Hemank Lamba
Jürgen Pfeffer
David Garlan
ABSTRACT
Insider threats are a well-known problem, and previous studies have shown that it has a huge impact over a wide range of sectors like financial services, governments, critical infrastructure services and the telecommunications sector. Users, while interacting with any software system, leave a trace of what nodes they accessed and in what sequence. We propose to translate these sequences of observed activities into paths on the graph of the underlying software architectural model. We propose a clustering algorithm to find anomalies in the data, which can be combined with contextual information to confirm as an insider threat.
- I. Cadez, D. Heckerman, C. Meek, P. Smyth, and S. White. Visualization of navigation patterns on a web site using model-based clustering. In Proceedings of ACM SIGKDD, pages 280--284, 2000. Google Scholar
Digital Library
- A. Cummings, T. Lewellen, D. McIntire, A. Moore, and R. Trzeciak. Insider threat study:illicit cyber activity involving fraud in the US financial services sector. Special Report, CERT, Software Engineering Institute, 2012.Google Scholar
- D. Garlan and B. Schmerl. Architecture-driven modelling and analysis. In Proceedings of SCS'06, 2006. Google ScholarDigital Library
- M. Hennig, U. Brandes, J. Pfeffer, and I. Mergel. Studying Social Networks. A Guide to Empirical Research. Campus Verlag, Frankfurt, 2012.Google Scholar
Index Terms
- Detecting insider threats in software systems using graph models of behavioral paths
Recommendations
Detecting Insider Theft of Trade Secrets
Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if ...
Cyber defenses for physical attacks and insider threats in cloud computing
ASIA CCS '14: Proceedings of the 9th ACM symposium on Information, computer and communications securityIn cloud computing, most of the computations and data in the data center do not belong to the cloud provider. This leaves owners of applications and data concerned about cyber and physical attacks which may compromise the confidentiality, integrity or ...
Detecting Insider Threats: A Trust-Aware Framework
ARES '13: Proceedings of the 2013 International Conference on Availability, Reliability and SecurityThe number of insider threats hitting organizations and big enterprises is rapidly growing. Insider threats occur when trusted employees misuse their permissions on organizational assets. Since insider threats know the organization and its processes, ...
Comments