Insider Threat Assessment: Model, Analysis and Tool

Insider threat is typically attributed to legitimate users who maliciously leverage their system privileges, and familiarity and proximity to their computational environment to compromise valuable information or inflict damage. According to the annual CSI/FBI surveys conducted since 1996, internal attacks and insider abuse form a significant portion of reported incidents. The strongest indication yet that insider threat is very real is given by the recent study [2] jointly conducted by CERT and the US Secret Service; the first of its kind, which provides an in-depth insight into the problem in a real-world setting. However, there is no known body of work which addresses this problem effectively. There are several challenges, beginning with understanding the threat.

[1]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[2]  Vijay V. Vazirani,et al.  Approximation Algorithms , 2001, Springer Berlin Heidelberg.

[3]  Cynthia A. Phillips,et al.  Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[4]  Hung Q. Ngo,et al.  Towards a theory of insider threat assessment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[5]  Carsten Lund,et al.  On the hardness of approximating minimization problems , 1994, JACM.

[6]  Hung Q. Ngo,et al.  On the Hardness of Approximating the Min-Hack Problem , 2005, J. Comb. Optim..

[7]  Jacques Stern,et al.  The hardness of approximate optima in lattices, codes, and systems of linear equations , 1993, Proceedings of 1993 IEEE 34th Annual Foundations of Computer Science.

[8]  Michael Howard,et al.  Measuring Relative Attack Surfaces , 2005 .

[9]  Irit Dinur,et al.  On the hardness of approximating label-cover , 2004, Inf. Process. Lett..

[10]  Luca Trevisan,et al.  Structure in Approximation Classes , 1999, Electron. Colloquium Comput. Complex..

[11]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[12]  Richard A. Kemmerer,et al.  Penetration state transition analysis: A rule-based intrusion detection approach , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[13]  Ernst W. Mayr An Algorithm for the General Petri Net Reachability Problem , 1984, SIAM J. Comput..

[14]  Dorit S. Hochbaum,et al.  Approximation Algorithms for NP-Hard Problems , 1996 .

[15]  Ran Raz,et al.  PCP characterizations of NP: towards a polynomially-small error-probability , 1999, STOC '99.

[16]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..

[17]  Janusz Górski,et al.  Formalising Fault Trees , 1995 .

[18]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[19]  Michael Alekhnovich,et al.  Minimum propositional proof length is NP-hard to linearly approximate , 2001, Journal of Symbolic Logic.

[20]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[21]  Catherine A. Meadows,et al.  A representation of protocol attacks for risk assessment , 1996, Network Threats.

[22]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.