A framework of defense system for prevention of insider´s malicious behaviors

Author

Eom, Jung-Ho ; Park, Min-Woo ; Park, Seon-Ho ; Chung, Tai-Myoung

Author_Institution

Internet Manage. Technol. Lab., Sungkyunkwan Univ., Suwon, South Korea

fYear

2011

fDate

13-16 Feb. 2011

Firstpage

982

Lastpage

987

Abstract

In this paper, we proposed a framework of defense system by applying attack tree and misuse monitor for prevention of insider´s malicious behaviors. Recently, a major interest of network security is the threat from insiders who execute their authorization legitimately to leak information on network system. If insider threats his/her system, he/she has caused a severe damage and loss to compromise information assets. Our proposed framework is consisted of 3 prevention modules. It prevents abnormal behaviors by monitoring all activities according to each prevention techniques. The main keys to prevention are attack tree and misuse monitor. An attack tree is conceptual diagrams of insider threats on systems and possible attacks to reach those goals. And a misuse monitor can prevent the misuse of resources by matching the actual running process pattern to the expected processing pattern in pre-defined current insider executed process profile.

Keywords

authorisation; computer network security; trees (mathematics); attack tree; authorization; defense system framework; insider malicious behavior prevention; misuse monitor; network security; process pattern matching; Mercury (metals); Insider threat; attack tree; defense system; misuse monitor;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Communication Technology (ICACT), 2011 13th International Conference on

Conference_Location

Seoul

ISSN

1738-9445

Print_ISBN

978-1-4244-8830-8

Type

conf

Filename

5745973