Knowledge Extraction and Management for Insider Threat Mitigation

Qutaibah Althebyan, Brajendra Panda

Abstract

This paper presents a model for insider threat mitigation. While many of the existing insider threat models concentrate on watching insiders’ activities for any misbehavior, we believe that considering the insider himself/herself as a basic entity before looking into his/her activities will be more effective. In this paper, we presented an approach that relies on ontology to extract knowledge from an object. This represents expected knowledge that an insider might gain by accessing that object. We then utilized this information to build a model for insider threat mitigation which ensures that only knowledge units that are related to the insider’s domain of access or his/her assigned tasks will be allowed to be accessed by such insiders.

References

  1. M. Maybury, P. Chase, B. Cheikes, D. Brackne, S. Matzner, T. Hetherington, B. Wood, C. Sibley, J. Marin, T. Longstaff, L. Spitzner, J. Haile, J. Copeland, S. Lewandowski. Analysis and Detection of Malicious Insiders. In Proceedings of the 2005 International Conference on Intelligence Analysis. Sheraton Premiere, McLean, VA. May 2-4.
  2. R. Chinchani, A. Iyer, H. Ngo, S. Upadhayaya. Towards a theory of insider threat assessment. Proceedings of the 2005 International Conference of the Dependable Systems and Networks (DSN 2005). Yokohama, Japan, June 28 - July 01, 2005.
  3. N. Nguyen, P. Reiher, G. Kuenning. Detecting Insider Threats by Monitoring System Call Activity. In Proceedings of the 2003 IEEE Workshop on Information Assurance. United States Military Academy, West Point, NY.
  4. E. Schultz. A framework for understanding and predicting insider attacks. Computers & Security, Vol. 21, p. 526-531, 2002.
  5. I. Ray and N. Poolsappasit. Using Attack Trees to Identify Malicious Attacks from Authorized Insiders. In the Proceedings of the Tenth European Symposium on Research in Computer Security, Milan, Italy, September 2005.
  6. B. Aleman-Meza, P. Burns, M. Eavenson, D. Palaniswami, A. Sheth. An Ontological Approach to the Document Access Problem of Insider Threat. In Proceedings of the IEEE International Conference on Intelligence and Security Informatics, ISI 2005, Atlanta, Georgia, USA, May 19-20, 2005, 486-491.
  7. Q. Althebyan, B. Panda. A Knowledge-Base Model for Insider Threat Prediction. In Proceedings of the 2007 IEEE Workshop on Information Assurance United States Military Academy, West Point, NY 20-22 June 2007.
  8. S. Chakrabarty, M. V. D. Berg, and B. Dom. Focused Crawling: A New Approach to Topic-Specific Web Resource Discovery. Computer Networks, 31(11-16), pp 1623-1640, 1999.
  9. S. Symonenko, et al. Semantic Analysis for Monitoring Insider Threats. IEEE Intelligence and Security Informatics (ISI), 2004.
  10. M. K. Henry, S. Arijit, M. Fox and M. Dalkilic. A Measurement Ontology Generalizable for Emerging Domain Applications. Journal of Database Management (JDM) 18:1, JanMar 2007, pp. 20-42.
  11. M. K. Henry, S. Arijit. Extracting Knowledge from XML Document Repository: A Semantic Web-Based Approach. Journal of Information Technology and Management, Feb 2007.
  12. L. Larsen, M. Harrold. Slicing Object-Oriented Software. In Proceedings of the 18th International Conference in Software Engineering, March 1996.
Download


Paper Citation


in Harvard Style

Althebyan Q. and Panda B. (2008). Knowledge Extraction and Management for Insider Threat Mitigation . In Proceedings of the 6th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2008) ISBN 978-989-8111-44-9, pages 99-110. DOI: 10.5220/0001741800990110


in Bibtex Style

@conference{wosis08,
author={Qutaibah Althebyan and Brajendra Panda},
title={Knowledge Extraction and Management for Insider Threat Mitigation},
booktitle={Proceedings of the 6th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2008)},
year={2008},
pages={99-110},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001741800990110},
isbn={978-989-8111-44-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 6th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2008)
TI - Knowledge Extraction and Management for Insider Threat Mitigation
SN - 978-989-8111-44-9
AU - Althebyan Q.
AU - Panda B.
PY - 2008
SP - 99
EP - 110
DO - 10.5220/0001741800990110