Detecting Insider Threats by Monitoring System Call Activity

نویسندگان

  • Nam T. Nguyen
  • Peter L. Reiher
  • Geoffrey H. Kuenning
چکیده

One approach to detecting insider misbehavior is to monitor system call activity and watch for danger signs or unusual behavior. We describe an experimental system designed to test this approach. We tested the system’s ability to detect common insider misbehavior by examining file system and process-related system calls. Our results show that this approach can detect many such activities. *

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Inside the Mind of the Insider: Towards Insider Threat Detection Using Psychophysiological Signals

Insider threat is a great challenge for most organizations in today’s digital world. It has received substantial research attention as a significant source of information security threat that could cause more financial losses and damages than any other threats. However, designing an effective monitoring and detection framework is a very challenging task. In this paper, we examine the use of hum...

متن کامل

Insider threats: Detecting and controlling malicious insiders

Malicious insiders are posing unique security challenges to organizations due to their knowledge, capabilities, and authorized access to information systems. Data theft and IT sabotage are two of the most recurring themes among crimes committed by malicious insiders. This paper aims to investigate the scale and scope of malicious insider risks and explore the impact of such threats on business ...

متن کامل

Bait and Snitch: Defending Computer Systems with Decoys

Threats against computer networks continue to multiply, but existing security solutions are persistently unable to keep pace with these challenges. In this paper we present a new paradigm for securing computational resources which we call decoy technology. This technique involves seeding a system with data that appears authentic but is in fact spurious. Attacks can be detected by monitoring thi...

متن کامل

Using Internet Activity Profiling for Insider-threat Detection

The insider-threat problem continues to be a major risk to both public and private sectors, where those people who have privileged knowledge and access choose to abuse this in some way to cause harm towards their organisation. To combat against this, organisations are beginning to invest heavily in deterrence monitoring tools to observe employees’ activity, such as computer access, Internet bro...

متن کامل

Insider Threat Analysis of Case Based System Dynamics

One of the most dangerous security threats today is insider threat, and it is such a much more complex issue. But till now, there is no equivalent to a vulnerability scanner for insider threat. We survey and discuss the history of research on insider threat analysis to know system dynamics is the best method to mitigate insider threat from people, process, and technology. In the paper, we prese...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2003