摘要 :
The Insider Threat Security Reference Architecture (ITSRA) provides an enterprise-wide solution to insider threat. The architecture consists of four security layers: Business, Information, Data, and Application. Organizations shou...
展开
The Insider Threat Security Reference Architecture (ITSRA) provides an enterprise-wide solution to insider threat. The architecture consists of four security layers: Business, Information, Data, and Application. Organizations should deploy and enforce controls at each layer to address insider attacks. None of the layers function in isolation or independently of other layers. Rather, the correlation of indicators and application of controls across all four layers form the crux of this approach. Empirical data consisting of more than 700 cases of insider crimes show that insider attacks proved successful in inflicting damage when an organization failed to implement adequate controls in any of three security principles: authorized access, acceptable use, and continuous monitoring. The ITSRA draws from existing best practices and standards as well as from analysis of these cases to provide actionable guidance for organizations to improve their posture against the insider threat.
收起
摘要 :
The principal goal of the Anomaly Detection Engine for Networks (ADEN) was to identify malicious users within a network. We took the word network to broadly refer to corporate and government intranets , as well as networks of user...
展开
The principal goal of the Anomaly Detection Engine for Networks (ADEN) was to identify malicious users within a network. We took the word network to broadly refer to corporate and government intranets , as well as networks of users in online communities such as Wikipedia and Slashdot whose goal is to provide correct information to end users. Malicious users within such online communities also constitute a threat inside those networks. During this project, we worked on 5 different data sets involving insider threat and malicious users. These data sets included a CERT data set, a Vegas data set, a Wikipedia data set, a Slashdot data set, and the BAIT data set that learned behaviors distinguishing real benign users from malicious ones. Because of the varied nature of these data sets, there were different techniques developed. We worked with open source Wikipedia and Slashdot data sets under the initial impression that finding vandals and trolls in such data would be easy. Though this proved to not be the case, we were eventually able to predict vandals on Wikipedia with over 90% accuracy, using a novel mix of network and language analytics. We were also able to significantly improve both the accuracy and run-time of troll detection within Slashdot.
收起