Two-Dimensional Traceability Link Rule Mining for Detection of Insider Attacks

Author

Hu, Yi ; Panda, Brajendra

Author_Institution

Dept. of Comput. Sci., Northern Kentucky Univ., Highland, KY, USA

fYear

2010

fDate

5-8 Jan. 2010

Firstpage

1

Lastpage

9

Abstract

Organizations face a growing threat of insider attacks. This paper presents a model for detecting insider malicious activities targeted at tampering the contents of files for various purposes. It employs two-dimensional traceability link rule mining to identify intrinsic file dependencies. Traceability links are traditionally used by software practitioners and researchers to uncover the relationships between programs and documents in a software system. In this research, we borrow the concept of traceability link from software engineering realm and use traceability links to model file access patterns. Activities that modify data without complying with various file traceability link rules will be identified as suspicious activities. Because file traceability links are less prone to change than individual user´s file access patterns, the insider attack detection model built on traceability links is more effective than many existing systems based on usage patterns.

Keywords

data mining; security of data; software engineering; insider attack detection model; intrinsic file dependencies; software engineering; software practitioners; software system; two-dimensional traceability link rule mining; user file access patterns; Application software; Computer architecture; Computer science; Data engineering; Face detection; Information systems; Intrusion detection; Monitoring; Software engineering; Software systems;

fLanguage

English

Publisher

ieee

Conference_Titel

System Sciences (HICSS), 2010 43rd Hawaii International Conference on

Conference_Location

Honolulu, HI

ISSN

1530-1605

Print_ISBN

978-1-4244-5509-6

Electronic_ISBN

1530-1605

Type

conf

DOI

10.1109/HICSS.2010.414

Filename

5428661