Simulating Malicious Insiders in Real Host-Monitored User Data
نویسندگان
چکیده
Our task is to produce test data for a research program developing a new generation of insider threat detection technologies. Test data is created by injecting fictional malicious activity into a background of real user activity. We rely on fictional narratives to specify threats that simulate realistic social complexity, with “drama as data” as a central organizing metaphor. Test cases are scripted as episodes of a fictional crime series, and compiled into time-series data of fictional characters. Users are selected from background to perform the role of fictional characters that best match their real-world roles and activities. Fictional activity is blended into the activity of real users in the cast. The cast and unmodified background users perform dramas in test windows: performances are test cases. Performances by different casts of users, or by the same cast of users in different test windows, constitute distinct test cases.
منابع مشابه
Data-Driven Model-Based Detection of Malicious Insiders via Physical Access Logs
The risk posed by insider threats has usually been approached by analyzing the behavior of users solely in the cyber domain. In this paper, we show the viability of using physical movement logs, collected via a building access control system, together with an understanding of the layout of the building housing the system’s assets, to detect malicious insider behavior that manifests itself in th...
متن کاملInsider threats: Detecting and controlling malicious insiders
Malicious insiders are posing unique security challenges to organizations due to their knowledge, capabilities, and authorized access to information systems. Data theft and IT sabotage are two of the most recurring themes among crimes committed by malicious insiders. This paper aims to investigate the scale and scope of malicious insider risks and explore the impact of such threats on business ...
متن کاملA Framework for Detecting Insider Threats using Psychological Triggers
Malicious insiders are difficult to detect and prevent, because insiders such as employees have legitimate rights to access organization’s resources in order to carry out their responsibilities. To overcome this problem, we have developed a framework that detects suspicious insiders using a psychological trigger that impels malicious insiders to behave suspiciously. Also, we have proposed an ar...
متن کاملBotRevealer: Behavioral Detection of Botnets based on Botnet Life-cycle
Nowadays, botnets are considered as essential tools for planning serious cyberattacks. Botnets are used to perform various malicious activities such as DDoSattacks and sending spam emails. Different approaches are presented to detectbotnets; however most of them may be ineffective when there are only a fewinfected hosts in monitored network, as they rely on similarity in...
متن کاملDetecting Malicious Insiders in Military Networks
Given that a network is only as strong as its weakest link, a key vulnerability to network centric warfare is the threat from within. This paper summarizes several recent MITRE efforts focused on characterizing and automatically detecting malicious insiders within modern information systems. Malicious insiders (MI) adversely impact an organization’s mission through a range of actions that compr...
متن کامل