Mason Archival Repository Service

Modeling Insider Behavior Using Multi-Entity Bayesian Networks

Show simple item record

dc.contributor.author AlGhamdi, Ghazi
dc.contributor.author Laskey, Kathryn B.
dc.contributor.author Wright, Edward J.
dc.contributor.author Barbará, Daniel
dc.contributor.author Chang, K.C.
dc.date.accessioned 2006-03-06T15:01:08Z
dc.date.available 2006-03-06T15:01:08Z
dc.date.issued 2006-03-06T15:01:08Z
dc.identifier.uri https://hdl.handle.net/1920/539
dc.identifier.uri http://ite.gmu.edu/~klaskey/papers/10th_ICCRTS_Paper_271.pdf
dc.description.abstract This paper tackles a key aspect of the information security problem: modeling the behavior of insider threats. The specific problem addressed by this paper is the identification of malicious insider behavior in trusted computing environments. Although most security techniques in intrusion detection systems (IDS’s) focus on protecting the system boundaries from outside attacks, defending against an insider who attempts to misuse privileges is an equally significant problem for network security. It is usually assumed that users who are given access to network resources can be trusted. However, the eighth annual CSI/FBI 2003 report found that insider abuse of network access was the most cited form of attack or abuse. 80% of respondents were concerned about insider abuse, although 92% of the responding organizations employed some form of access control mechanism [7]. Therefore, though insider users are legally granted access to network resources, it is essential to protect against misuse by insiders. This paper presents a scalable model to represent insider behavior. We provide simulation experiments to demonstrate the ability of the model to detect threat behavior. Information security objectives can be accomplished through a layered approach that represents several lines of defense. This approach constitutes one of these lines of defense.
dc.description.sponsorship Work for this paper was performed under funding provided by the Advanced Research and Development Activity (ARDA), under contract NBCHC030059, issued by the Department of the Interior. Additional support was provided by the US Navy en
dc.format.extent 471775 bytes
dc.format.mimetype application/pdf
dc.language.iso en_US en
dc.relation.ispartofseries C4I-05-09 en
dc.subject multi-entity Bayesian networks en_US
dc.subject Bayesian networks en_US
dc.subject information security en_US
dc.subject malicious insider behavior en_US
dc.subject network security en_US
dc.title Modeling Insider Behavior Using Multi-Entity Bayesian Networks en
dc.type Presentation en
dc.type Technical Report en


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search MARS


Browse

My Account

Statistics