Modeling of Insider Threat using Enterprise Automaton

被引:0
|
作者
Roy, Puloma [1 ]
Mazumdar, Chandan [1 ]
机构
[1] Jadavpur Univ, Ctr Distributed Comp, Kolkata, India
来源
PROCEEDINGS OF 2018 FIFTH INTERNATIONAL CONFERENCE ON EMERGING APPLICATIONS OF INFORMATION TECHNOLOGY (EAIT) | 2018年
关键词
Enterprise process; Insider; Insider Threat; Insider Attacker;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Substantial portions of attacks on the security of enterprises are perpetrated by Insiders having authorized privileges. Thus insider threat and attack detection is an important aspect of Security management. In the published literature, efforts are on to model the insider threats based on the behavioral traits of employees. The psycho-social behaviors are hard to encode in the software systems. Also, in some cases, there are privacy issues involved. In this paper, the human and non-human agents in a system are described in a novel unified model. The enterprise is described as an automaton and its states are classified secure, safe, unsafe and compromised. The insider agents and threats are modeled on the basis of the automaton and the model is validated using a case study.
引用
收藏
页数:4
相关论文
共 50 条
  • [1] Insider threat analysis using information-centric modeling
    Ha, D.
    Upadhyaya, S.
    Ngo, H.
    Pramanik, S.
    Chinchani, R.
    Mathew, S.
    ADVANCES IN DIGITAL FORENSIC III, 2007, 242 : 55 - +
  • [2] Modeling the emergence of insider threat vulnerabilities
    Martinez-Moyano, Ignacio J.
    Rich, Eliot H.
    Conrad, Stephen H.
    Andersen, David F.
    PROCEEDINGS OF THE 2006 WINTER SIMULATION CONFERENCE, VOLS 1-5, 2006, : 562 - +
  • [3] AGENT IMPLEMENTATION FOR MODELING INSIDER THREAT
    Sokolowski, John A.
    Banks, Catherine M.
    2015 WINTER SIMULATION CONFERENCE (WSC), 2015, : 266 - 275
  • [4] Enterprise Level Security: Insider Threat Counter-Claims
    Simpson, William R.
    Foltz, Kevin E.
    WORLD CONGRESS ON ENGINEERING AND COMPUTER SCIENCE, WCECS 2017, VOL I, 2017, : 112 - 117
  • [5] Practical management of malicious insider threat - An enterprise CSIRT perspective
    Walker, Terrence
    Information Security Technical Report, 2008, 13 (04): : 225 - 234
  • [6] Probabilistic Modeling of Insider Threat Detection Systems
    Ruttenberg, Brian
    Blumstein, Dave
    Druce, Jeff
    Howard, Michael
    Reed, Fred
    Wilfong, Leslie
    Lister, Crystal
    Gaskin, Steve
    Foley, Meaghan
    Scofield, Dan
    GRAPHICAL MODELS FOR SECURITY, 2018, 10744 : 91 - 98
  • [7] Modeling Insider Threat Types in Cyber Organizations
    Santos, Eunice E.
    Santos, Eugene, Jr.
    Korah, John
    Thompson, Jeremy E.
    Murugappan, Vairavan
    Subramanian, Suresh
    Zhao, Yan
    2017 IEEE INTERNATIONAL SYMPOSIUM ON TECHNOLOGIES FOR HOMELAND SECURITY (HST), 2017,
  • [8] A study of insider threat in nuclear security analysis using game theoretic modeling
    Kim, Kyo-Nam
    Yim, Man-Sung
    Schneider, Erich
    ANNALS OF NUCLEAR ENERGY, 2017, 108 : 301 - 309
  • [9] External Insider Threat: a Real Security Challenge in Enterprise Value Webs
    Franqueira, Virginia N. L.
    van Cleeff, Andre
    van Eck, Pascal
    Wieringa, Roel
    FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS, 2010, : 446 - 453
  • [10] Reflecting on the Ability of Enterprise Security Policy to Address Accidental Insider Threat
    Buckley, Oliver
    Nurse, Jason R. C.
    Legg, Philip A.
    Goldsmith, Michael
    Creese, Sadie
    2014 4TH WORKSHOP ON SOCIO-TECHNICAL ASPECTS IN SECURITY AND TRUST (STAST 2014), 2014, : 8 - 15
12345