The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - November/December (2009 vol.7)
pp: 14-21
Deanna Caputo , The MITRE Corporation, McLean
Marcus Maloof , Georgetown University, Washington
Gregory Stephens , The MITRE Corporation, McLean
ABSTRACT
Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if access controls are set properly, they don't protect against rogue employees who legitimately need to access sensitive information. Since 2002, researchers at MITRE have investigated methods for detecting insiders who misuse their legitimate access to steal information. A three-year, internally funded research effort developed and evaluated a research prototype of a system called Elicit (Exploit Latent Information to Counter Insider Threats) to help analysts identify insider threats. Work on Elicit prompted a team of engineers and social scientists to experimentally explore how malicious insiders use information differently from a benign baseline group. This article presents results from the research prototype evaluation, discusses preliminary results from the double-blind study of malicious insiders, and offers some essential aspects for detecting insider threats gleaned from these efforts.
INDEX TERMS
computer security, insider threats, computer misuse, Elicit, Exploit Latent Information to Counter Insider Threats, MITRE
CITATION
Deanna Caputo, Marcus Maloof, Gregory Stephens, "Detecting Insider Theft of Trade Secrets", IEEE Security & Privacy, vol.7, no. 6, pp. 14-21, November/December 2009, doi:10.1109/MSP.2009.110
REFERENCES
1. M.M. Blair, "New Ways Needed to Assess New Economy," Los Angeles Times, 13 Nov. 2000, p. B7.
2. R.R. Rantala, Cybercrime against Businesses, 2005, Bureau of Justice Statistics Special Report, Sept. 2008; www.ojp.usdoj.gov/bjs/pub/pdfcb05.pdf.
3. M.A. Maloof and G.D. Stephens, "ELICIT: A System for Detecting Insiders Who Violate Need-to-Know," Recent Advances in Intrusion Detection, LNCS 4637, Springer, 2007, pp. 146–166.
4. D.D. Caputo et al., "An Empirical Approach to Identify Information Misuse by Insiders," Recent Advances in Intrusion Detection, LNCS 5230, Springer, 2008, pp. 402–403.
5. G.G. Christoph et al., "UNICORN: Misuse Detection for UNICOS," Proc. IEEE/ACM Supercomputing 95 Conf. (SC 95), IEEE Press, 1995, p. 56.
6. R. Cathey et al., "Misuse Detection for Information Retrieval Systems," Proc. 12th Int'l Conf. Information and Knowledge Management, ACM Press, 2003, pp. 183–193.
7. M. Maybury et al., "Analysis and Detection of Malicious Insiders," Proc. 2005 Int'l Conf. Intelligence Analysis, MITRE, 2005; https://analysis.mitre.org/proceedings/Final_Papers_Files 280_Camera_Ready_Paper.pdf .
8. G. Gross, "VA Data Loss Could Prompt Federal Privacy Law," Network World, 5 June. 2006; www.networkworld.com/news/2006060506-va-data-loss-could-prompt.html .
9. E. Kowalski, D. Cappelli, and A. Moore, "U.S. Secret Service and CERT/SEI Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector," US Secret Service and CERT Program, Software Engineering Inst., Carnegie Mellon Univ., Jan. 2008.
25 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool