Skip to main content
SpringerLink
Log in

Insider threat mitigation: preventing unauthorized knowledge acquisition

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

This paper investigates insider threat in relational database systems. It discusses the problem of inferring unauthorized information by insiders and proposes methods to prevent such threats. The paper defines various types of dependencies as well as constraints on dependencies that may be used by insiders to infer unauthorized information. It introduces the constraint and dependency graph (CDG) that represents dependencies and constraints. In addition, CDG shows the paths that insiders can follow to acquire unauthorized knowledge. Moreover, the paper presents the knowledge graph (KG) that demonstrates the knowledgebase of an insider and the amount of information that the insider has about data items. To predict and prevent insider threat, the paper defines and uses the threat prediction graph (TPG). A TPG shows the threat prediction value (TPV) of each data item in insiders’ KG, where TPV is used to raise an alert when an insider threat occurs. The paper provides solutions to prevent insider threat without limiting the availability of data items. Algorithms, theorems, proofs and experiments are provided to show the soundness, the completeness and the effectiveness of the proposed approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Brackney, R., Anderson, R.: Understanding the insider threat. In: 2004 workshop, Technical report, RAND Corporation (2004)

  2. Gordon, L., Loeb, M., Lucyshyn, W., Richardson, R.: Computer crime and security survey, http://www.cpppe.umd.edu/Bookstore/Documents/2005CSISurvey.pdf

  3. Yaseen, Q., Panda, B.: Knowledge acquisition and insider threat prediction in relational database systems. In: The International Workshop on Software Security Processes (2009)

  4. Yaseen, Q., Panda, B.: Prediciting and preventing insider threat in relational databases. In: 4th Workshop on Information Security Theory and Practice (2010)

  5. Chagarlamudi, M., Panda, B., Hu, Y.: Insider threat in database systems: preventing malicious users’ activities in databases’. In: 6th International Conference on Information Technology (2009)

  6. RSA: The insider security threat in I.T. and financial services: survey shows employees’ everyday behavior puts sensitive business information at risk. http://www.rsa.com

  7. Tan, L.: Asia worried about insider threat. ZDNet Asia, http://www.zdnetasia.com

  8. Bishop, M., Gates, C.: Defining the insider threat. In: 4th annual workshop on Cyber security and information intelligence research (2008)

  9. Maybury, M., Chase, P., Cheikes, B., Brackney, D., Matznera, S., Hetherington, T., Wood, B., Sibley, C., Marin, J.,Longstaff, T.: Analysis and detection of malicious insiders. In: The International Conference on Intelligence Analysis (2005)

  10. Spitzner, L.: Honeypots: catching the insider threat. In: 19th Annual Computer Security Applications Conference, Washington (2003)

  11. Althebyan, Q., Panda, B.: A knowledge-base model for insider threat prediction’. In: The IEEE Workshop on Information Assurance and Security (2007)

  12. Jabbour, G., Menascë, D.A.: The insider threat security architecture: a framework for an integrated, inseparable, and uninterrupted self-protection mechanism. In: The International Conference on Computational Science and Engineering (2009)

  13. Jabbour, G., Menascë, D.A.: Stopping the insider threat: the case for implementing autonomic defense mechanisms in computing systems. In: The International Conference of Information Security and Privacy (2009)

  14. Farkas, C., Jajodia, S.: The inference problem: a survey. ACM SIGKDD Explorations (2007)

  15. Farkas, C., Toland, T., Eastman, C.: The inference problem and updates in relational databases. In: 15th IFIP WG11.3 Working Conference on Database and Application Security (2001)

  16. Brodsky A., Farkas C., Jajodia S.: Secure databases: constraints, inference channels and monitoring disclosures’. IEEE Trans. Knowl. Data Eng. 12(6), 900–919 (2000)

    Article  Google Scholar 

  17. Yip, R., Levitt, K.: Data level inference detection in database systems’. In: The 11th Computer Security Foundations Workshop (1998)

  18. Yaseen, Q., Panda, B.: Organizing access privileges : maximizing the availability and mitigating the threat of insiders’ knowledgebase’. In: The 4th International Conference on Network and System Security (2010)

  19. Yaseen, Q., Panda, B.: Enhanced insider threat detection model that increases data availability. In: 7th International Conference on Distributed Computing and Internet Technologies (2011)

  20. Murata, T.: Petri nets: properties, analysis and applications. In: Proceedings of the IEEE (1989)

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Computer Engineering, University of Arkansas, Fayetteville, AR, USA

    Qussai Yaseen & Brajendra Panda

Authors
  1. Qussai Yaseen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Brajendra Panda
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qussai Yaseen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Yaseen, Q., Panda, B. Insider threat mitigation: preventing unauthorized knowledge acquisition. Int. J. Inf. Secur. 11, 269–280 (2012). https://doi.org/10.1007/s10207-012-0165-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-012-0165-6

Keywords

Search

Navigation