Results 1 -
7 of
7
Bridging the Gap: A Pragmatic Approach to Generating Insider Threat
- Data” Workshop on Research for Insider Threat
, 2013
"... Abstract—The threat of malicious insider activity continues to be of paramount concern in both the public and private sectors. Though there is great interest in advancing the state of the art in predicting and stopping these threats, the difficulty of obtaining suitable data for research, developmen ..."
Abstract
-
Cited by 6 (0 self)
- Add to MetaCart
(Show Context)
Abstract—The threat of malicious insider activity continues to be of paramount concern in both the public and private sectors. Though there is great interest in advancing the state of the art in predicting and stopping these threats, the difficulty of obtaining suitable data for research, development, and testing remains a significant hinderance. We outline the use of synthetic data to enable progress in one research program, while discussing the benefits and limitations of synthetic insider threat data, the meaning of realism in this context, as well as future research directions. I.
TO UNDERSTAND AND PREDICT ERRORS IN SURVEY SYSTEMS
, 2013
"... User modeling is traditionally applied to systems were users have a large degree of control over their goals, the content they view, and the manner in which they navigate through the system. These systems aim to both recommend useful goals to users and to assist them in achieving perceived goals. Sy ..."
Abstract
- Add to MetaCart
User modeling is traditionally applied to systems were users have a large degree of control over their goals, the content they view, and the manner in which they navigate through the system. These systems aim to both recommend useful goals to users and to assist them in achieving perceived goals. Systems such as online or telephone surveys are different in that users have only a singular goal of survey completion, extremely limited control over navigation, and content is restricted to prescribed set of survey tasks; changing the user modeling problem to one in which the best means of assisting users is to identify rare-actions hazardous to their singular goal, by observing
A FRAUD DETECTION USING ONE-TO- MANY DATA LINKAGE OF ONE CLASS CLUSTERING TREE
, 2017
"... ABSTRACT ..."
(Show Context)
Offensive Decoy Technology for Cloud Data Attacks
"... Abstract-Cloud Computing enables multiple users to, share common computing resources, and to access and store their personal and business information. These new paradigms have thrown new data security challenges. The majority of the cloud users are from the internet. The users those who have valid ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract-Cloud Computing enables multiple users to, share common computing resources, and to access and store their personal and business information. These new paradigms have thrown new data security challenges. The majority of the cloud users are from the internet. The users those who have valid credentials on the cloud are called insiders. In the security perspective, all the remote users are to be treated as attackers. The security systems should ensure that the remote user is not an attacker. If a valid user's credentials are stolen by an attacker, the attacker can enter into the cloud as a valid user. Distinguishing the valid user and the attacker (the user, who is doing identity crime), the protection of the real user's sensitive data on the cloud from the attacker (insider data theft attacker) and securing the fog cloud with decoy information technology are the major challenges in the field of cloud computing. The Decoy Information Technology is used for validating whether data access is authorized; in the eventuality of any abnormal information access detection it confuses the attacker with bogus information. Index Terms-Enter key words or phrases in alphabetical order, separated by commas.
S. Sen Sequence-Based Masquerade Detection for Different User Groups RESEARCH ARTICLE Sequence-Based Masquerade Detection for Different User Groups
"... Insider threats are one of the biggest threats that organizations are confronted with today. A masquerader who impersonates another user for his malicious activities has been studied extensively in the literature. The approaches proposed on masquerade detection mainly assume that masquerader behavio ..."
Abstract
- Add to MetaCart
(Show Context)
Insider threats are one of the biggest threats that organizations are confronted with today. A masquerader who impersonates another user for his malicious activities has been studied extensively in the literature. The approaches proposed on masquerade detection mainly assume that masquerader behavior will deviate from the typical behavior of the victim. This research presents a rigorous evaluation of sequence-based approaches based on this assumption. The main idea underlying sequence-based approaches is that users type similar commands, in a similar order, every time to do a specific job and, these similarities could distinguish users from others. Sequence-based approaches in the literature only consider commands typed in a specific order, at all times. In this research, we also take into account typing similar commands in a command sequence, but in an unordered way, in the newly proposed method, MUCS. We compare this new technique with another sequence-based approach called MOCS, and a command-based approach called MC. These techniques are evaluated with varying parameters in order to explore how the order of commands, the variations in a command sequence, and the variety of commands affect masquerade detection. Furthermore, the performance of these methods on different types of users and masqueraders is analyzed. We explore what kind of users are easily distinguishable from others, and what kind of masqueraders are difficult to detect. Copyright c © 2010 John Wiley & Sons, Ltd.
0A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks
"... Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively m ..."
Abstract
- Add to MetaCart
Social engineering is used as an umbrella term for a broad spectrum of computer exploitations that employ a variety of attack vectors and strategies to psychologically manipulate a user. Semantic attacks are the specific type of social engineering attacks that bypass technical defences by actively manipulating object characteristics, such as platform or system applications, to deceive rather than directly attack the user. Commonly observed examples include obfuscated URLs, phishing emails, drive-by downloads, spoofed web-sites and scareware to name a few. This paper presents a taxonomy of semantic attacks, as well as a survey of applicable defences. By contrasting the threat landscape and the associated mitigation techniques in a single comparative matrix, we identify the areas where further research can be particularly beneficial.
An Expectation Maximization Approach to Detecting Compromised Remote Access Accounts
"... We present a method for detecting when a user’s remote ac-cess account has been compromised in such a way that an attacker model can be learned during operations. A Naive Bayes model is built for each user that stores the likelihood for each remote session based on a variety of features avail-able i ..."
Abstract
- Add to MetaCart
We present a method for detecting when a user’s remote ac-cess account has been compromised in such a way that an attacker model can be learned during operations. A Naive Bayes model is built for each user that stores the likelihood for each remote session based on a variety of features avail-able in the access logs. During operation, we leverage Ex-pectation Maximization on new data to update both the user and attacker models, based on the likelihood of the observed session, and perform a model comparison to test for compro-mise. The system scales linearly with the number of users in computation and memory. We present experimental results on a medium-sized enterprise network of over two thousand users, performing “masquerade detection ” in which the activ-ity of one user is discovered within another user’s logs.
