Mitigating Insider Threat and Avoiding Unauthorized Knowledge Acquirement using Acquaintance based Threat Prediction Graph

Security issues are getting more and more critical with the continual use of computers and communication systems. Since data are a vital asset for both individuals and organizations, mechanisms that defend data from interception, modification and invention in such systems have become very serious. One of the major concerns in computer security is the insider threat difficulty. Insider threat is defined as the threat that is reasoned by a malicious insider who has authorized right to use privileges and knowledge of the computer systems of an organization and is encouraged to antagonistically control the organization [1]. Insider threat problem is as important as the problem of outsiders’ intimidation (hackers) due to the excessive harm that it may pose.

[1]  Csilla Farkas,et al.  The Inference Problem and Updates in Relational Databases , 2001, DBSec.

[2]  Yi Hu,et al.  Insider Threat in Database Systems: Preventing Malicious Users' Activities in Databases , 2009, 2009 Sixth International Conference on Information Technology: New Generations.

[3]  B. Panda,et al.  A Knowledge-Base Model for Insider Threat Prediction , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[4]  Karl N. Levitt,et al.  Data level inference detection in database systems , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[5]  Brajendra Panda,et al.  Organizing Access Privileges: Maximizing the Availability and Mitigating the Threat of Insiders' Knowledgebase , 2010, 2010 Fourth International Conference on Network and System Security.

[6]  Tadao Murata,et al.  Petri nets: Properties, analysis and applications , 1989, Proc. IEEE.

[7]  Carrie Gates,et al.  Defining the insider threat , 2008, CSIIRW '08.

[8]  Daniel A. Menascé,et al.  The Insider Threat Security Architecture: A Framework for an Integrated, Inseparable, and Uninterrupted Self-Protection Mechanism , 2009, 2009 International Conference on Computational Science and Engineering.

[9]  Robert H. Anderson,et al.  Understanding the Insider Threat , 2004 .

[10]  Lance Spitzner,et al.  Honeypots: catching the insider threat , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[11]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..