Detecting Insider Threats: Solutions and Trends

Zeadally, Sherali; Yu, Byunggu; Jeong, Dong Hyun; Liang, Lily R.

doi:10.1080/19393555.2011.654318

Cited by 24 publications

(19 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other researchers [49] also conducted an analytical study that compares several proposed solutions to detect and prevent insider threats and their ineffectiveness in real time to subvert insider threat attacks. This study discussed several approaches based on intrusion prevention, system calls, visualization, a data-driven approach, antiindirect exfiltration, a dynamic-system-theory-based approach, and honeynets to combat insider threats.…”

Section: B Insider Threats and Countermeasuresmentioning

confidence: 99%

Exploiting Trust: Stealthy Attacks Through Socioware and Insider Threats

Sood¹,

Zeadally

Bansal³

2017

IEEE Systems Journal

Self Cite

View full text Add to dashboard Cite

Online social networks (OSNs) provide a new dimension to people's lives by giving birth to online societies. OSNs have revolutionized the human experience, but they have also created a platform for attackers to distribute infections and conduct cybercrime. An OSN provides an opportunistic attack platform for cybercriminals through which they can spread infections at a large scale. We describe a category of malware (or attacks) known as socioware that exploits OSN environments for performing unauthorized and nefarious activities. Socioware can be an executable, an extension, an exploit code, etc., that conducts malicious operations in OSNs with serious impact on users. Furthermore, we discuss the socioware taxonomy highlighting the characteristics of socioware to illustrate the design and exploitation tactics of OSN malware. In contrast, insider threats (employees or contractors) are posing a grave threat to organizations, with a motivation to steal critical data and monetize it for financial gains. Insider threats have become a serious concern for many organizations today. We present a complete attack model to demonstrate how an insider threat exploits the online trust and confidentiality by transforming an OSN into a socioware distribution platform that infects other employees' systems. Finally, we discuss security defenses that can be adopted to defend against socioware.

show abstract

Section: B Insider Threats and Countermeasuresmentioning

confidence: 99%

Exploiting Trust: Stealthy Attacks Through Socioware and Insider Threats

Sood¹,

Zeadally

Bansal³

2017

IEEE Systems Journal

Self Cite

View full text Add to dashboard Cite

show abstract

“…Unfortunately, given the complexity of the problem and the human factors involved, many solutions which have been proposed face strict constraints and limitations when it comes to the working environment. (Zeadally, 2012). This is highly contributed by the constant change in technology and also the untamed employee needs which vary from one organization to the other.…”

Section: Understanding the Insider Cyber Security Threatsmentioning

confidence: 99%

Hybrid Insider Cyber Security Threats Mitigation Scheme Using ECC and Behavoural Analysis Methodology

Musili¹

2017

AWCN

View full text Add to dashboard Cite

The last decade has been characterized by many organizations making it their priority to embrace digital technologies in running their services. Cyberspace has hugely dominated how organizations use electronics and the electromagnetic spectrum to manipulate, and exchange data via interconnected systems. Due to cyber space's great dependence on informatics and telecommunications for almost every activity and service, it's extremely catastrophic to ignore the growing phenomenon of cybercrimes and the increasing number of threats to organizations' systems. The threat to enterprises from insider activities is increasing, getting worse and that significant losses are being incurred. ESG research indicates that more than half (54%) of IT and security professionals believe that insider threats are more difficult to detect or even prevent today than they were in 2011 (Jon Oltsik, 2013). While many organizations focus their security efforts on their network border via excellently configured firewall systems, it is actually the insider who perhaps poses the most risk to cyber-security. Even the existence of some personnel can be at stake if the data is leaked. Cyber Security takes many forms and the range and nature of threat is so varied that there just isn't any getting away from the fact that it will require a multi-faceted solution. This paper suggests a hybrid framework aimed at guiding the management in coming up with a near real time mitigation solution that can be used to mitigate (Detecting, Preventing and Responding) the dynamic enigma of insider threats. The framework is based on behavioral variation analysis in conjunction with the use of technical techniques. We tried to change the landscape by adding the technological and behavioral equivalent of security cameras or additional lighting, and see whether the resulting uncertainty will eradicate the risk of attack in the cyber space.

show abstract

“…The insider literature is extensive, although a significant portion [15] focuses on describing specific controls or countermeasures for combating a limited range of insider threat types [9,[16][17][18][19][20][21][22]. Controls for insiders range from physical and technical to behavioural and organisational [1,10].…”

Section: Introductionmentioning

confidence: 99%

A Risk-Based Framework to Inform Prioritisation of Security Investment for Insider Threats

Sektas-Bilusich¹,

Nunes-Vaz²,

Chim³

et al. 2020

IJSSE

View full text Add to dashboard Cite

Threats to information security from inside an organisation are difficult to manage as insiders, by definition, have legitimate access to the organisation's information, consistent with their roles. Impacts of insider threats range from minor information compromise perhaps through carelessness, to catastrophic financial and reputational damage. Security managers are required to continually upgrade security measures to reduce the risk posed by insider threats, however with so many security controls to choose from, finding optimal security solutions based on benefit-cost is challenging. We have developed a risk-based framework called Security-in-Depth (SiD) where residual risk is the metric that assists the security manager to make informed decisions on which security packages contribute more to the organisation's security objectives. We present a case study to illustrate the way our framework is applied, customised to manage a range of insider threats. Uncertainties about the future threat spectrum and the future effectiveness of controls are included in the framework to inform the decisionmaking process.

show abstract

Detecting Insider Threats: Solutions and Trends

Cited by 24 publications

References 21 publications

Exploiting Trust: Stealthy Attacks Through Socioware and Insider Threats

Exploiting Trust: Stealthy Attacks Through Socioware and Insider Threats

Hybrid Insider Cyber Security Threats Mitigation Scheme Using ECC and Behavoural Analysis Methodology

A Risk-Based Framework to Inform Prioritisation of Security Investment for Insider Threats

Contact Info

Product

Resources

About