An Ontology for Insider Threat Indicators: Development and Application
نویسندگان
چکیده
We describe our ongoing development of an insider threat indicator ontology. Our ontology is intended to serve as a standardized expression method for potential indicators of malicious insider activity, as well as a formalization of much of our team’s research on insider threat detection, prevention, and mitigation. This ontology bridges the gap between natural language descriptions of malicious insiders, malicious insider activity, and machine-generated data that analysts and investigators use to detect behavioral and technical observables of insider activity. The ontology provides a mechanism for sharing and testing indicators of insider threat across multiple participants without compromising organization-sensitive data, thereby enhancing the data fusion and information sharing capabilities of the insider threat detection domain. Keywords—ontology; insider threat; data fusion; information sharing
منابع مشابه
An Ontology for Insider Threat Indicators--Development and Applications
We describe our ongoing development of an insider threat indicator ontology. Our ontology is intended to serve as a standardized expression method for potential indicators of malicious insider activity, as well as a formalization of much of our team’s research on insider threat detection, prevention, and mitigation. This ontology bridges the gap between natural language descriptions of maliciou...
متن کاملDeveloping an Ontology for Individual and Organizational Sociotechnical Indicators of Insider Threat Risk
Human behavioral factors are fundamental to understanding, detecting and mitigating insider threats, but to date insufficiently represented in a formal ontology. We report on the design and development of an ontology that emphasizes individual and organizational sociotechnical factors, and incorporates technical indicators from previous work. We compare our ontology with previous research and d...
متن کاملTechnical Report: Creating a Preliminary Cyber Ontology for Insider Threats in the Financial Sector
Insider attack has become a major threat in financial sector and is a very serious and pervasive security problem. Currently, there is no insider threat ontology in this domain and such an ontology is critical to developing countermeasures against insider attacks. In this paper, we create an ontology focusing on insider attacks in the banking domain targeting database systems. We define the tax...
متن کاملTowards a Cyber Ontology for Insider Threats in the Financial Sector
Insider attack has become a major threat in financial sector. Currently, there is no insider threat ontology in this domain and such an ontology is critical to developing countermeasures against insider attacks which are very serious and pervasive security problems. In this paper, we offer a methodology to categorize insider attack suspicions using an ontology we create, which focuses on inside...
متن کاملA Method For Characterizing Sociotechnical Events Related to Insider Threat Sabotage
Analyzing historical cases of insider crimes to identify patterns or specific indicators of attack is a challenging task, particularly when using large volumes of free-text input sources, such as court documents and media reports. In this workshop paper, we offer a new process for processing, or coding, free-text descriptions of insider crimes for future analysis; specifically, we study cases o...
متن کامل