A methodology and supporting techniques for the quantitative assessment of insider threats
Proceedings of the 2nd International Workshop on Dependability Issues in Cloud Computing
| Hi-index | 0.00 |
Many consider insider attacks to be more severe than outsider attacks because of the nature of these attacks that involve people who have knowledge of their own organization. According to several studies and statistics, between 61% and 80% of computer crimes are being performed by trusted insiders of organizations. Many techniques exist for defending against outsider attacks. However, not much work has been presented for defending insider attacks and threats. Although several techniques have been proposed to defend against insider threats, the authors of these techniques and models follow an approach that concentrates on tracking insiders' activities rather than concentrating on the insiders themselves.This research concentrates on modeling and analyzing the insider threat problem. In order to solve the above-mentioned problem, we considered the insider as our basic entity that should be dealt with before looking into his/her activities. We found that one of the main factors that distinguishes an insider from the outsider is the amount of knowledge he/she accumulates through his/her privileges and accesses of the resources of the system. Hence, we use the insider's accumulated knowledge to build several models for insider threat prediction, prevention, mitigation and evaluation. The prediction model utilizes graph theory approaches, which can give alarms of increasing risks, which might lead to compromises of systems resources. The prevention algorithm tries to prevent possible compromises by insiders before they take place. The mitigation and evaluation model tries to detect, evaluate, and mitigate the underlying system considering the fact that one or more of the systems' resources have been compromised.Using these models, many novel techniques have been presented. Several novel graphs have been also offered, namely, knowledge graphs (KGs), dependency graphs (DGs), and knowledge Bayesian attack graphs (KBAGs). Several simulation experiments have been conducted to prove our models and to measure the performance and accuracy of our proposed work.