A Scalable Architecture for Countering Network-Centric Insider Threats


Dealing with the insider threat in networked environments poses many challenges. Privileged users have great power over the systems they own in organizations. To mitigate the potential threat posed by insiders, we introduced in previous work a preliminary architecture for the Autonomic Violation Prevention System (AVPS), which is designed to self-protect applications from disgruntled privileged users via the network. This paper extends the architecture of the AVPS so that it can provide scalable protection in production environments. We conducted a series of experiments to asses the performance of the AVPS system on three different application environments: FTP, database, and Web servers. Our experimental results indicate that the AVPS introduces a very low overhead despite the fact that it is deployed in-line. We also developed an analytic queuing model to analyze the scalability of the AVPS framework as a function of the workload intensity. Keywords-insider threat; scalability; network security.

11 Figures and Tables

Cite this paper

@inproceedings{Sibai2011ASA, title={A Scalable Architecture for Countering Network-Centric Insider Threats}, author={Faisal M. Sibai and Daniel A. Menasc{\'e}}, year={2011} }