“…In [14,15,16] the authors propose CIDS, a host-based concurrent intrusion detection scheme. The system is based on user work profiling [5].…”
Section: Background and Related Workmentioning
confidence: 99%
“…The basic scheme [16] described above is improved upon by the authors in a later work [14]. In particular, the authors adopt the notion of reasonableness check to address One drawback of this work is that the authors do not address the scenario when a user does not deviate in any manner from the SPRINT plan, but still is able to launch an attack.…”
Section: Background and Related Workmentioning
confidence: 99%
“…Our work uses the user-intent analysis approach proposed earlier by Upadhyaya et al [2,14,15,16]. Upadhyaya et al's approach consists of ensuring that during a particular session a user remains reasonably within the scope of a previously declared set of activities.…”
Abstract.A major concern for computer systems security is the threat from malicious insiders who execute perfectly legitimate operations to compromise system security. Unfortunately, most currently available intrusion detection systems (which include anomaly and misuse detection systems) fail to address this problem in a comprehensive manner. In this work we propose a framework that uses an attack tree to identify malicious activities from authorized insiders. We develop algorithms to generate minimal forms of attack tree customized for each user such that it can be used efficiently to monitor the user's activities. If the user's activities progress sufficiently up along the branches of the attack tree towards the goal of system compromise, we generate an alarm. Our system is not intended to replace existing intrusion detection and prevention technology, but rather is intended to complement current and future technology.
“…In [14,15,16] the authors propose CIDS, a host-based concurrent intrusion detection scheme. The system is based on user work profiling [5].…”
Section: Background and Related Workmentioning
confidence: 99%
“…The basic scheme [16] described above is improved upon by the authors in a later work [14]. In particular, the authors adopt the notion of reasonableness check to address One drawback of this work is that the authors do not address the scenario when a user does not deviate in any manner from the SPRINT plan, but still is able to launch an attack.…”
Section: Background and Related Workmentioning
confidence: 99%
“…Our work uses the user-intent analysis approach proposed earlier by Upadhyaya et al [2,14,15,16]. Upadhyaya et al's approach consists of ensuring that during a particular session a user remains reasonably within the scope of a previously declared set of activities.…”
Abstract.A major concern for computer systems security is the threat from malicious insiders who execute perfectly legitimate operations to compromise system security. Unfortunately, most currently available intrusion detection systems (which include anomaly and misuse detection systems) fail to address this problem in a comprehensive manner. In this work we propose a framework that uses an attack tree to identify malicious activities from authorized insiders. We develop algorithms to generate minimal forms of attack tree customized for each user such that it can be used efficiently to monitor the user's activities. If the user's activities progress sufficiently up along the branches of the attack tree towards the goal of system compromise, we generate an alarm. Our system is not intended to replace existing intrusion detection and prevention technology, but rather is intended to complement current and future technology.
“…While some projects have addressed these dimensions individually, most research appears to be focused on cyber threat and cyber security. When semantics has been utilized, it is applied to describe the role-based access policy of an organization (RAND, 1999;Upadhyaya et al, 2001). In related work, a research project by Raskin et al (2002) aims to use a natural language-based ontology to scan texts for indicators of possible intellectual property leakage.…”
Malicious insiders' difficult-to-detect activities pose serious threats to the intelligence community (IC) when these activities go undetected. A novel approach that integrates the results of social network analysis, role-based access monitoring, and semantic analysis of insiders' communications as evidence for evaluation by a risk assessor is being tested on an IC simulation. A semantic analysis, by our proven Natural Language Processing (NLP) system, of the insider's text-based communications produces conceptual representations that are clustered and compared on the expected vs. observed scope. The determined risk level produces an input to a risk analysis algorithm that is merged with outputs from the system's social network analysis and role-based monitoring modules.
“…Probably the most often cited is the statistical approach used in NIDES [1]. More recently, many other approaches have been investigated as reported in [23], [19], [13], [11], [18], [24], and [20], to mention a few. In these approaches, different measures are monitored to model user behavior: frequencies and sequences of Unix shell commands or system calls, temporal parameters of user actions and temporal intervals between them, etc.…”
Personal mobile devices, as mobile phones, smartphones, and communicators can be easily lost or stolen. Due to the functional abilities of these devices, their use by an unintended person may result in a severe security incident concerning private or corporate data and services. Organizations develop their security policy and mobilize preventive techniques against unauthorized use. Current solutions, however, are still breakable and there still exists strong need for means to detect user substitution when it happens. A crucial issue in designing such means is to define what measures to monitor. In this paper, an attempt is made to identify suitable characteristics and measures for mobile-user substitution detection. Our approach is based on the idea that aspects of user behavior and environment reflect user's personality in a recognizable way. The paper provides a tentative list of individual behavioral and environmental aspects, along with characteristics and measures to represent them.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.