• DocumentCode
    1806436
  • Title

    Two-Dimensional Traceability Link Rule Mining for Detection of Insider Attacks

  • Author

    Hu, Yi ; Panda, Brajendra

  • Author_Institution
    Dept. of Comput. Sci., Northern Kentucky Univ., Highland, KY, USA
  • fYear
    2010
  • fDate
    5-8 Jan. 2010
  • Firstpage
    1
  • Lastpage
    9
  • Abstract
    Organizations face a growing threat of insider attacks. This paper presents a model for detecting insider malicious activities targeted at tampering the contents of files for various purposes. It employs two-dimensional traceability link rule mining to identify intrinsic file dependencies. Traceability links are traditionally used by software practitioners and researchers to uncover the relationships between programs and documents in a software system. In this research, we borrow the concept of traceability link from software engineering realm and use traceability links to model file access patterns. Activities that modify data without complying with various file traceability link rules will be identified as suspicious activities. Because file traceability links are less prone to change than individual user´s file access patterns, the insider attack detection model built on traceability links is more effective than many existing systems based on usage patterns.
  • Keywords
    data mining; security of data; software engineering; insider attack detection model; intrinsic file dependencies; software engineering; software practitioners; software system; two-dimensional traceability link rule mining; user file access patterns; Application software; Computer architecture; Computer science; Data engineering; Face detection; Information systems; Intrusion detection; Monitoring; Software engineering; Software systems;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    System Sciences (HICSS), 2010 43rd Hawaii International Conference on
  • Conference_Location
    Honolulu, HI
  • ISSN
    1530-1605
  • Print_ISBN
    978-1-4244-5509-6
  • Electronic_ISBN
    1530-1605
  • Type

    conf

  • DOI
    10.1109/HICSS.2010.414
  • Filename
    5428661