Title :
A multi-perspective approach to insider threat detection
Author :
Raissi-Dehkordi, Majid ; Carr, David
Author_Institution :
OPNET Technol. Inc., Bethesda, MD, USA
Abstract :
Insider Threat has become one of the most important types of attacks to identify and combat for both government and commercial organizations in recent years. The irreversible financial and security damages that can result from this type of threat have placed Insider Threat among the most important problems in cybersecurity [1]. The complexity of the problem is mainly due to the fact that the attacker is a legitimate user of the system, which makes it very difficult to draw a clear line between legitimate and malicious actions. This paper presents a multi-perspective approach for detection of insider threats in typical enterprise networks. In this approach, multiple detection engines monitor network activities from different perspectives and use the aggregate information to adjust their detection sensitivities. Experimental results from our studies show that this approach results in reduced false alarm probability as well as an increased ability to detect attacks by colluding insiders.
Keywords :
government data processing; security of data; commercial organizations; cybersecurity; enterprise networks; government organizations; insider threat detection; multiperspective approach; Databases; Engines; File servers; Measurement; Monitoring; Servers; Support vector machines; Colluding Insiders; Cybersecurity; Insider Attack; Insider Threat; Malicious Insider;
Conference_Titel :
MILITARY COMMUNICATIONS CONFERENCE, 2011 - MILCOM 2011
Conference_Location :
Baltimore, MD
Print_ISBN :
978-1-4673-0079-7
DOI :
10.1109/MILCOM.2011.6127457
