PL EN


Preferencje help
Widoczny [Schowaj] Abstrakt
Liczba wyników
Tytuł artykułu

Mining file repository accesses for detecting data exfiltration activities

Treść / Zawartość
Identyfikatory
Warianty tytułu
Języki publikacji
EN
Abstrakty
EN
Studies show that a significant number of employees steal data when changing jobs. Insider attackers who have the authorization to access the best-kept secrets of organizations pose a great challenge for organizational security. Although increasing efforts have been spent on identifying insider attacks, little research concentrates on detecting data exfiltration activities. This paper proposes a model for identifying data exfiltration activities by insiders. It measures the concentration of file repository access data for finding certain suspicious activities. It also uses statistical methods to profile legitimate uses of file repositories by authorized users. By analyzing legitimate file repository access logs, user access profiles are created and can be employed to detect a large set of data exfiltration activities. The effectiveness of the proposed model was tested with file access histories from the subversion logs of the popular open source project KDE.
Słowa kluczowe
Rocznik
Strony
31--41
Opis fizyczny
Bibliogr. 17 poz., rys.
Twórcy
autor
  • Computer Science DepartmentNorthern Kentucky University Highland Heights, KY 41099 USA
autor
  • Computer Science DepartmentNorthern Kentucky University Highland Heights, KY 41099 USA
autor
  • Computer Science DepartmentNorthern Kentucky University Highland Heights, KY 41099 USA
autor
  • Computer Science DepartmentNorthern Kentucky University Highland Heights, KY 41099 USA
  • Department of Mathematics and Statistics Northern Kentucky UniversityHighland Heights, KY 41099
Bibliografia
  • [1] M. Randazzo, M. Keeney, E. Kowalski, D. Cappelli, and A. Moore, Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector, CERT and the National Threat Assessment Center, Aug. 2004.
  • [2] N. Nguyen, P. Reiher, and G. Kuenning, Detecting Insider Threats by Monitoring System Call Activity, In: Proceedings of 2003 IEEE Information Assurance Workshop, 2003.
  • [3] H. Cavusoglu, B. Misra, and S. Raghunathan, Optimal Configuration of Intrusion Detection Systems, In: Proceedings of Second Secure Knowledge Management Workshop, 2006.
  • [4] Y. Liu, C. Corbett, R. Archibald, B, Mukherjee, and D. Ghosal, SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack, In: Proceedings of the 42nd Hawaii International Conference on System Sciences, 2009.
  • [5] J. Colombe and G. Stephens, Statistical Profiling and Visualization for Detection of Malicious Insider Attacks on Computer Networks, In: Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, 2004.
  • [6] S. Lipner, A Comment on the Confinement Problem, In: Proceedings of the Fifth symposium on Operating systems principles, 1975.
  • [7] E. Cole and S. Ring, Insider Threat, Protecting the Enterprise from Sabotage, Spying, and Theft, 1st edition, Syngress, 2005.
  • [8] M. Gandhi, Data Profiling and the Access Path Model, A Step Towards Addressing Insider Misuse in Database Systems, Dissertation, University of California Davis, 2005.
  • [9] R. Chinchani, A. Iyer, H. Ngo, and S. Upadhyaya, Towards a Theory of Insider Threat Assessment, In: Proceedings of International Conference on Dependable Systems and Networks, pp. 108-117, 2005.
  • [10] M. Salem, S. Hershkop, and S. Stolfo, A Survey of Insider Attack Detection Research, Advances in Information Security, volume 39, page 69-90, 2008.
  • [11] I. Martinez-Moyano, E. Rich, S. Conrad, D. Andersen, and T. Stewart, A Behavioral Theory of Insider-threat Risks: A System Dynamics Approach, ACM Transactions on Modeling and Computer Simulation, Volume 18, Issue 2, Page 1-27, April 2008.
  • [12] J. McClave andJames T. McClave (Author), Visit Amazon’s James T. McClave Page, Find all the books, read about the author, and more. See search results for this author, Are you an author? Learn about Author Central, T. Sincich, Statistics (10th edition), Prentice Hall, 2006.
  • [13] R. Scheaffer, W. Mendenhall, and L. Ott, Elementary Survey Sampling(5th edition), Duxbury Press.
  • [14] KDE project, www.kde.org.
  • [15] R. Anderson, T. Bozek, T. Longstaff, W. Meitzler, M. Skroch, and K.Wyk, Research on Mitigating the Insider Threat to Information Systems - #2, In: Proceedings of RAND Corporation Workshop, 2000.
  • [16] Description of the user Account scripty of KDE project: http://developer.kde.org/ documentation/other/whatisscripty.php
  • [17] Statistics Department of International Monetary Fund, Financial Soundness Indicators: Compilation Guide, International Monetary Fund, 2005.
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-84472860-d329-434c-82ab-310b7c3a1c65
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.