Snoop: an expressive event specification language for active databases
Data & Knowledge Engineering
Practical Intrusion Detection Handbook
Practical Intrusion Detection Handbook
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
Towards informatic analysis of syslogs
CLUSTER '04 Proceedings of the 2004 IEEE International Conference on Cluster Computing
Time series modeling for IDS alert management
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
A behavioral theory of insider-threat risks: A system dynamics approach
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Composite event detection as a generic middleware extension
IEEE Network: The Magazine of Global Internetworking
Journal of Network and Systems Management
Bot detection evasion: a case study on local-host alert correlation bot detection methods
Security and Communication Networks
| Hi-index | 0.00 |
Malicious insiders represent one of the most difficult categories of threats an organization must consider when mitigating operational risk. Insiders by definition possess elevated privileges; have knowledge about control measures; and may be able to bypass security measures designed to prevent, detect, or react to unauthorized access. In this paper, we discuss our initial research efforts focused on the detection of malicious insiders who exploit internal organizational web servers. The objective of the research is to apply lessons learned in network monitoring domains and enterprise log management to investigate various approaches for detecting insider threat activities using standardized tools and a common event expression framework.