Abstract
Capability acquisition graphs (CAGs) provide a powerful framework for modeling insider threats, network attacks and system vulnerabilities. However, CAG-based security modeling systems have yet to be deployed in practice. This paper demonstrates the feasibility of applying CAGs to insider threat analysis. In particular, it describes the design and operation of an information-centric, graphics-oriented tool called ICMAP. ICMAP enables an analyst without any theoretical background to apply CAGs to answer security questions about vulnerabilities and likely attack scenarios, as well as to monitor network nodes. This functionality makes the tool very useful for attack attribution and forensics.
Chapter PDF
Similar content being viewed by others
References
P. Ammann, D. Wijesekera and S. Kaushik, Scalable, graph-based network vulnerability analysis, Proceedings of the Ninth ACM Conference on Computer and Communications Security, pp. 217–224, 2002.
R. Ball, G. Fink and C. North, Home-centric visualization of network traffic for security administration, Proceedings of the ACM Workshop on Visualization and Data Mining for Computer Security, pp. 55–64, 2004.
P. Bradford and N. Hu, A layered approach to insider threat detection and proactive forensics, Proceedings of the Twenty-First Annual Computer Security Applications Conference (Technology Blitz), 2005.
R. Chinchani, D. Ha, A. Iyer, H. Ngo and S. Upadhyaya, On the hardness of approximating the Min-Hack problem, Journal of Combinatorial Optimization, vol. 9(3), pp. 295–311, 2005.
R. Chinchani, A. Iyer, H. Ngo and S. Upadhyaya, Towards a theory of insider threat assessment, Proceedings of the International Conference on Dependable Systems and Networks, pp. 108–117, 2005.
M. Dacier and Y. Deswarte, Privilege graph: An extension to the typed access matrix model, Proceedings of the European Symposium on Research in Computer Security, pp. 319–334, 1994.
M. Jordan (Ed.), Learning in Graphical Models, MIT Press, Cambridge, Massachusetts, 1998.
S. Mauw and M. Oostdijk, Foundations of attack trees, in Information Security and Cryptography (LNCS 3935), D. Won and S. Kim (Eds.), Springer, Berlin-Heidelberg, Germany, pp. 186–198, 2005.
C. Phillips, The network inhibition problem, Proceedings of the Twenty-Fifth Annual ACM Symposium on the Theory of Computing, pp. 776–785, 1993.
C. Phillips and L. Swiler, A graph-based system for network vulnerability analysis, Proceedings of the New Security Paradigms Workshop, pp. 71–79, 1998.
B. Schneier, Attack trees: Modeling security threats, Dr. Dobb’s Journal, December 1999.
O. Sheyner, J. Haines, S. Jha, R. Lippmann and J. Wing, Automated generation and analysis of attack graphs, Proceedings of the IEEE Symposium on Security and Privacy, pp. 273–284, 2002.
L. Swiler, C. Phillips, D. Ellis and S. Chakerian, Computer-attack graph generation tool, Proceedings of the DARPA Information Survivability Conference and Exposition, vol. 2, pp. 307–321, 2001.
S. Teoh, K. Ma and S. Wu, A visual exploration process for the analysis of Internet routing data, Proceedings of the Fourteenth IEEE Visualization Conference, pp. 523–530, 2003.
X. Yin, W. Yurcik, M. Treaster, Y. Li and K. Lakkaraju, Visflowconnect: Netflow visualizations of link relationships for security situational awareness, Proceedings of the ACM Workshop on Visualization and Data Mining for Computer Security, pp. 26–34, 2004.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Ha, D., Upadhyaya, S., Ngo, H., Pramanik, S., Chinchani, R., Mathew, S. (2007). Insider Threat Analysis Using Information-Centric Modeling. In: Craiger, P., Shenoi, S. (eds) Advances in Digital Forensics III. DigitalForensics 2007. IFIP — The International Federation for Information Processing, vol 242. Springer, New York, NY. https://doi.org/10.1007/978-0-387-73742-3_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-73742-3_4
Publisher Name: Springer, New York, NY
Print ISBN: 978-0-387-73741-6
Online ISBN: 978-0-387-73742-3
eBook Packages: Computer ScienceComputer Science (R0)