Insider Threat Analysis Using Information-Centric Modeling

Ha, Duc T.; Upadhyaya, Shambhu; Ngo, Hung Q.; Pramanik, Suranjan; Chinchani, Ramkumar; Mathew, Sunu

doi:10.1007/978-0-387-73742-3_4

Cited by 16 publications

(11 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Butts extends the Schematic Protection Model to produce the first comprehensive security model capable of analyzing the safety of a system against the insider threat [13]. Ha et al demonstrate the feasibility of applying capability acquisition graphs to insider threat analysis [14]. Ali et al present an Agent-based User-Profiling model that monitors the behavior of the authorized users in an organization to avoid risk [15].…”

Section: Related Workmentioning

confidence: 99%

System Dynamics Based Insider Threats Modeling

Yang¹,

Wang²

2011

IJNSA

View full text Add to dashboard Cite

show abstract

Section: Related Workmentioning

confidence: 99%

System Dynamics Based Insider Threats Modeling

Yang¹,

Wang²

2011

IJNSA

View full text Add to dashboard Cite

show abstract

“…It means that the credential for a host h1 gives the attacker access to host h2 as well, if these two hosts trust each other. Therefore, the real-life situation that my password gives someone Ha, Chinchani et al [12,7] propose a type of graph which allows not only the modelling but also the simulation of an attacker searching through the graph. Nodes are associated with tokens and edges associated with minimum and maximum costs.…”

Section: Related Workmentioning

confidence: 99%

Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients

Franqueira

Lopes

Eck

2009

Proceedings of the 2009 ACM Symposium on Applied Computing

View full text Add to dashboard Cite

Attackers take advantage of any security breach to penetrate an organisation perimeter and exploit hosts as stepping stones to reach valuable assets, deeper in the network. The exploitation of hosts is possible not only when vulnerabilities in commercial off-the-shelf (COTS) software components are present, but also, for example, when an attacker acquires a credential on one host which allows exploiting further hosts on the network. Finding attacks involving the latter case requires the ability to represent dynamic models. In fact, more dynamic aspects are present in the network domain such as attackers accumulate resources (i.e. credentials) along an attack, and users and assets may move from one environment to another, although always constrained by the ruling of the network. In this paper we address these dynamic issues by presenting MsAMS (Multi-step Attack Modelling and Simulation), an implemented framework, based on Mobile Ambients, to discover attacks in networks. The idea of ambients fits naturally into this domain and has the advantage of providing flexibility for modelling. Additionally, the concept of mobility allows the simulation of attackers exploiting opportunities derived either from the exploitation of vulnerable and non-vulnerable hosts, through the acquisition of credentials. It also allows expressing security policies embedded in the rules of the ambients.

show abstract

“…Chinchani et al [38,87], from Buffalo University, proposed a target-centric approach which allows not only the modelling but also the simulation of an attacker searching through the graph. Nodes are associated with tokens, e.g.…”

Section: Optimization Perspective Of Attack Graphsmentioning

confidence: 99%

“…We neglect this aspect because, in our view, it is attackerspecific and difficult to generalize. Other researchers [87], mentioned in Section 2.2.3.4 on page 34, rely on complicated schemes to assign cost based on several attributes of vulnerabilities, attackers and attacks. Again, they do not scale, are stakeholder-specific and subjective.…”

Section: Cost Of Attack Stepmentioning

confidence: 99%

finding multi-step attacks in computer networks using heuristic search and mobile ambients

Franqueira¹

View full text Add to dashboard Cite

Insider Threat Analysis Using Information-Centric Modeling

Cited by 16 publications

References 12 publications

System Dynamics Based Insider Threats Modeling

System Dynamics Based Insider Threats Modeling

Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients

finding multi-step attacks in computer networks using heuristic search and mobile ambients

Contact Info

Product

Resources

About