Abstract
An organization is a combination of vision, technology and employees. The wellbeing of organization is directly associated with the honesty of its workers. However, an organization is also threatened by misuse of information from its agents like former employees, current employees, vendors or business associates. These kinds of threats which are posed from within the organization are known as Insider Threats. Many approaches have been employed to detect the Insider Threats in organizations. One of such approaches is to monitor the system functions to detect possible insiders. These approaches raise unnecessary amount of false positive alarm which is then taken care of with the use of evolutionary algorithms. The solution to this Insider Threat detection requires a lot of configuration before implementation in real world scenarios due to different threshold values in different organizations. Insider Threat detection can be done by means of honeypots sensors in a limited and in satisfactory way. The present research proposes a new technique for detecting insiders using encrypted honeypots. This technique complements the existing insider detection systems and improves its performance in terms of decreasing false positive results.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mallah, G.A., Shaikh, Z.A.: A platform independent approach for mobile agents to monitor Network vulnerabilities. WSEAS Trans. Comput. 4(11), 1672–1677 (2005)
Moore, A.P., Cappelli, D.M., Caron, T., Shaw, E., Trzeciak, R.F.: Insider theft of intellectual property for business advantage: a preliminary model. In: Proceedings of the 1st International Workshop on Managing Insider Security Threats (MIST2009), Purdue University, West Lafayette, USA (2009)
Hayden, M.: The insider threat to US government information systems (No. NSTISSAM-INFOSEC/1-99). National Security Agency/Central Security Service Fort George G Meade Md (1999)
Ahmad, M.B., Akram, A., Asif, M., Ur-Rehman, S.: Using genetic algorithm to minimize false alarms in insider threats detection of information misuse in windows environment. Mathematical Problems in Engineering (2014)
Legg, P.A., Buckley, O., Goldsmith, M., Creese, S.: Automated insider threat detection system using user and role-based profile assessment. IEEE Syst. J. 1–10 (2015)
Bishop, M.: The insider problem revisited. In: Proceedings of the 2005 workshop on New security paradigms, pp. 75–76. ACM (2005)
Grobauer, B., Schreck, T.: Towards incident handling in the cloud: challenges and approaches. In: Proceedings of the 2010 ACM workshop on Cloud computing security workshop, pp. 77–86. ACM (2010)
McKinney, S., Reeves, D.S.: User identification via process profiling. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, p. 51. ACM (2009)
Qiao, H., Peng, J., Feng, C., Rozenblit, J.W.: Behavior analysis-based learning framework for host level intrusion detection. In: 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems (ECBS’07), pp. 441–447. IEEE (2007)
Shavlik, J., Shavlik, M., Fahland, M.: Evaluating software sensors for actively profiling Windows 2000 computer users. In: Fourth International Symposium on Recent Advances in Intrusion Detection (2001)
Spitzner, L.: Honeypots: catching the insider threat. In: Computer Security Applications Conference, 2003. Proceedings. 19th Annual, pp. 170–179. IEEE (2003)
Yu, Y., Chiueh, T.C.: Display-only file server: a solution against information theft due to insider attack. In: Proceedings of the 4th ACM workshop on Digital rights management, pp. 31–39. ACM (2004)
Pramanik, S., Sankaranarayanan, V., Upadhyaya, S.: Security policies to mitigate Insider Threat in the document control domain. In: Computer Security Applications Conference, 2004. 20th Annual, pp. 304–313. IEEE (2004)
Park, J.S., Ho, S.M.: Composite role-based monitoring (CRBM) for countering insider threats. In: International Conference on Intelligence and Security Informatics, pp. 201–213. Springer, Berlin (2004)
Ali, G., Shaikh, N.A., Shaikh, Z.A.: Towards an automated multiagent system to monitor user activities against Insider Threat. In: International Symposium on Biometrics and Security Technologies, 2008. ISBAST 2008, pp. 1–5. IEEE (2008)
Cathey, R., Ma, L., Goharian, N., Grossman, D.: Misuse detection for information retrieval systems. In: Proceedings of the Twelfth International Conference on Information and Knowledge Management, pp. 183–190. ACM (2003)
Ma, L., Goharian, N.: Query length impact on misuse detection in information retrieval systems. In: Proceedings of the 2005 ACM Symposium on Applied Computing, pp. 1070–1075. ACM (2005)
Aleman-Meza, B., Burns, P., Eavenson, M., Palaniswami, D., Sheth, A.: An ontological approach to the document access problem of Insider Threat. In: International Conference on Intelligence and Security Informatics, pp. 486–491. Springer, Berlin (2005)
Liu, A., Martin, C., Hetherington, T., Matzner, S.: A comparison of system call feature representations for insider threat detection. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, pp. 340–347. IEEE (2005)
Anderson, K., Carzaniga, A., Heimbigner, D., Wolf, A.: Event-based document sensing for Insider Threats. University of Colorado, Computer Science Technical Report CUCS-968-04 (2004)
Nguyen, N.T., Reiher, P.L., Kuenning, G.H.: Detecting insider threats by monitoring system call activity. In: IAW, pp. 45–52 (2003)
Ahmad, M.B., Akram, A., Islam, H.: Implementation of a behavior driven methodology for insider threats detection of misuse of information in windows environment. Information 16(11), 8121 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Yamin, M.M., Katt, B., Sattar, K., Ahmad, M.B. (2020). Implementation of Insider Threat Detection System Using Honeypot Based Sensors and Threat Analytics. In: Arai, K., Bhatia, R. (eds) Advances in Information and Communication. FICC 2019. Lecture Notes in Networks and Systems, vol 70. Springer, Cham. https://doi.org/10.1007/978-3-030-12385-7_56
Download citation
DOI: https://doi.org/10.1007/978-3-030-12385-7_56
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12384-0
Online ISBN: 978-3-030-12385-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)