skip to main content
10.1145/3139923.3139935acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
short-paper

Insider Threat Mitigation Using Moving Target Defense and Deception

Published: 30 October 2017 Publication History

Abstract

The insider threat has been subject of extensive study and many approaches from technical perspective to behavioral perspective and psychological perspective have been proposed to detect or mitigate it. However, it still remains one of the most difficult security issues to combat. In this paper, we propose an ongoing effort on developing a systematic framework to address insider threat challenges by laying a scientific foundation for defensive deception,leveraging moving target defense (MTD), an emerging technique for providing proactive security measurements, and integrating deception and MTD into attribute-based access control (ABAC).

References

[1]
AlgoSec 2014. AlgoSec Survey:State of Network Security 2014. (2014). showURL%"http://www.algosec.com"
[2]
Nikolaj Bjørner and Leonardo de Moura 2009. $Z3^10$: Applications, Enablers, Challenges and Directions Sixth International Workshop on Constraints in Formal Verification Grenoble, France.
[3]
Abdallah Ghourabi, Tarek Abbes, and Adel Bouhoula. 2009. Honeypot router for routing protocols protection. Risks and Security of Internet and Systems (CRiSIS), 2009 Fourth International Conference on. IEEE, 127--130.
[4]
Frank L Greitzer and Deborah A Frincke 2010. Combining traditional cyber security audit data with psychosocial data: towards predictive modeling for insider threat mitigation. Insider Threats in Cyber Security. Springer, 85--113.
[5]
Frank L Greitzer, Lars J Kangas, Christine F Noonan, Angela C Dalton, and Ryan E Hohimer. 2012. Identifying at-risk employees: Modeling psychosocial precursors of potential insider threats. System Science (HICSS), 2012 45th Hawaii International Conference on (2012), 2392--2401.
[6]
Vincent C. Hu, David Ferraiolo, Rick Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, and Karen Scarfone 2014. Guide to Attribute Based Access Control (ABAC) Definition and Considerations. (2014).
[7]
Jeffrey Hunker and Christian W Probst 2011. Insiders and Insider Threats-An Overview of Definitions and Mitigation Techniques. JoWUA, Vol. 2, 1 (2011), 4--27.
[8]
Sushil Jajodia, Anup K. Ghosh, Vipin Swarup, Cliff Wang, and X. Sean Wang 2011. Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats (bibinfoedition1st ed.). Springer Publishing Company, Incorporated.
[9]
Parisa Kaghazgaran and Hassan Takabi 2015. Toward an Insider Threat Detection Framework Using Honey Permissions. Journal of Internet Services and Information Security (JISIS), Vol. 5, 3 (2015), 19--36.
[10]
Ponemon Institute LLC. 2016. Cost of Cyber Crime 2016: Reducing the Risk of Business Innovation. (2016). showURL%https://saas.hpe.com/en-us/marketing/cyber-crime-risk-to-business-innovation
[11]
Leonardo Moura and Nikolaj Bjørner 2009. Formal Methods: Foundations and Applications. Springer-Verlag, Berlin, Heidelberg, Chapter Satisfiability Modulo Theories: An Appetizer, 23--36. https://doi.org/10.1007/978--3--642--10452--7_3
[12]
Younghee Park and Salvatore J Stolfo 2012. Software decoys for insider threat. In Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security. ACM, 93--94.
[13]
Niels Provos et almbox. 2004. A Virtual Honeypot Framework. In USENIX Security Symposium, Vol. Vol. 173.
[14]
M Ben Salem and Salvatore J Stolfo 2009. Masquerade attack detection using a search-behavior modeling approach. Columbia University, Computer Science Department, Technical Report CUCS-027-09 (2009).
[15]
George Silowash, Dawn Cappelli, Andrew Moore, Randall Trzeciak, Timothy J Shimeall, and Lori Flynn 2012. Common sense guide to mitigating insider threats 4th edition. bibinfotypeTechnical Report. bibinfoinstitutionDTIC Document.
[16]
SolarWinds. 2015. SolarWinds Survey Investigates Insider Threats to Federal Cybersecurity. (2015). showURL%http://www.solarwinds.com/company/newsroom/press_releases/threats_to_federal_cybersecurity.aspx
[17]
Marianthi Theoharidou, Spyros Kokolakis, Maria Karyda, and Evangelos Kiountouzis 2005. The insider threat to information systems and the effectiveness of ISO17799. Computers & Security Vol. 24, 6 (2005), 472--484.
[18]
Paul Thompson. 2004. Weak models for insider threat detection. International Society for Optics and Photonics,Defense and Security (2004), 40--48.
[19]
Jim Yuill, Mike Zappe, Dorothy Denning, and Fred Feer. 2004. Honeyfiles: deceptive files for intrusion detection Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC. IEEE, 116--122. endthebibliography

Cited By

View all
  • (2024)BRITD: behavior rhythm insider threat detection with time awareness and user adaptationCybersecurity10.1186/s42400-023-00190-97:1Online publication date: 2-Jan-2024
  • (2024)Towards More Effective Insider Threat Countermeasures: A Survey of Approaches for Addressing Challenges and Limitations2024 IEEE International Systems Conference (SysCon)10.1109/SysCon61195.2024.10553441(1-8)Online publication date: 15-Apr-2024
  • (2021)A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path PredictionSecurity and Communication Networks10.1155/2021/63782182021Online publication date: 1-Jan-2021
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
MIST '17: Proceedings of the 2017 International Workshop on Managing Insider Security Threats
October 2017
108 pages
ISBN:9781450351775
DOI:10.1145/3139923
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2017

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. attribute-based access control
  2. deception
  3. insider threat
  4. moving target defense

Qualifiers

  • Short-paper

Conference

CCS '17
Sponsor:

Acceptance Rates

MIST '17 Paper Acceptance Rate 7 of 18 submissions, 39%;
Overall Acceptance Rate 21 of 54 submissions, 39%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)22
  • Downloads (Last 6 weeks)2
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)BRITD: behavior rhythm insider threat detection with time awareness and user adaptationCybersecurity10.1186/s42400-023-00190-97:1Online publication date: 2-Jan-2024
  • (2024)Towards More Effective Insider Threat Countermeasures: A Survey of Approaches for Addressing Challenges and Limitations2024 IEEE International Systems Conference (SysCon)10.1109/SysCon61195.2024.10553441(1-8)Online publication date: 15-Apr-2024
  • (2021)A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path PredictionSecurity and Communication Networks10.1155/2021/63782182021Online publication date: 1-Jan-2021
  • (2021)A Survey of Defensive Deception: Approaches Using Game Theory and Machine LearningIEEE Communications Surveys & Tutorials10.1109/COMST.2021.310287423:4(2460-2493)Online publication date: Dec-2022

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media