Design of Intrusion Detection System Preventing Insider Attack

Recent reports show that the loss from the malicious intrusion by insiders is more serious than by outsiders. Despite that the various attacks are occurred by insiders and outsiders, most work has been focused on the intrusion detection against outsider attacks. In this paper, we improve the Wang et al.’s insider predection model [15] and propose the combined model with access control for the efficient insider intrusion detection. We delegate the role of insider intrusion detection to users that reduces the malicious trial of insiders and the overhead on the centralized intrusion detection system. We also define the separated access privilege that requires insiders to find the witness for accessing the information. We show that the combination of the concept of access control enables more practical deployment of insider intrusion detection system.

[1]  Amit P. Sheth,et al.  An Ontological Approach to the Document Access Problem of Insider Threat , 2005, ISI.

[2]  Sara Matzner,et al.  Analysis and Detection of Malicious Insiders , 2005 .

[3]  曹元大,et al.  Generating IDS Attack Pattern Automatically Based on Attack Tree , 2003 .

[4]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[5]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[6]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[7]  Kwangjo Kim,et al.  Yet Another Intrusion Detection System against Insider Attacks , 2008 .

[8]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[9]  Jeannette M. Wing Attack graph generation and analysis , 2006, ASIACCS '06.

[10]  Shufen Liu,et al.  A Prediction Model of Insider Threat Based on Multi-agent , 2006, 2006 First International Symposium on Pervasive Computing and Applications.

[11]  R. Power CSI/FBI computer crime and security survey , 2001 .

[12]  Shambhu Upadhyaya,et al.  Target-Centric Formal Model For Insider Threat And More , 2004 .

[13]  B. Panda,et al.  A Knowledge-Base Model for Insider Threat Prediction , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[14]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[15]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..