Results 1 -
8 of
8
The Trend of the Security Research for the Insider Cyber Threat
- International Journal of Security and Its Applications, (IJSIA
, 2010
"... In this paper, we discuss an insider security which has been one of the biggest issues in the network security. By surveying and analyzing an issue of previous studies, we suggest an effective approach for future research. Approximately 90 % of the information leakage incidents are recently being pe ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
(Show Context)
In this paper, we discuss an insider security which has been one of the biggest issues in the network security. By surveying and analyzing an issue of previous studies, we suggest an effective approach for future research. Approximately 90 % of the information leakage incidents are recently being performed by internal workers. It is coming as a more serious problem than outsider attacks. The information leakage incident makes an organization or a company not only loses information but also gives a hard blow to the image. To prevent economic loss and damage to the image in advance, we need various research and development for effective solution.
INSIDER THREAT DETECTION ON THE WINDOWS OPERATING SYSTEM USING VIRTUAL MACHINE INTROSPECTION
, 2012
"... The views expressed in this thesis are those of the author and do not reflect the official ..."
Abstract
- Add to MetaCart
(Show Context)
The views expressed in this thesis are those of the author and do not reflect the official
A Framework for Avoiding Steganography Usage Over HTTP
"... Steganographic techniques allow users to covertly transmit information, hid-ing the existence of the communication itself. These can be used in several scenarios ranging from evading censorship to discreetly extracting sensitive information from an organization. In this paper, we consider the proble ..."
Abstract
- Add to MetaCart
Steganographic techniques allow users to covertly transmit information, hid-ing the existence of the communication itself. These can be used in several scenarios ranging from evading censorship to discreetly extracting sensitive information from an organization. In this paper, we consider the problem of using steganography through a widely used network protocol (i.e. HTTP). We analyze the steganographic possibilities of HTTP, and propose an ac-tive warden model to eliminate any covert communication channel. Our framework is meant to be useful in many scenarios. It could be employed to ensure that malicious insiders are not able to use steganography to leak information outside an organization. Furthermore, our framework could be used by web servers administrators to ensure that their machines are not being abused, for example, as anonymous steganographic mailboxes. Our experiments show that steganographic contents can generally be successfully eliminated, but that dealing with high payload carriers such as large images may introduce notable delays in the communication process.
Efficient Network-Based Enforcement of Data Access Rights
"... Abstract. Today, databases, especially those serving/connected to the Internet need strong protection against data leakage stemming from misconfiguration, as well as from attacks, such as SQL injection. Other insider and Advanced Persistent Threat (APT) attacks are also increasingly common threats i ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. Today, databases, especially those serving/connected to the Internet need strong protection against data leakage stemming from misconfiguration, as well as from attacks, such as SQL injection. Other insider and Advanced Persistent Threat (APT) attacks are also increasingly common threats in the security landscape. We introduce access control list (ACL)-based policy checking and enforcement system designed specifically to prevent unauthorized (malicious or accidental) exfiltration of database records from real-life large scale systems. At the center of our approach is a trusted small-footprint and lightweight policy checker (e.g., implemented as a router function) that filters all outgoing traffic. We provably guarantee that only authorized data may be sent outside, and to the right recipi-ents. We design and formally prove security of two access control schemes, with dis-tinct security and performance guarantees: one based on authenticated Bloom filters, and one based on either long or short (e.g. 16-bits long) aggregated MAC
Hindering Data Theft with Encrypted Data Trees
"... Data theft is a major threat for modern organizations with potentially large economic consequences. Although these attacks may well originate outside an organization’s information systems, the attacker—or else an insider—must even-tually make contact with the system where the information resides and ..."
Abstract
- Add to MetaCart
(Show Context)
Data theft is a major threat for modern organizations with potentially large economic consequences. Although these attacks may well originate outside an organization’s information systems, the attacker—or else an insider—must even-tually make contact with the system where the information resides and extract it. In this work, we propose a scheme that hinders unauthorized data extraction by modifying the basic file system primitives used to access files. Intuitively, our proposal emulates the chains used to protect valuable items in certain clothing shopping centers, where shoplifting is prevented by forcing the thief to steal the whole rack of items. We achieve this by encrypting sensitive files using nonces (i.e., pseudorandom numbers used only once) as keys. Such nonces are available, also in encrypted form, in other objects of the file system. The system globally resembles a distributed Merkle hash tree, in such a way that getting access to a file requires previous access to a number of other files. This forces any potential attacker to extract not only the targeted sensitive information, but also all the files chained to it that are necessary to compute the associated key. Further-more, our scheme incorporates a probabilistic rekeying mechanism to limit the damage that might be caused by patient extractors. We report experimental results measuring the time overhead introduced by our proposal and compare it with the effort an attacker would need to successfully extract information from the system. Our results show that the scheme increases substantially the effort required by an insider, while the introduced overhead is feasible for standard computing platforms.
Towards Evasive Attacks: Anomaly Detection Resistance Analysis on the Internet
"... ii ..."
(Show Context)
Immunology Inspired Detection of Data Theft from Autonomous Network Activity
"... Engineering and Computing, please click here. ..."
WITHIN CORPORATE NETWORKS
, 2009
"... Notícias sobre documentos sensíveis publicados na Internet são cada vez mais frequentes nos cabeçalhos da imprensa de hoje em dia. Em Outubro de 2009, o Manual de Segurança do Ministério da Defesa do Reino Unido, com 2389 páginas, que descreve a totalidade do protocolo militar do Reino Unido relativ ..."
Abstract
- Add to MetaCart
(Show Context)
Notícias sobre documentos sensíveis publicados na Internet são cada vez mais frequentes nos cabeçalhos da imprensa de hoje em dia. Em Outubro de 2009, o Manual de Segurança do Ministério da Defesa do Reino Unido, com 2389 páginas, que descreve a totalidade do protocolo militar do Reino Unido relativamente a operações e informações de segurança, foi tornado público por acidente. Este é apenas um caso, mas existem exemplos de fugas de informação em praticamente qualquer área, desde a médica à financeira. Estas fugas de informação podem ter consequências sérias para quem seja afectado por elas, como a exposição de segredos de negócio, danos da imagem de marca ou a aplicação de multas el-evadas por parte de entidades reguladoras. Uma fuga de informação pode ter várias causas, sendo uma delas devido a empregados que expõem documentos sensíveis para o exterior da empresa, de forma não intencional. Neste trabalho propomos uma solução capaz de rastrear ficheiros numa rede empresarial e detectar situações que podem levar a que um documento sensível se torne público. Fazemos uso de um agente que é instalado nas máquinas que pretendemos monitorizar, que detecta e regista a utilização de ficheiros em operações potencialmente perigosas, como a cópia
