AZALIA: an A to Z assessment of the likelihood of insider attack

Bishop, Matt; Gates, Carrie; Frincke, Deborah A.; Greitzer, Frank L.

doi:10.1109/ths.2009.5168063

Cited by 9 publications

(16 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other than issues discussed above, there is a likelihood of insider attack that can be a result of many possible reasons based on human complex nature [60]. Carelessness, in protecting passwords, passphrases, or machine's unrestricted access to all may also contribute a lot in security breach [61][62].…”

Section: Other Security Issues In Protogenimentioning

confidence: 99%

Security Issues in ProtoGENI

Shalini¹,

Xiao²,

Sun³

2016

EAI Endorsed Transactions on Industrial Networks and Intelligen

View full text Add to dashboard Cite

Network security consists of primary concerns in future Internet development due to the ever increasing threats to current Internet. ProtoGENI is a federated testbed facility supporting slice-based experiments to manage, utilize, and monitor the resources for innovative network research. Security research in ProtoGENI is crucial because experiments conducted in manipulated or corruptted test environment can mislead about security mechanism's capabilities in a system. In this paper, existing ProtoGENI security mechanisms and functions are tested and analyzed through different experiments to find out the exploitable attacking loopholes. Experiments elaborate the existing functioning and security issues that can cause nonfunctional, semi non-functional or malfunctioned systems. Results indicate threats to ProtoGENI resources and run-time interactions. Cross-experiment communication in Emulab wireless nodes have the capability of assisting in verifying isolation between ProtoGENI slices. Host security is one of the security components, which can be enhanced by modifying default security settings including SSH port number and root login rights. Documentation of experiment environment, experiment design, results, and analysis including many observations is helpful to understand the basic functioning and security issues to improve the overall functioning and security of ProtoGENI.

show abstract

Section: Other Security Issues In Protogenimentioning

confidence: 99%

Security Issues in ProtoGENI

Shalini¹,

Xiao²,

Sun³

2016

EAI Endorsed Transactions on Industrial Networks and Intelligen

View full text Add to dashboard Cite

show abstract

“…Although such tools are still in their infancy, the empirical results show several signs of improvement. For instance, Bishop et al, in [3] introduced an architecture for a tool that attempts to identify certain behavioural changes that may be alarming. Others [15] have suggested the use of Intrusion Detection Systems (IDS) to identify the deviations from "normal" usage patterns by users.…”

Section: Insider Typesmentioning

confidence: 99%

“…Authorisation decisions within these approaches are based on a security policy, that constitutes a set of rules binding access rights to users on the basis of need and assumed unlikelihood of misuse. The main shortcoming of the current policy-based approaches is their use of static criteria to determine a dynamic phenomena: future needs and future users' behaviour 3 .…”

Section: Introductionmentioning

confidence: 99%

“…Second, there are industry surveys suggesting that a significant portion of security incidents are due to authorised users (insiders) [6]. There are several proposals to detect and prevent insider misuse by inferring user's intention through behavioural indicators captured using intrusion detection or computer forensic techniques [15,13,3].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Towards a Game Theoretic Authorisation Model

Salim

Reid

Dulleck

et al. 2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Authorised users (insiders) are behind the majority of security incidents with high financial impacts. Because authorisation is the process of controlling users' access to resources, improving authorisation techniques may mitigate the insider threat. Current approaches to authorisation suffer from the assumption that users will (can) not depart from the expected behaviour implicit in the authorisation policy. In reality however, users can and do depart from the canonical behaviour. This paper argues that the conflict of interest between insiders and authorisation mechanisms is analogous to the subset of problems formally studied in the field of game theory. It proposes a game theoretic authorisation model that can ensure users' potential misuse of a resource is explicitly considered while making an authorisation decision. The resulting authorisation model is dynamic in the sense that its access decisions vary according to the changes in explicit factors that influence the cost of misuse for both the authorisation mechanism and the insider.

show abstract

“…can capture users' online presence as well. Several other researchers identified various psychological factors which have direct implications on insider threat problem [4] [8] [15].…”

mentioning

confidence: 99%

Insider Threat Detection Through Attributed Graph Clustering

Gamachchi

Boztaş

2017

2017 IEEE Trustcom/BigDataSE/Icess

View full text Add to dashboard Cite

While most organizations continue to invest in traditional network defences, a formidable security challenge has been brewing within their own boundaries. Malicious insiders with privileged access in the guise of a trusted source have carried out many attacks causing far reaching damage to financial stability, national security and brand reputation for both public and private sector organizations. Growing exposure and impact of the whistleblower community and concerns about job security with changing organizational dynamics has further aggravated this situation. The unpredictability of malicious attackers, as well as the complexity of malicious actions, necessitates the careful analysis of network, system and user parameters correlated with insider threat problem. Thus it creates a high dimensional, heterogeneous data analysis problem in isolating suspicious users. This research work proposes an insider threat detection framework, which utilizes the attributed graph clustering techniques and outlier ranking mechanism for enterprise users. Empirical results also confirm the effectiveness of the method by achieving the best area under curve value of 0.7648 for the receiver operating characteristic curve. I. IntroductionInsider threat mitigation or finding the enemy hiding within the boundaries of an enterprise network is one of the most critical and complex cybersecurity threats. By looking at the publicly available threat cases [6] and published literature [13] [27] on insider threat, it is evident that the insider threat can no longer be treated as a data driven problem. It needs to be considered as a combination of data and human behavior driven problem. This drives the requirement for going beyond technical capabilities to understand the unpredictable behavior of the trusted insider. Though there is no particular demographic profile for malicious insiders, there are common characteristics among the three broad categories of insider threat, namely IT sabotage, theft of intellectual property and IT fraud.These characteristics are based on the type of people involved, the motivation for the attack, the time span and the level of damage caused by the attack. In addition several researchers, e.g., Berk et al [3] and Massberg et al [20], highlighted the correlation between Capability (Means), Motivation, and Opportunity (CMO/MMO Model) for triggering a malicious insider activity. In addition to disgruntle workplace behavior, users tend to publicize their inside (in-office) experiences online. This includes their interests which have been influenced by positive and negative organizational dynamics. Therefore the insider threat mitigation framework needs to be expanded so that it arXiv:1809.00231v1 [cs.CR] 1 Sep 2018

show abstract

AZALIA: an A to Z assessment of the likelihood of insider attack

Cited by 9 publications

References 11 publications

Security Issues in ProtoGENI

Security Issues in ProtoGENI

Towards a Game Theoretic Authorisation Model

Insider Threat Detection Through Attributed Graph Clustering

Contact Info

Product

Resources

About