TY - GEN
T1 - Role-based profile analysis for scalable and accurate insider-anomaly detection
AU - Park, Joon S.
AU - Giordano, Joseph
PY - 2006
Y1 - 2006
N2 - Sensitive organizations such as the Intelligence Community (IC) have faced increasing challenges of insider threats because insiders are not always friends, but can be significant threats to the corporate assets. Statistically, it is accepted that the cost of insider threats exceeds that of outsider threats. Many security technologies have been invented to prevent threats from outsiders, but they have limited use in countering insiders' abnormal behaviors. Furthermore, individual-based monitoring mechanisms are not scalable for a large enterprise system. Therefore, in this paper, we introduce a scalable and accurate approach with the role-based profile analysis for countering insider threats, focusing on the relationship between insiders and their systems to detect anomalies. Also, we describe our simulation with synthetic data sets of baseline and threat scenarios.
AB - Sensitive organizations such as the Intelligence Community (IC) have faced increasing challenges of insider threats because insiders are not always friends, but can be significant threats to the corporate assets. Statistically, it is accepted that the cost of insider threats exceeds that of outsider threats. Many security technologies have been invented to prevent threats from outsiders, but they have limited use in countering insiders' abnormal behaviors. Furthermore, individual-based monitoring mechanisms are not scalable for a large enterprise system. Therefore, in this paper, we introduce a scalable and accurate approach with the role-based profile analysis for countering insider threats, focusing on the relationship between insiders and their systems to detect anomalies. Also, we describe our simulation with synthetic data sets of baseline and threat scenarios.
UR - http://www.scopus.com/inward/record.url?scp=33751053839&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33751053839&partnerID=8YFLogxK
U2 - 10.1109/.2006.1629440
DO - 10.1109/.2006.1629440
M3 - Conference contribution
AN - SCOPUS:33751053839
SN - 1424401976
SN - 9781424401970
T3 - Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference
SP - 463
EP - 469
BT - 25th IEEE International Performance, Computing, and Communications Conference, 2006, IPCCC 2006
T2 - 25th IEEE International Performance, Computing, and Communications Conference, 2006, IPCCC 2006
Y2 - 10 April 2006 through 12 April 2006
ER -