Proactive insider-threat detection: Against confidentiality in sensitive pervasive applications

Joon S. Park, Jaeho Yim, Jason Hallahan

Research output: Chapter in Book/Entry/PoemConference contribution

1 Scopus citations

Abstract

The primary objective of this research is to mitigate insider threats against sensitive information stored in an organization's computer system, using dynamic forensic mechanisms to detect insiders' malicious activities. Among various types of insider threats, which may break confidentiality, integrity, or availability, this research is focused on the violations of confidentiality with privilege misuse or escalation in sensitive applications. We identify insider-threat scenarios and then describe how to detect each threat scenario by analyzing the primitive user activities, we implement our detection mechanisms by extending the capabilities of existing software packages. Since our approach can proactively detect the insider's malicious behaviors before the malicious action is finished, we can prevent the possible damage proactively. In this particular paper the primary sources for our implementation are from the Windows file system activities, the Windows Registry, the Windows Clipboard system, and printer event logs and reports. However, we believe our approaches for countering insider threats can be also applied to other computing environments.

Original languageEnglish (US)
Title of host publicationICEIS 2009 - 11th International Conference on Enterprise Information Systems, Proceedings
Pages393-398
Number of pages6
StatePublished - 2009
EventICEIS 2009 - 11th International Conference on Enterprise Information Systems - Milan, Italy
Duration: May 6 2009May 10 2009

Publication series

NameICEIS 2009 - 11th International Conference on Enterprise Information Systems, Proceedings
VolumeISAS

Other

OtherICEIS 2009 - 11th International Conference on Enterprise Information Systems
Country/TerritoryItaly
CityMilan
Period5/6/095/10/09

Keywords

  • Insider threats
  • Monitoring

ASJC Scopus subject areas

  • Information Systems
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Proactive insider-threat detection: Against confidentiality in sensitive pervasive applications'. Together they form a unique fingerprint.

Cite this