calls. Our results show that this approach can detect many such activities.
DOI:10.1109/SMCSIA.2003.1232400