Insider threat mitigation: preventing unauthorized knowledge acquisition

This paper investigates insider threat in relational database systems. It discusses the problem of inferring unauthorized information by insiders and proposes methods to prevent such threats. The paper defines various types of dependencies as well as constraints on dependencies that may be used by insiders to infer unauthorized information. It introduces the constraint and dependency graph (CDG) that represents dependencies and constraints. In addition, CDG shows the paths that insiders can follow to acquire unauthorized knowledge. Moreover, the paper presents the knowledge graph (KG) that demonstrates the knowledgebase of an insider and the amount of information that the insider has about data items. To predict and prevent insider threat, the paper defines and uses the threat prediction graph (TPG). A TPG shows the threat prediction value (TPV) of each data item in insiders’ KG, where TPV is used to raise an alert when an insider threat occurs. The paper provides solutions to prevent insider threat without limiting the availability of data items. Algorithms, theorems, proofs and experiments are provided to show the soundness, the completeness and the effectiveness of the proposed approaches.

[1]  Jianyi Lin,et al.  Computer crime and security survey , 2002 .

[2]  Sara Matzner,et al.  Analysis and Detection of Malicious Insiders , 2005 .

[3]  Lance Spitzner,et al.  Honeypots: catching the insider threat , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[4]  Brajendra Panda,et al.  Organizing Access Privileges: Maximizing the Availability and Mitigating the Threat of Insiders' Knowledgebase , 2010, 2010 Fourth International Conference on Network and System Security.

[5]  Sushil Jajodia,et al.  The inference problem: a survey , 2002, SKDD.

[6]  Karl N. Levitt,et al.  Data level inference detection in database systems , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[7]  Robert H. Anderson,et al.  Understanding the Insider Threat: Proceedings of a March 2004 Workshop , 2005 .

[8]  Brajendra Panda,et al.  Predicting and Preventing Insider Threat in Relational Database Systems , 2010, WISTP.

[9]  Brajendra Panda,et al.  Knowledge Acquisition and Insider Threat Prediction in Relational Database Systems , 2009, 2009 International Conference on Computational Science and Engineering.

[10]  B. Panda,et al.  A Knowledge-Base Model for Insider Threat Prediction , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[11]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..

[12]  Tadao Murata,et al.  Petri nets: Properties, analysis and applications , 1989, Proc. IEEE.

[13]  Carrie Gates,et al.  Defining the insider threat , 2008, CSIIRW '08.

[14]  Brajendra Panda,et al.  Enhanced Insider Threat Detection Model that Increases Data Availability , 2011, ICDCIT.

[15]  Robert H. Anderson,et al.  Understanding the Insider Threat , 2004 .

[16]  Daniel A. Menascé,et al.  The Insider Threat Security Architecture: A Framework for an Integrated, Inseparable, and Uninterrupted Self-Protection Mechanism , 2009, 2009 International Conference on Computational Science and Engineering.

[17]  Brajendra Panda,et al.  Automatic Identification of Critical Data Items in a Database to Mitigate the Effects of Malicious Insiders , 2009, ICISS.

[18]  Csilla Farkas,et al.  The Inference Problem and Updates in Relational Databases , 2001, DBSec.

[19]  Yi Hu,et al.  Insider Threat in Database Systems: Preventing Malicious Users' Activities in Databases , 2009, 2009 Sixth International Conference on Information Technology: New Generations.