IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting and analyzing automated activity on twitter
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Hi-index | 0.00 |
Relying on an access control security policy alone to protect valuable resources is a dangerous practice. Prudent security must engage in other risk management and mitigation techniques to rapidly detect and recover from breaches. In reality, many security policies are either wrong, containing errors, or are misused and abused by malicious employees or compromised accounts; not all granted access is desirable. A popular approach to mitigate against these and other residual threats is to monitor applications to detect misuse and abuse of credentials in near real-time. We will show a platform for monitoring applications and the use of analytic models on diverse datasets for detecting suspicious user activity. Our platform combines traditional data management systems with BigData platforms to efficiently apply analytics across security relevant data (policies, logs, metadata) and provide administrators a dashboard of the current security status of the organization, and the ability to investigate prioritized alerts. One key analytic in the demo is a novel generalization of the role mining problem as applied to access logs and modeling user behavior for anomalies. Other analytics include conventional statistical measures, Gaussian mixture models and clustering, Markov models, and entropic analysis of requests. This demonstration will walk through a prototype system and describe the analytics and underlying architecture.