论文信息 - Detecting insider activity using enhanced directory virtualization

Detecting insider activity using enhanced directory virtualization

Insider threats often target authentication and access control systems, which are frequently based on directory services. Detecting these threats is challenging, because malicious users with the technical ability to modify these structures often have sufficient knowledge and expertise to conceal unauthorized activity. The use of directory virtualization to monitor various systems across an enterprise can be a valuable tool for detecting insider activity. The addition of a policy engine to directory virtualization services enhances monitoring capabilities by allowing greater flexibility in analyzing changes for malicious intent. The resulting architecture is a system-based approach, where the relationships and dependencies between data sources and directory services are used to detect an insider threat, rather than simply relying on point solutions. This paper presents such an architecture in detail, including a description of implementation results.

William R. Claycomb | Dongwan Shin | Dongwan Shin | W. Claycomb

[1] Jonathan K. Millen,et al. Covert Channel Capacity , 1987, 1987 IEEE Symposium on Security and Privacy.

[2] Dawn M. Cappelli,et al. Insider Threat Study: Illicit Cyber Activity in the Government Sector , 2008 .

[3] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.

[4] Dawn M. Cappelli,et al. Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors , 2005 .

[5] David Chadwick. Threat Modelling for Active Directory , 2004, Communications and Multimedia Security.

[6] Roger Harrison,et al. Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms , 2006, RFC.

[7] 黄贻彬,et al. Microsoft SQL Server中的星形连接查询优化 , 2011 .

[8] Keven G. Ruby,et al. The Insider Threat to Information Systems , 2022 .

[9] Marlin B. Pohlman. Oracle Virtual Directory , 2008 .

[10] William R. Claycomb,et al. Towards Secure Virtual Directories: A Risk Analysis Framework , 2010, 2010 IEEE 34th Annual Computer Software and Applications Conference.

[11] William R. Claycomb,et al. Threat modeling for virtual directory services , 2009, 43rd Annual 2009 International Carnahan Conference on Security Technology.