Performance, Computing, and Communications Conference, 2002. 21st IEEE International (2006)
Phoenix, AZ, USA
Apr. 10, 2006 to Apr. 12, 2006
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/.2006.1629440
J.S. Park , Sch. of Inf. Studies, Syracuse Univ., NY, USA
Sensitive organizations such as the intelligence community (IC) have faced increasing challenges of insider threats because insiders are not always friends, but can be significant threats to the corporate assets. Statistically, it is accepted that the cost of insider threats exceeds that of outsider threats. Many security technologies have been invented to prevent threats from outsiders, but they have limited use in countering insiders' abnormal behaviors. Furthermore, individual-based monitoring mechanisms are not scalable for a large enterprise system. Therefore, in this paper, we introduce a scalable and accurate approach with the role-based profile analysis for countering insider threats, focusing on the relationship between insiders and their systems to detect anomalies. Also, we describe our simulation with synthetic data sets of baseline and threat scenarios.
accurate approach, security technology, individual-based monitoring mechanism, scalable anomaly detection, role-based profile analysis
J. Giordano and J. Park, "Role-based profile analysis for scalable and accurate insider-anomaly detection," Performance, Computing, and Communications Conference, 2002. 21st IEEE International(PCC), Phoenix, AZ, USA, 2006, pp. 62.