AZALIA: an A to Z assessment of the likelihood of insider attack

The insider threat problem is increasing, both in terms of the number of incidents and their financial impact. To date, solutions have been developed to detect specific instances of insider attacks (e.g., fraud detection) and therefore use very limited information for input. In this paper we describ...

Full description

Saved in:
Bibliographic Details
Main Authors: Bishop, M., Gates, C., Frincke, D., Greitzer, F.L.
Format: Conference Proceeding
Language:English
Subjects:
Computer networks
Employment
Government
Laboratories
Mobile computing
Monitoring
Outsourcing
Protection
Psychology
Social network services
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The insider threat problem is increasing, both in terms of the number of incidents and their financial impact. To date, solutions have been developed to detect specific instances of insider attacks (e.g., fraud detection) and therefore use very limited information for input. In this paper we describe an architecture for an enterprise-level solution that incorporates data from multiple sources. The unique aspects of this solution include the prioritization of resources based on the business value of the protected assets, and the use of psychological indicators and language affectation analysis to predict insider attacks. The goal of this architecture is not to detect that insider abuse has occurred, but rather to determine how to prioritize monitoring activities, giving priority to scrutinizing those whose background includes access to key combinations of assets as well as those psychological/other factors that have in the past been associated with malicious insiders.
DOI:10.1109/THS.2009.5168063