Detecting Insider Threats by Monitoring System Call Activity
نویسندگان
چکیده
One approach to detecting insider misbehavior is to monitor system call activity and watch for danger signs or unusual behavior. We describe an experimental system designed to test this approach. We tested the system’s ability to detect common insider misbehavior by examining file system and process-related system calls. Our results show that this approach can detect many such activities. *
منابع مشابه
Inside the Mind of the Insider: Towards Insider Threat Detection Using Psychophysiological Signals
Insider threat is a great challenge for most organizations in today’s digital world. It has received substantial research attention as a significant source of information security threat that could cause more financial losses and damages than any other threats. However, designing an effective monitoring and detection framework is a very challenging task. In this paper, we examine the use of hum...
متن کاملInsider threats: Detecting and controlling malicious insiders
Malicious insiders are posing unique security challenges to organizations due to their knowledge, capabilities, and authorized access to information systems. Data theft and IT sabotage are two of the most recurring themes among crimes committed by malicious insiders. This paper aims to investigate the scale and scope of malicious insider risks and explore the impact of such threats on business ...
متن کاملBait and Snitch: Defending Computer Systems with Decoys
Threats against computer networks continue to multiply, but existing security solutions are persistently unable to keep pace with these challenges. In this paper we present a new paradigm for securing computational resources which we call decoy technology. This technique involves seeding a system with data that appears authentic but is in fact spurious. Attacks can be detected by monitoring thi...
متن کاملUsing Internet Activity Profiling for Insider-threat Detection
The insider-threat problem continues to be a major risk to both public and private sectors, where those people who have privileged knowledge and access choose to abuse this in some way to cause harm towards their organisation. To combat against this, organisations are beginning to invest heavily in deterrence monitoring tools to observe employees’ activity, such as computer access, Internet bro...
متن کاملInsider Threat Analysis of Case Based System Dynamics
One of the most dangerous security threats today is insider threat, and it is such a much more complex issue. But till now, there is no equivalent to a vulnerability scanner for insider threat. We survey and discuss the history of research on insider threat analysis to know system dynamics is the best method to mitigate insider threat from people, process, and technology. In the paper, we prese...
متن کامل