Detecting Insider Theft of Trade Secrets

Security&Privacy
2009
Issue No. 6 - November/December
Abstract - Detecting Insider Theft of Trade Secrets

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Deanna Caputo Articles by Marcus Maloof Articles by Gregory Stephens

November/December 2009 (vol. 7 no. 6)

pp. 14-21

	ASCII Text	x
	Deanna Caputo, Marcus Maloof, Gregory Stephens, "Detecting Insider Theft of Trade Secrets," IEEE Security and Privacy, vol. 7, no. 6, pp. 14-21, November/December, 2009.

	BibTex	x
	@article{ 10.1109/MSP.2009.110, author = {Deanna Caputo and Marcus Maloof and Gregory Stephens}, title = {Detecting Insider Theft of Trade Secrets}, journal ={IEEE Security and Privacy}, volume = {7}, number = {6}, issn = {1540-7993}, year = {2009}, pages = {14-21}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2009.110}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security and Privacy TI - Detecting Insider Theft of Trade Secrets IS - 6 SN - 1540-7993 SP14 EP21 EPD - 14-21 A1 - Deanna Caputo, A1 - Marcus Maloof, A1 - Gregory Stephens, PY - 2009 KW - computer security KW - insider threats KW - computer misuse KW - Elicit KW - Exploit Latent Information to Counter Insider Threats KW - MITRE VL - 7 JA - IEEE Security and Privacy ER -

Deanna Caputo, The MITRE Corporation, McLean

Marcus Maloof, Georgetown University, Washington

Gregory Stephens, The MITRE Corporation, McLean

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.110

Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if access controls are set properly, they don't protect against rogue employees who legitimately need to access sensitive information. Since 2002, researchers at MITRE have investigated methods for detecting insiders who misuse their legitimate access to steal information. A three-year, internally funded research effort developed and evaluated a research prototype of a system called Elicit (Exploit Latent Information to Counter Insider Threats) to help analysts identify insider threats. Work on Elicit prompted a team of engineers and social scientists to experimentally explore how malicious insiders use information differently from a benign baseline group. This article presents results from the research prototype evaluation, discusses preliminary results from the double-blind study of malicious insiders, and offers some essential aspects for detecting insider threats gleaned from these efforts.

1. M.M. Blair, "New Ways Needed to Assess New Economy," Los Angeles Times, 13 Nov. 2000, p. B7.
2. R.R. Rantala, Cybercrime against Businesses, 2005, Bureau of Justice Statistics Special Report, Sept. 2008; www.ojp.usdoj.gov/bjs/pub/pdfcb05.pdf.
3. M.A. Maloof and G.D. Stephens, "ELICIT: A System for Detecting Insiders Who Violate Need-to-Know," Recent Advances in Intrusion Detection, LNCS 4637, Springer, 2007, pp. 146–166.
4. D.D. Caputo et al., "An Empirical Approach to Identify Information Misuse by Insiders," Recent Advances in Intrusion Detection, LNCS 5230, Springer, 2008, pp. 402–403.
5. G.G. Christoph et al., "UNICORN: Misuse Detection for UNICOS," Proc. IEEE/ACM Supercomputing 95 Conf. (SC 95), IEEE Press, 1995, p. 56.
6. R. Cathey et al., "Misuse Detection for Information Retrieval Systems," Proc. 12th Int'l Conf. Information and Knowledge Management, ACM Press, 2003, pp. 183–193.
7. M. Maybury et al., "Analysis and Detection of Malicious Insiders," Proc. 2005 Int'l Conf. Intelligence Analysis, MITRE, 2005; https://analysis.mitre.org/proceedings/Final_Papers_Files 280_Camera_Ready_Paper.pdf .
8. G. Gross, "VA Data Loss Could Prompt Federal Privacy Law," Network World, 5 June. 2006; www.networkworld.com/news/2006060506-va-data-loss-could-prompt.html .
9. E. Kowalski, D. Cappelli, and A. Moore, "U.S. Secret Service and CERT/SEI Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector," US Secret Service and CERT Program, Software Engineering Inst., Carnegie Mellon Univ., Jan. 2008.

Index Terms:

computer security, insider threats, computer misuse, Elicit, Exploit Latent Information to Counter Insider Threats, MITRE

Citation:

Deanna Caputo, Marcus Maloof, Gregory Stephens, "Detecting Insider Theft of Trade Secrets," IEEE Security and Privacy, vol. 7, no. 6, pp. 14-21, Nov./Dec. 2009, doi:10.1109/MSP.2009.110

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.