Sunu Mathew scite author profile

Abstract. The insider threat against database management systems is a dangerous security problem. Authorized users may abuse legitimate privileges to masquerade as another user or to maliciously harvest data. We propose a new direction to address the problem. We model users' access patterns by profiling the data points that users access, in contrast to analyzing the query expressions in prior approaches. Our data-centric approach is based on the key observation that query syntax alone is a poor discriminator of user intent, which is much better rendered by what is accessed. We present a feature-extraction method to model users' access patterns. Statistical learning algorithms are trained and tested using data from a real Graduate Admission database. Experimental results indicate that the technique is very effective, accurate, and is promising in complementing existing database security solutions. Practical performance issues are also addressed.

show abstract

An Alert Fusion Framework for Situation Awareness of Coordinated Multistage Attacks

Mathew

Shah

Upadhyaya

View full text Add to dashboard Cite

Real-Time Multistage Attack Awareness Through Enhanced Intrusion Alert Clustering

Mathew

Britt

Giomundo

et al.

View full text Add to dashboard Cite

show abstract

Insider Threat Analysis Using Information-Centric Modeling

Ha¹,

Upadhyaya

Ngo

et al.

View full text Add to dashboard Cite

Capability acquisition graphs (CAGs) provide a powerful framework for modeling insider threats, network attacks and system vulnerabilities. However, CAG-based security modeling systems have yet to be deployed in practice. This paper demonstrates the feasibility of applying CAGs to insider threat analysis. In particular, it describes the design and operation of an information-centric, graphics-oriented tool called ICMAP. ICMAP enables an analyst without any theoretical background to apply CAGs to answer security questions about vulnerabilities and likely attack scenarios, as well as to monitor network nodes. This functionality makes the tool very useful for attack attribution and forensics.Keyv^ords: Insider threats, capability acquisition graphs, key challenge graphs IntroductionA comprehensive model is required for understanding, reducing and preventing enterprise network attacks, and for identifying and combating system vulnerabihties and insider threats. Attacks on enterprise networks are often complex, involving multiple sites, multiple stages and the exploitation of various vulnerabilities. As a consequence, security analysts must consider massive amounts of information about network topology, system configurations, software vulnerabilities, and even social information. Integrating and analyzing all this information is an overwhelming task.A security analyst has to determine how best to represent individual components and interactions when developing a model of a computing environment. Depending on the environment and task at hand, the analyst may deal with network traffic data [15]

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Sunu Mathew

A Data-Centric Approach to Insider Attack Detection in Database Systems

An Alert Fusion Framework for Situation Awareness of Coordinated Multistage Attacks

Real-Time Multistage Attack Awareness Through Enhanced Intrusion Alert Clustering

Insider Threat Analysis Using Information-Centric Modeling

Contact Info

Product

Resources

About