Justification of a Pattern for Detecting Intellectual Property Theft by Departing Insiders

Moore, Andrew P.; McIntire, David D.; Mundie, David A.; Zubrow, David

doi:10.21236/ada610785

Cited by 6 publications

(3 citation statements)

References 2 publications

(2 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The postcountermeasures look ahead to the notice period of resignation/termination as well as after the insiders leave an organization. Moore et al [71] presented several attacks that are carried out by insiders within a period of 60 days before departure. They stole top-secret information from their organization (e.g., financial reports, business plans, research and development strategies, etc.).…”

Section: Post-countermeasuresmentioning

confidence: 99%

A Multi-Tiered Framework for Insider Threat Prevention

Alsowail

Al-Shehari

2021

Electronics

View full text Add to dashboard Cite

As technologies are rapidly evolving and becoming a crucial part of our lives, security and privacy issues have been increasing significantly. Public and private organizations have highly confidential data, such as bank accounts, military and business secrets, etc. Currently, the competition between organizations is significantly higher than before, which triggers sensitive organizations to spend an excessive volume of their budget to keep their assets secured from potential threats. Insider threats are more dangerous than external ones, as insiders have a legitimate access to their organization’s assets. Thus, previous approaches focused on some individual factors to address insider threat problems (e.g., technical profiling), but a broader integrative perspective is needed. In this paper, we propose a unified framework that incorporates various factors of the insider threat context (technical, psychological, behavioral and cognitive). The framework is based on a multi-tiered approach that encompasses pre, in and post-countermeasures to address insider threats in an all-encompassing perspective. It considers multiple factors that surround the lifespan of insiders’ employment, from the pre-joining of insiders to an organization until after they leave. The framework is utilized on real-world insider threat cases. It is also compared with previous work to highlight how our framework extends and complements the existing frameworks. The real value of our framework is that it brings together the various aspects of insider threat problems based on real-world cases and relevant literature. This can therefore act as a platform for general understanding of insider threat problems, and pave the way to model a holistic insider threat prevention system.

show abstract

Section: Post-countermeasuresmentioning

confidence: 99%

A Multi-Tiered Framework for Insider Threat Prevention

Alsowail

Al-Shehari

2021

Electronics

View full text Add to dashboard Cite

show abstract

“…Since 2001, scientists at the CERT Insider Risk Center have recorded pernicious insider action by looking at media reports and court transcripts and leading meetings with the United States Mystery Administration, casualties' associations, and indicted criminals [10]. Among the more than 700 insider risk cases that we've archived, our investigation has distinguished more than 100 classes of shortcomings in frameworks, procedures, individuals or innovations that permitted insider dangers to happen.…”

Section: Effectiveness Of a Pattern For Preventing Theft By Insidersmentioning

confidence: 99%

User Behaviour Profiling in Cloud using One Class SVM: A Review

Paruchuri¹,

Kumar²,

Sridhar³

et al. 2016

IJSIA

View full text Add to dashboard Cite

Distributed computing guarantees to on a very basic level change the way we utilizePCs and get to and store our own specific and business data. With these new registering and correspondences models develop new data security challenges. Existing information security structures, for instance, encryption have fizzled in imagining information theft strikes, particularly those executed by an insider to the cloud supplier. We propose a substitute methodology for securing information in the cloud utilizing adversarial mimic improvement. We screen data access in the cloud and perceive unpredictable data access outlines. Right when unapproved access is suspected and after that confirmed using test questions, we dispatch a disinformation strike by giving back a considerable measure of fake information to the attacker. This secures against the misuse of the customer's real data. Trials coordinated in a neighbor-hood archive setting give confirmation this technique may give unprecedented levels of customer data security in a Cloud space.

show abstract

“…Current approaches for detecting insiders rely largely on behavioral heuristics based on past insider cases [18]. These approaches fall short in three important ways: (i) they fail to detect novel insider methodologies and attacks; (ii) they fail to detect large-scale data collection within the scope of authorized access permissions; and (iii) they fail to consider forensic traces of information-handling activity in unallocated space.…”

Section: Introductionmentioning

confidence: 99%

Insider Threat Detection Using Time-Series-Based Raw Disk Forensic Analysis

Beebe

Liu

2017

Advances in Digital Forensics XIII

View full text Add to dashboard Cite

This research tests the theory that volitional, malicious computer use based on insider threat activity can be detected via a time-series-based analysis of data and file type forensic artifacts that reside on a raw disk. In other words, statistical profiling of allocated and unallocated space pertaining to the types of files accessed and the data browsed, acquired and processed incident to espionage, intellectual property theft, fraud or organizational computer abuse can help detect insider threats. The t-test approach is used to compare the means of two time windows using the split and sliding window methods along with first-order autoregressive modeling. Empirical testing against the nineteen-day snapshots of the M57-Patents case provides support for all three methods, but the results suggest that the first-order autoregressive modeling method is the most robust. Additionally, the autoregressive modeling approach is likely to generate more intuitive results for an analyst. Ground truth analysis confirms nearly all of the outliers that were detected. While the majority of the outliers were due to benign and easily explainable situations and system contexts and the minority were due to malicious activity, the approach does not yield an inordinate amount of search hits to examine and validate. This research thus provides a new computational approach for locating digital forensic evidence.

show abstract

Justification of a Pattern for Detecting Intellectual Property Theft by Departing Insiders

Cited by 6 publications

References 2 publications

A Multi-Tiered Framework for Insider Threat Prevention

A Multi-Tiered Framework for Insider Threat Prevention

User Behaviour Profiling in Cloud using One Class SVM: A Review

Insider Threat Detection Using Time-Series-Based Raw Disk Forensic Analysis

Contact Info

Product

Resources

About