Insider Threat Specification as a Threat Mitigation Technique

Insider threats come in many facets and nuances. This results in two major problems: mining big amounts of data for evidence of an insider attack, and keeping track of different aspects of threats is very cumbersome. To enable techniques that support detection of insider threats as early as possible, one needs mechanisms to automate significant parts of the detection process, and that allow to specify what is meant by insider threat. This chapter describes the Insider Threat Prediction Specification Language (ITPSL), a research effort to address the description of threat factors as a mechanism to mitigate insider threats.

[1]  Maria Papadaki,et al.  Security Vulnerabilities and System Intrusions - The Need for Automatic Response Frameworks , 2001, Conference on Information Security Management & Small Systems Security.

[2]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[3]  W. Caelli,et al.  Information Security Handbook , 1991 .

[4]  Nalin Sharda,et al.  Multimedia Information Networking , 1998 .

[5]  Charles Consel,et al.  From a Program Family to a Domain-Specific Language , 2003, Domain-Specific Program Generation.

[6]  Randall F. Trzeciak,et al.  Common Sense Guide to Prevention and Detection of Insider Threats , 2006 .

[7]  Ian Sommerville,et al.  Software engineering (5th ed.) , 1995 .

[8]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[9]  Matt Bishop,et al.  Live Analysis: Progress and Challenges , 2009, IEEE Security & Privacy.

[10]  Steven Furnell,et al.  Security Vulnerabilities and System Intrusions , 2001 .

[11]  Brian D. Carrier Risks of live digital forensic analysis , 2006, CACM.

[12]  E. Amoroso Intrusion Detection , 1999 .

[13]  Diomidis Spinellis,et al.  Panoptis: Intrusion Detection Using a Domain-Specific Language , 2002, J. Comput. Secur..

[14]  Eugene H. Spafford,et al.  Use of A Taxonomy of Security Faults , 1996 .

[15]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[16]  Robert Ziegler,et al.  Linux Firewalls , 1999 .

[17]  Eric S. Raymond,et al.  The Art of Unix Programming , 2003 .

[18]  R. Power CSI/FBI computer crime and security survey , 2001 .

[19]  William A. Arbaugh,et al.  FATKit: A framework for the extraction and analysis of digital forensic data from volatile system memory , 2006, Digit. Investig..

[20]  Kenneth Brancik,et al.  Insider Computer Fraud: An In-depth Framework for Detecting and Defending against Insider IT Attacks , 2007 .

[21]  Steven Furnell,et al.  A preliminary model of end user sophistication for insider threat prediction in IT systems , 2005, Comput. Secur..

[22]  Frank Adelstein,et al.  Live forensics: diagnosing your system without killing it first , 2006, CACM.

[23]  Shari Lawrence Pfleeger,et al.  Security in Computing, 4th Edition , 2006 .

[24]  Steven Furnell,et al.  Towards an insider threat prediction specification language , 2006, Inf. Manag. Comput. Secur..

[25]  Georgios V. Magklaras,et al.  An Architecture for Insider Misuse Threat Prediction in IT Systems , 2005 .

[26]  Maurice J. Bach The Design of the UNIX Operating System , 1986 .

[27]  John K. Ousterhout,et al.  Scripting: Higher-Level Programming for the 21st Century , 1998, Computer.

[28]  Christian W. Probst,et al.  Countering Insider Threats , 2008 .

[29]  Diomidis Spinellis,et al.  Notable design patterns for domain-specific languages , 2001, J. Syst. Softw..