Towards a theory of insider threat assessment

被引：58

作者：

Chinchani, R ^{[1
]}

Iyer, A ^{[1
]}

Ngo, HQ ^{[1
]}

Upadhyaya, S ^{[1
]}

机构：

[1] SUNY Buffalo, Buffalo, NY 14260 USA

来源：

2005 INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, PROCEEDINGS | 2005年

关键词：

D O I：

10.1109/DSN.2005.94

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Insider attacks are a well-known problem acknowledged as a threat as early as 1980s. The threat is attributed to legitimate users who abuse their privileges, and given their familiarity and proximity to the computational environment, can easily cause significant damage or losses. Due to the lack of tools and techniques, security analysts do not correctly perceive the threat, and hence consider the attacks as unpreventable. In this paper, we present a theory of insider threat assessment. First, we describe a modeling methodology which captures several aspects of insider threat, and subsequently, show threat assessment methodologies to reveal possible attack strategies of an insider

引用

页码：108 / 117

页数：10

共 50 条

[1] Towards a New Insider Threat Mitigation Framework
Chaipa, Sarathiel
Ketcha Ngassam, Ernest
Singh, Shawren
2023 IST-AFRICA CONFERENCE, IST-AFRICA, 2023,
[2] Caught in the Act of an Insider Attack: Detection and Assessment of Insider Threat
Legg, Philip A.
Buckley, Oliver
Goldsmith, Michael
Creese, Sadie
2015 IEEE INTERNATIONAL SYMPOSIUM ON TECHNOLOGIES FOR HOMELAND SECURITY (HST), 2015,
[3] Towards an insider threat prediction specification language
Network Research Group, School of Computing, Communications and Electronics, University of Plymouth, Plymouth, United Kingdom
不详
Inf Manage Comput Secur, 2006, 4 (361-381):
[4] Towards Reducing the Data Exfiltration Surface for the Insider Threat
Schlicher, Bob G.
MacIntyre, Lawrence P.
Abercrombie, Robert K.
PROCEEDINGS OF THE 49TH ANNUAL HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES (HICSS 2016), 2016, : 2749 - 2758
[5] Insider Threat Likelihood Assessment for Flexible Access Control
Boulares, Sofiene
Adi, Kamel
Logrippo, Luigi
E-TECHNOLOGIES: EMBRACING THE INTERNET OF THINGS, MCETECH 2017, 2017, 289 : 77 - 95
[6] Toward an Ontology for Insider Threat Research: Varieties of Insider Threat Definitions
Mundie, David A.
Perl, Sam
Huth, Carly L.
2013 THIRD WORKSHOP ON SOCIO-TECHNICAL ASPECTS IN SECURITY AND TRUST (STAST 2013), 2013, : 26 - 36
[7] A method for insider threat assessment by modeling the internal employee interactions
Sepehrzadeh, Hamed
INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2023, 22 (05) : 1385 - 1393
[8] A method for insider threat assessment by modeling the internal employee interactions
Hamed Sepehrzadeh
International Journal of Information Security, 2023, 22 : 1385 - 1393
[9] The insider threat ‘zoo’
Renaud K.
Warkentin M.
Computer Fraud and Security, 2024, 2024 (05):
[10] Danger of the insider threat
Infosecurity, 2007, 2 (05)

← 1 2 3 4 5 →