Issue No. 06 - November/December (2009 vol. 7)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.109
Brian Bowen , Columbia University, New York
Malek Ben Salem , Columbia University, New York City
Shlomo Hershkop , Columbia University, New York
Angelos Keromytis , Columbia University, New York City
Salvatore Stolfo , Columbia University, New York City
Insider attacks—that is, attacks by users with privileged knowledge about a system—are a growing problem for many organizations. To address this threat, the authors propose a design for insider threat detection that combines an array of complementary techniques that aims to detect evasive adversaries. The authors' work-in-progress combines host-based user event monitoring sensors with trap-based decoys and remote network detectors to track and correlate insider activity. They identify several challenges in scaling up, deploying, and validating this architecture in real environments.
insider attacks, network sensors, decoys, host-based sensors
S. Stolfo, A. Keromytis, M. Ben Salem, B. Bowen and S. Hershkop, "Designing Host and Network Sensors to Mitigate the Insider Threat," in IEEE Security & Privacy, vol. 7, no. , pp. 22-29, 2009.