The Community for Technology Leaders
Green Image
Issue No. 06 - November/December (2009 vol. 7)
ISSN: 1540-7993
pp: 22-29
Salvatore Stolfo , Columbia University, New York City
Angelos Keromytis , Columbia University, New York City
Malek Ben Salem , Columbia University, New York City
Brian Bowen , Columbia University, New York
Shlomo Hershkop , Columbia University, New York
Insider attacks—that is, attacks by users with privileged knowledge about a system—are a growing problem for many organizations. To address this threat, the authors propose a design for insider threat detection that combines an array of complementary techniques that aims to detect evasive adversaries. The authors' work-in-progress combines host-based user event monitoring sensors with trap-based decoys and remote network detectors to track and correlate insider activity. They identify several challenges in scaling up, deploying, and validating this architecture in real environments.
insider attacks, network sensors, decoys, host-based sensors
Salvatore Stolfo, Angelos Keromytis, Malek Ben Salem, Brian Bowen, Shlomo Hershkop, "Designing Host and Network Sensors to Mitigate the Insider Threat", IEEE Security & Privacy, vol. 7, no. , pp. 22-29, November/December 2009, doi:10.1109/MSP.2009.109
80 ms
(Ver 3.3 (11022016))