Insider Threat Analysis Using Information-Centric Modeling
نویسندگان
چکیده
Capability acquisition graphs (CAGs) provide a powerful framework for modeling insider threats, network attacks and system vulnerabilities. However, CAG-based security modeling systems have yet to be deployed in practice. This paper demonstrates the feasibility of applying CAGs to insider threat analysis. In particular, it describes the design and operation of an information-centric, graphics-oriented tool called ICMAP. ICMAP enables an analyst without any theoretical background to apply CAGs to answer security questions about vulnerabilities and likely attack scenarios, as well as to monitor network nodes. This functionality makes the tool very useful for attack attribution and forensics.
منابع مشابه
Towards an insider threat prediction specification language
Purpose This concept paper presents the process of constructing a language tailored to describing insider threat incidents, for the purposes of mitigating threats originating from legitimate users in an IT infrastructure. Various information security surveys indicate that misuse by legitimate (insider) users has serious implications for the health of IT environments. A brief discussion of surve...
متن کاملModeling Human Behavior to Anticipate Insider Attacks
The insider threat ranks among the most pressing cyber-security challenges that threaten government and industry information infrastructures. To date, no systematic methods have been developed that provide a complete and effective approach to prevent data leakage, espionage, and sabotage. Current practice is forensic in nature, relegating to the analyst the bulk of the responsibility to monitor...
متن کاملDeveloping an Ontology for Individual and Organizational Sociotechnical Indicators of Insider Threat Risk
Human behavioral factors are fundamental to understanding, detecting and mitigating insider threats, but to date insufficiently represented in a formal ontology. We report on the design and development of an ontology that emphasizes individual and organizational sociotechnical factors, and incorporates technical indicators from previous work. We compare our ontology with previous research and d...
متن کاملA Data-Centric Approach to Insider Attack Detection in Database Systems
The insider threat against database management systems is a very dangerous and common security problem. Authorized users may compromise database security by abusing legitimate privileges to masquerade as another user or to gather data for malicious purposes. This paper proposes a direction to solve this problem: profiling user database access patterns by looking at exactly what the user accesse...
متن کاملMitigating malicious insider cyber threat
This paper examines malicious insider threat and explains the key differences from other types of insider threat and from external threat actors. A phase based “kill-chain” malicious insider threat model is developed and proposed to help inform selection of mitigation countermeasures which are complementary or incremental to a typically implemented traditional ISO 17799/27002 information securi...
متن کامل