TY - GEN
T1 - Proactive insider-threat detection
T2 - ICEIS 2009 - 11th International Conference on Enterprise Information Systems
AU - Park, Joon S.
AU - Yim, Jaeho
AU - Hallahan, Jason
PY - 2009
Y1 - 2009
N2 - The primary objective of this research is to mitigate insider threats against sensitive information stored in an organization's computer system, using dynamic forensic mechanisms to detect insiders' malicious activities. Among various types of insider threats, which may break confidentiality, integrity, or availability, this research is focused on the violations of confidentiality with privilege misuse or escalation in sensitive applications. We identify insider-threat scenarios and then describe how to detect each threat scenario by analyzing the primitive user activities, we implement our detection mechanisms by extending the capabilities of existing software packages. Since our approach can proactively detect the insider's malicious behaviors before the malicious action is finished, we can prevent the possible damage proactively. In this particular paper the primary sources for our implementation are from the Windows file system activities, the Windows Registry, the Windows Clipboard system, and printer event logs and reports. However, we believe our approaches for countering insider threats can be also applied to other computing environments.
AB - The primary objective of this research is to mitigate insider threats against sensitive information stored in an organization's computer system, using dynamic forensic mechanisms to detect insiders' malicious activities. Among various types of insider threats, which may break confidentiality, integrity, or availability, this research is focused on the violations of confidentiality with privilege misuse or escalation in sensitive applications. We identify insider-threat scenarios and then describe how to detect each threat scenario by analyzing the primitive user activities, we implement our detection mechanisms by extending the capabilities of existing software packages. Since our approach can proactively detect the insider's malicious behaviors before the malicious action is finished, we can prevent the possible damage proactively. In this particular paper the primary sources for our implementation are from the Windows file system activities, the Windows Registry, the Windows Clipboard system, and printer event logs and reports. However, we believe our approaches for countering insider threats can be also applied to other computing environments.
KW - Insider threats
KW - Monitoring
UR - http://www.scopus.com/inward/record.url?scp=74549207518&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=74549207518&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:74549207518
SN - 9789898111845
T3 - ICEIS 2009 - 11th International Conference on Enterprise Information Systems, Proceedings
SP - 393
EP - 398
BT - ICEIS 2009 - 11th International Conference on Enterprise Information Systems, Proceedings
Y2 - 6 May 2009 through 10 May 2009
ER -