Detecting insider activity using enhanced directory virtualization

Claycomb, William R.; Shin, Dongwan

doi:10.1145/1866886.1866894

Cited by 8 publications

(5 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Misuse-Based. Aimed at insiders performing data exfiltration resulting into underlying changes to the integrity of directory services, Claycomb and Shin [2010] proposed a combination of policy with monitoring, which leverages the capabilities of directory virtualization. Hanley and Montelibano [2011] demonstrated the utilization of signature alerts in the SPLUNK logging engine for the detection of data exfiltration.…”

Section: Operational Workmentioning

confidence: 99%

Insight into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures

Homoliak,

Toffalini,

Guarnizo

et al. 2018

Preprint

View full text Add to dashboard Cite

Insider threats are one of today's most challenging cybersecurity issues that are not well addressed by commonly employed security solutions. Despite several scientific works published in this domain, we argue that the field can benefit from our proposed structural taxonomy and novel categorization of research that contribute to the organization and disambiguation of insider threat incidents and the defense solutions used against them. The objective of our categorization is to systematize knowledge in insider threat research, while using existing grounded theory method for rigorous literature review. The proposed categorization depicts the workflow among particular categories that include: 1) Incidents and datasets, 2) Analysis of incidents, 3) Simulations, and 4) Defense solutions. Special attention is paid to the definitions and taxonomies of the insider threat; we present a structural taxonomy of insider threat incidents, which is based on existing taxonomies and the 5W1H questions of the information gathering problem. Our survey will enhance researchers' efforts in the domain of insider threat, because it provides: a) a novel structural taxonomy that contributes to orthogonal classification of incidents and defining the scope of defense solutions employed against them, b) an overview on publicly available datasets that can be used to test new detection solutions against other works, c) references of existing case studies and frameworks modeling insiders' behaviors for the purpose of reviewing defense solutions or extending their coverage, and d) a discussion of existing trends and further research directions that can be used for reasoning in the insider threat domain.

show abstract

Section: Operational Workmentioning

confidence: 99%

Insight into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures

Homoliak,

Toffalini,

Guarnizo

et al. 2018

Preprint

View full text Add to dashboard Cite

show abstract

“…Detecting malicious insider activity in virtualization environments is a challenging task, which is further compounded if the insider has administrative access to the virtualization resources [6]. It may be plausible that an administrative user with high expertise in the virtual computing environment can procure the requisite amount of resources from that environment to perform denialof-service (DoS) or man-in-the-middle attacks.…”

Section: Vulnerability Exploitation In Virtual Computing Environmentsmentioning

confidence: 99%

“…It may be plausible that an administrative user with high expertise in the virtual computing environment can procure the requisite amount of resources from that environment to perform denialof-service (DoS) or man-in-the-middle attacks. The administrator user is much more likely to know about detection mechanisms and countermeasures and how to defeat them to compromise, steal, exploit or tamper with the virtual computing environment for personal gain [6]. Therefore, when assessing the robustness of a secure virtual computing environment, these types of threats should also be taken into consideration.…”

Section: Vulnerability Exploitation In Virtual Computing Environmentsmentioning

confidence: 99%

Security Vulnerability Analysis in Virtualized Computing Environments

Brooks¹,

Caicedo²,

Park³

2012

IJICR

View full text Add to dashboard Cite

show abstract

“…Malicious Activities Detection Engine (MADE) [10] has been proposed by Claycomb et al This system focuses on a directory service and monitors changes in the directory. The system alerts administrators when the directory change violates the predefined policies.…”

Section: A Access Controlmentioning

confidence: 99%

Towards Detecting Suspicious Insiders by Triggering Digital Data Sealing

Sasaki

2011

2011 Third International Conference on Intelligent Networking and Collaborative Systems

View full text Add to dashboard Cite

Insider threats, such as information leakages, are big problems in many organizations. They are difficult to detect and control, because insiders such as employees have legitimate rights to access the organization's resources in order to carry out their responsibilities. For this reason, existing security systems such as firewalls, intrusion detection systems, and access control mechanisms are ineffective countermeasures.Therefore, a framework is being developed for detecting suspicious insiders by triggering monitoring and analysis of suspicious actions done to hide digital evidence. This framework first creates an event (called a "trigger") that will impel malicious members to behave suspiciously; for example, deleting digital data that may be evidence of their malicious behavior. In addition, the framework also monitors and analyzes actions by comparing operational logs before/after the trigger.This work is still in progress. Here, a system architecture based on the detection framework and cases in which it is used are described. Also, the effectiveness and the limitations of the proposed framework are discussed.

show abstract

Detecting insider activity using enhanced directory virtualization

Cited by 8 publications

References 3 publications

Insight into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures

Insight into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures

Security Vulnerability Analysis in Virtualized Computing Environments

Towards Detecting Suspicious Insiders by Triggering Digital Data Sealing

Contact Info

Product

Resources

About