An integrated system for insider threat detection

被引:0
|
作者
Ray, Daniel [1 ]
Bradford, Phillip [1 ]
机构
[1] Univ Alabama, Tuscaloosa, AL 35487 USA
来源
ADVANCES IN DIGITAL FORENSIC III | 2007年 / 242卷
关键词
insider threats; anomaly detection; proactive forensics;
D O I
暂无
中图分类号
TP39 [计算机的应用];
学科分类号
081203 ; 0835 ;
摘要
This paper describes a proof-of-concept system for detecting insider threats. The system measures insider behavior by observing a user's processes and threads, information about user mode and kernel mode time, network interface statistics, etc. The system is built using Microsoft's Windows Management Instrumentation (WMI) implementation of the Web Based Enterprise Management (WBEM) standards. It facilitates the selection and storage of potential digital evidence based on anomalous user behavior with minimal administrative input.
引用
收藏
页码:75 / +
页数:3
相关论文
共 50 条
  • [1] Dynamical System Approach to Insider Threat Detection
    Kanaskar, Nitin
    Bian, Jiang
    Seker, Remzi
    Nijim, Mais
    Yilmazer, Nuri
    2011 IEEE INTERNATIONAL SYSTEMS CONFERENCE (SYSCON 2011), 2011, : 232 - 238
  • [2] Insider Threat Detection: A Review
    Manoharan, Phavithra
    Yin, Jiao
    Wang, Him
    Zhang, Yanchun
    Ye, Wenjie
    2024 INTERNATIONAL CONFERENCE ON NETWORKING AND NETWORK APPLICATIONS, NANA 2024, 2024, : 147 - 153
  • [3] Insider threat detection for specific threat scenarios
    Tian, Tian
    Zhang, Chen
    Jiang, Bo
    Feng, Huamin
    Lu, Zhigang
    CYBERSECURITY, 2025, 8 (01):
  • [4] Insider Threat Detection in PRODIGAL
    Goldberg, Henry G.
    Young, William T.
    Reardon, Matthew G.
    Phillips, Brian J.
    Senator, Ted E.
    PROCEEDINGS OF THE 50TH ANNUAL HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES, 2017, : 2648 - 2657
  • [5] Validating an insider threat detection system: A real scenario perspective
    Agrafiotis, Ioannis
    Erola, Arnau
    Happa, Jassim
    Goldsmith, Michael
    Creese, Sadie
    2016 IEEE SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (SPW 2016), 2016, : 286 - 295
  • [6] Insider Threat Detection using an Artificial Immune system Algorithm
    Igbe, Obinna
    Saadawi, Tarek
    2018 9TH IEEE ANNUAL UBIQUITOUS COMPUTING, ELECTRONICS & MOBILE COMMUNICATION CONFERENCE (UEMCON), 2018, : 297 - 302
  • [7] Insider Threat Event Detection in User-System Interactions
    Moriano, Pablo
    Pendleton, Jared
    Rich, Steven
    Camp, L. Jean
    PROCEEDINGS OF THE 2017 INTERNATIONAL WORKSHOP ON MANAGING INSIDER SECURITY THREATS (MIST'17), 2017, : 1 - 12
  • [8] Business Process Mining based Insider Threat Detection System
    Zhu, Taiming
    Guo, Yuanbo
    Ma, Jun
    Ju, Ankang
    ADVANCES ON P2P, PARALLEL, GRID, CLOUD AND INTERNET COMPUTING, 2017, 1 : 467 - 478
  • [9] A comparison of system call feature representations for insider threat detection
    Liu, A
    Martin, C
    Hetherington, T
    Matzner, S
    PROCEEDINGS FROM THE SIXTH ANNUAL IEEE SYSTEMS, MAN AND CYBERNETICS INFORMATION ASSURANCE WORKSHOP, 2005, : 340 - 347
  • [10] An Integrated Imbalanced Learning and Deep Neural Network Model for Insider Threat Detection
    Al-Mhiqani, Mohammed Nasser
    Isnin, S. N.
    Ahmed, Rabiah
    Abidi, Z. Zainal
    INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2021, 12 (01) : 573 - 577
12345