ABSTRACT
In this paper, we present an insider attack detection model that is designed to profile traceability links based on document dependencies and calendar-based file usage patterns for detecting insider threats. This model is utilized to detect insiders' malicious activities targeted at tampering the contents of files for various purposes. We apply the concept of traceability links in the software engineering field to this research. Our approach mainly employs document dependency traceability links for constructing insider attack detection model.
- G. Spanoudakis and A. Zisman, Software Traceability: A Roadmap, in Handbook of Software Engineering and Knowledge Engineering, Chang, S. K., Ed. World Scientific Publishing Co, 2005, pp. 395--428.Google Scholar
- Y. Li, P. Ning, X. Wang, and S. Jajodia, Discovering Calendar-based Temporal Association rules, In Proc. of the 8th Int'l Symposium on Temporal Representation and Reasoning, 2001. Google ScholarDigital Library
- E. Cole and S. Ring. Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft, 1 edition. Syngress, December 1, 2005.Google Scholar
Index Terms
- A traceability link mining approach for identifying insider threats
Recommendations
Insider Threats: It's the HUMAN, Stupid!
NCS '19: Proceedings of the Northwest Cybersecurity SymposiumInsider threats refer to threats posed by individuals who intentionally or unintentionally destroy, exfiltrate, or leak sensitive information, or expose their organization to outside attacks. Surveys of organizations in government and industry ...
Detecting Insider Threats: Who Is Winning the Game?
MIST '15: Proceedings of the 7th ACM CCS International Workshop on Managing Insider Security ThreatsPreventing, detecting, and responding to malicious insider activity poses a significant challenge to enterprise and organizational security. Studies continue to show the insider threat problem has not abated, and may be increasing. We could speculate on ...
Comments