IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Classification and detection of computer intrusions
Classification and detection of computer intrusions
IBM Journal of Research and Development
Role-based differentiation for insider detection algorithms
Proceedings of the 2010 ACM workshop on Insider threats
MalPEFinder: fast and retrospective assessment of data breaches in malware attacks
Security and Communication Networks
Detection of anomalies from user profiles generated from system logs
AISC '11 Proceedings of the Ninth Australasian Information Security Conference - Volume 116
| Hi-index | 0.00 |
Early detection of employees' improper access to sensitive or valuable data is critical to limiting negative financial impacts to an organization, including regulatory penalties for misuse of customer data that results from these insider attacks. Implementing a system for detecting insider attacks is a technical challenge that also involves business-process changes and decision making that prioritizes the value of enterprise data. This paper focuses primarily on the techniques for detecting insider attacks, but also discusses the processes required to implement a solution. In particular, we describe a behavior-anomaly-based system for detecting insider attacks. The system uses peer-group profiling, composite feature modeling, and real-time statistical data mining. The analytical models are refined and used to update the real-time monitoring process. This continues in a cyclical manner as the system self-tunes. Finally, we describe an implementation of this detection approach in the form of the IBM Identity Risk and Investigation Solution (IRIS).