Insider Threat Identification by Process Analysis

@article{Bishop2014InsiderTI,
  title={Insider Threat Identification by Process Analysis},
  author={Matt Bishop and Heather M. Conboy and Huong Phan and Borislava I. Simidchieva and George S. Avrunin and Lori A. Clarke and Leon J. Osterweil and Sean Peisert},
  journal={2014 IEEE Security and Privacy Workshops},
  year={2014},
  pages={251-264}
}
The insider threat is one of the most pernicious in computer security. Traditional approaches typically instrument systems with decoys or intrusion detection mechanisms to detect individuals who abuse their privileges (the quintessential "insider"). Such an attack requires that these agents have access to resources or data in order to corrupt or disclose them. In this work, we examine the application of process modeling and subsequent analyses to the insider problem. With process modeling, we… CONTINUE READING