The Community for Technology Leaders
Green Image
Issue No. 06 - November/December (2009 vol. 7)
ISSN: 1540-7993
pp: 22-29
Brian Bowen , Columbia University, New York
Malek Ben Salem , Columbia University, New York City
Shlomo Hershkop , Columbia University, New York
Angelos Keromytis , Columbia University, New York City
Salvatore Stolfo , Columbia University, New York City
ABSTRACT
Insider attacks—that is, attacks by users with privileged knowledge about a system—are a growing problem for many organizations. To address this threat, the authors propose a design for insider threat detection that combines an array of complementary techniques that aims to detect evasive adversaries. The authors' work-in-progress combines host-based user event monitoring sensors with trap-based decoys and remote network detectors to track and correlate insider activity. They identify several challenges in scaling up, deploying, and validating this architecture in real environments.
INDEX TERMS
insider attacks, network sensors, decoys, host-based sensors
CITATION

S. Stolfo, A. Keromytis, M. Ben Salem, B. Bowen and S. Hershkop, "Designing Host and Network Sensors to Mitigate the Insider Threat," in IEEE Security & Privacy, vol. 7, no. , pp. 22-29, 2009.
doi:10.1109/MSP.2009.109
95 ms
(Ver 3.3 (11022016))