Classification of Insider Threat Detection Techniques

Most insider attacks done by people who have the knowledge and technical know-how of launching such attacks. This topic has long been studied and many detection techniques were proposed to deal with insider threats. This short paper summarized and classified insider threat detection techniques based on strategies used for detection.

[1]  Ted E. Senator,et al.  Context-Aware Insider Threat Detection , 2013, AAAI 2013.

[2]  Deborah A. Frincke,et al.  A Risk Management Approach to the "Insider Threat" , 2010, Insider Threats in Cyber Security.

[3]  Lawrence B. Holder,et al.  Applying graph-based anomaly detection approaches to the discovery of insider threats , 2009, 2009 IEEE International Conference on Intelligence and Security Informatics.

[4]  Joshua Glasser,et al.  Bridging the Gap: A Pragmatic Approach to Generating Insider Threat Data , 2013, 2013 IEEE Security and Privacy Workshops.

[5]  V. Devita,et al.  We Have Met the Enemy and He Is Us , 2011 .

[6]  Frank L. Lars J. Christine F. Christopher R. Thomas Greitzer,et al.  Psychosocial Modeling of Insider Threat Risk Based on Behavioral and Word Use Analysis , 2013 .

[7]  Hung Q. Ngo,et al.  Towards a theory of insider threat assessment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[8]  Carrie Gates,et al.  Information behaving badly , 2013, NSPW '13.

[9]  Yali Liu,et al.  SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack , 2008, 2009 42nd Hawaii International Conference on System Sciences.

[10]  Hung Q. Ngo,et al.  Insider Threat Analysis Using Information-Centric Modeling , 2007, IFIP Int. Conf. Digital Forensics.

[11]  Deborah A. Frincke,et al.  Combining Traditional Cyber Security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation , 2010, Insider Threats in Cyber Security.

[12]  Colin Armstrong Mapping Social Media Insider Threat Attack Vectors , 2013, 2013 46th Hawaii International Conference on System Sciences.

[13]  George S. Avrunin,et al.  Insider Threat Identification by Process Analysis , 2014, 2014 IEEE Security and Privacy Workshops.

[14]  Sadie Creese,et al.  Understanding Insider Threat: A Framework for Characterising Attacks , 2014, 2014 IEEE Security and Privacy Workshops.

[15]  Oliver Brdiczka,et al.  A Bayesian Network Model for Predicting Insider Threats , 2013, 2013 IEEE Security and Privacy Workshops.

[16]  Katherine L. Herbig,et al.  Espionage against the United States by American citizens, 1947-2001 , 2003 .

[17]  Florian Kammüller,et al.  Combining Generated Data Models with Formal Invalidation for Insider Threat Analysis , 2014, 2014 IEEE Security and Privacy Workshops.

[18]  Decoy Document Deployment for Effective Masquerade Attack Detection , 2011, DIMVA.

[19]  E. Eugene Schultz A framework for understanding and predicting insider attacks , 2002, Comput. Secur..

[20]  Hung Q. Ngo,et al.  Insider abuse comprehension through capability acquisition graphs , 2008, 2008 11th International Conference on Information Fusion.

[21]  Dawn M. Cappelli,et al.  Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors , 2005 .

[22]  Carrie Gates,et al.  Case Studies of an Insider Framework , 2009, 2009 42nd Hawaii International Conference on System Sciences.

[23]  David A. Mundie,et al.  The justification of a pattern for detecting intellectual property theft by departing insiders , 2012 .

[24]  Thomas G. Dietterich,et al.  Detecting insider threats in a real corporate database of computer usage activity , 2013, KDD.

[25]  Matt Bishop,et al.  Dynamic, Flexible, and Optimistic Access Control , 2013 .

[26]  Ning Hu,et al.  Applying role based access control and genetic algorithms to insider threat detection , 2006, ACM-SE 44.

[27]  Steven J. Templeton,et al.  A requires/provides model for computer attacks , 2001, NSPW '00.

[28]  Marcus A. Maloof,et al.  elicit: A System for Detecting Insiders Who Violate Need-to-Know , 2007, RAID.

[29]  Oliver Brdiczka,et al.  Multi-Domain Information Fusion for Insider Threat Detection , 2013, 2013 IEEE Security and Privacy Workshops.

[30]  Frank L. Greitzer,et al.  Methods and Metrics for Evaluating Analytic Insider Threat Tools , 2013, 2013 IEEE Security and Privacy Workshops.

[31]  Ning Hu,et al.  A Layered Approach to Insider Threat Detection and Proactive Forensics , 2005 .

[32]  Geoffrey H. Kuenning,et al.  Detecting insider threats by monitoring system call activity , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[33]  Paul Thompson,et al.  Weak models for insider threat detection , 2004, SPIE Defense + Commercial Sensing.

[34]  Sara Matzner,et al.  Analysis and Detection of Malicious Insiders , 2005 .

[35]  Lance Spitzner,et al.  Honeypots: catching the insider threat , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[36]  A. Liu,et al.  A comparison of system call feature representations for insider threat detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[37]  Frank L. Greitzer,et al.  Identifying At-Risk Employees: Modeling Psychosocial Precursors of Potential Insider Threats , 2012, 2012 45th Hawaii International Conference on System Sciences.

[38]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[39]  James B. D. Joshi,et al.  A trust-and-risk aware RBAC framework: tackling insider threat , 2012, SACMAT '12.

[40]  Malek Ben Salem,et al.  A Survey of Insider Attack Detection Research , 2008, Insider Attack and Cyber Security.

[41]  Dawn M. Cappelli,et al.  Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis , 2006 .

[42]  Frank L. Greitzer,et al.  Predicting Insider Threat Risks through Linguistic Analysis of Electronic Communication , 2013, 2013 46th Hawaii International Conference on System Sciences.

[43]  Salvatore J. Stolfo,et al.  Baiting Inside Attackers Using Decoy Documents , 2009, SecureComm.

[44]  William Eberle,et al.  Insider Threat Detection Using Graph-Based Approaches , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[45]  Salvatore J. Stolfo,et al.  Lost in Translation: Improving Decoy Documents via Automated Translation , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[46]  Dimitris Gritzalis,et al.  An Insider Threat Prediction Model , 2010, TrustBus.

[47]  Joon S. Park,et al.  Role-based profile analysis for scalable and accurate insider-anomaly detection , 2006, 2006 IEEE International Performance Computing and Communications Conference.

[48]  Ted E. Senator,et al.  Detecting Unknown Insider Threat Scenarios , 2014, 2014 IEEE Security and Privacy Workshops.

[49]  Mark D. Guido,et al.  Insider Threat Program Best Practices , 2013, 2013 46th Hawaii International Conference on System Sciences.

[50]  Malek Ben Salem,et al.  Masquerade Attack Detection Using a Search-Behavior Modeling Approach , 2009 .

[51]  Steven Furnell,et al.  Towards an insider threat prediction specification language , 2006, Inf. Manag. Comput. Secur..