论文信息 - Managing Malicious Insider Risk through BANDIT

Managing Malicious Insider Risk through BANDIT

The transition from system-to information-based security has continued steadily over the last 30 years. Correspondingly, it is increasingly not the computer that is at risk, but the information in it. The human operator is ultimately the cornerstone of information security, an integral part of the information infrastructure. We are therefore forced to use techniques and methods that help us understand the role of human actors in the information infrastructure, so that we may make meaningful progress in mitigating insider threat. Malicious versus benign human behavior cannot easily be categorized based on a signature such as conventional virus and intrusion detection approaches. Because the cost of a false positive is high, we must be careful in our classification and subsequent actions. This article outlines our BANDIT (Behavioral Anomaly Detection for Insider Threat) system, using the traditional notion of Motive, Means, and Opportunity, combined with comprehensive behavioral analysis techniques to place each individual on a sliding scale of 'insider risk'. Finally, an insider threat detection cost-benefit analysis, based on classical risk assessment techniques, is presented to quantify how effective the technology has to be for beneficial deployment in a given enterprise.

Vincent H. Berk | George Cybenko | John P. Murphy | Ian D. Gregorio-De Souza

[1] Christian W. Probst,et al. Insiders and Insider Threats - An Overview of Definitions and Mitigation Techniques , 2011, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[2] George Cybenko,et al. HBML: A Language for Quantitative Behavioral Modeling in the Human Terrain , 2009 .

[3] Marcus A. Maloof,et al. Detecting Insider Theft of Trade Secrets , 2009, IEEE Security & Privacy.

[4] Lynn F. Fischer,et al. Ten Tales of Betrayal: The Threat to Corporate Infrastructure by Information Technology Insiders Analysis and Observations , 2005 .

[5] Shari Lawrence Pfleeger,et al. Insiders Behaving Badly: Addressing Bad Actors and Their Actions , 2010, IEEE Transactions on Information Forensics and Security.

[6] Roy H. Campbell,et al. Distributed Security Policy Conformance , 2011, SEC.

[7] Vincent H. Berk,et al. Effectively identifying user profiles in network and host metrics , 2010, Defense + Commercial Sensing.

[8] Marcus A. Maloof,et al. elicit: A System for Detecting Insiders Who Violate Need-to-Know , 2007, RAID.

[9] R. F.,et al. Statistical Method from the Viewpoint of Quality Control , 1940, Nature.

[10] D. Vose. Risk Analysis: A Quantitative Guide , 2000 .