Skip to main content
SpringerLink
Log in

Implementation of Insider Threat Detection System Using Honeypot Based Sensors and Threat Analytics

  • Conference paper
  • First Online:
Advances in Information and Communication (FICC 2019)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 70))

Included in the following conference series:

Abstract

An organization is a combination of vision, technology and employees. The wellbeing of organization is directly associated with the honesty of its workers. However, an organization is also threatened by misuse of information from its agents like former employees, current employees, vendors or business associates. These kinds of threats which are posed from within the organization are known as Insider Threats. Many approaches have been employed to detect the Insider Threats in organizations. One of such approaches is to monitor the system functions to detect possible insiders. These approaches raise unnecessary amount of false positive alarm which is then taken care of with the use of evolutionary algorithms. The solution to this Insider Threat detection requires a lot of configuration before implementation in real world scenarios due to different threshold values in different organizations. Insider Threat detection can be done by means of honeypots sensors in a limited and in satisfactory way. The present research proposes a new technique for detecting insiders using encrypted honeypots. This technique complements the existing insider detection systems and improves its performance in terms of decreasing false positive results.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mallah, G.A., Shaikh, Z.A.: A platform independent approach for mobile agents to monitor Network vulnerabilities. WSEAS Trans. Comput. 4(11), 1672–1677 (2005)

    Google Scholar 

  2. Moore, A.P., Cappelli, D.M., Caron, T., Shaw, E., Trzeciak, R.F.: Insider theft of intellectual property for business advantage: a preliminary model. In: Proceedings of the 1st International Workshop on Managing Insider Security Threats (MIST2009), Purdue University, West Lafayette, USA (2009)

    Google Scholar 

  3. Hayden, M.: The insider threat to US government information systems (No. NSTISSAM-INFOSEC/1-99). National Security Agency/Central Security Service Fort George G Meade Md (1999)

    Google Scholar 

  4. Ahmad, M.B., Akram, A., Asif, M., Ur-Rehman, S.: Using genetic algorithm to minimize false alarms in insider threats detection of information misuse in windows environment. Mathematical Problems in Engineering (2014)

    Google Scholar 

  5. Legg, P.A., Buckley, O., Goldsmith, M., Creese, S.: Automated insider threat detection system using user and role-based profile assessment. IEEE Syst. J. 1–10 (2015)

    Google Scholar 

  6. Bishop, M.: The insider problem revisited. In: Proceedings of the 2005 workshop on New security paradigms, pp. 75–76. ACM (2005)

    Google Scholar 

  7. Grobauer, B., Schreck, T.: Towards incident handling in the cloud: challenges and approaches. In: Proceedings of the 2010 ACM workshop on Cloud computing security workshop, pp. 77–86. ACM (2010)

    Google Scholar 

  8. McKinney, S., Reeves, D.S.: User identification via process profiling. In: Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, p. 51. ACM (2009)

    Google Scholar 

  9. Qiao, H., Peng, J., Feng, C., Rozenblit, J.W.: Behavior analysis-based learning framework for host level intrusion detection. In: 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems (ECBS’07), pp. 441–447. IEEE (2007)

    Google Scholar 

  10. Shavlik, J., Shavlik, M., Fahland, M.: Evaluating software sensors for actively profiling Windows 2000 computer users. In: Fourth International Symposium on Recent Advances in Intrusion Detection (2001)

    Google Scholar 

  11. Spitzner, L.: Honeypots: catching the insider threat. In: Computer Security Applications Conference, 2003. Proceedings. 19th Annual, pp. 170–179. IEEE (2003)

    Google Scholar 

  12. Yu, Y., Chiueh, T.C.: Display-only file server: a solution against information theft due to insider attack. In: Proceedings of the 4th ACM workshop on Digital rights management, pp. 31–39. ACM (2004)

    Google Scholar 

  13. Pramanik, S., Sankaranarayanan, V., Upadhyaya, S.: Security policies to mitigate Insider Threat in the document control domain. In: Computer Security Applications Conference, 2004. 20th Annual, pp. 304–313. IEEE (2004)

    Google Scholar 

  14. Park, J.S., Ho, S.M.: Composite role-based monitoring (CRBM) for countering insider threats. In: International Conference on Intelligence and Security Informatics, pp. 201–213. Springer, Berlin (2004)

    Chapter  Google Scholar 

  15. Ali, G., Shaikh, N.A., Shaikh, Z.A.: Towards an automated multiagent system to monitor user activities against Insider Threat. In: International Symposium on Biometrics and Security Technologies, 2008. ISBAST 2008, pp. 1–5. IEEE (2008)

    Google Scholar 

  16. Cathey, R., Ma, L., Goharian, N., Grossman, D.: Misuse detection for information retrieval systems. In: Proceedings of the Twelfth International Conference on Information and Knowledge Management, pp. 183–190. ACM (2003)

    Google Scholar 

  17. Ma, L., Goharian, N.: Query length impact on misuse detection in information retrieval systems. In: Proceedings of the 2005 ACM Symposium on Applied Computing, pp. 1070–1075. ACM (2005)

    Google Scholar 

  18. Aleman-Meza, B., Burns, P., Eavenson, M., Palaniswami, D., Sheth, A.: An ontological approach to the document access problem of Insider Threat. In: International Conference on Intelligence and Security Informatics, pp. 486–491. Springer, Berlin (2005)

    Chapter  Google Scholar 

  19. Liu, A., Martin, C., Hetherington, T., Matzner, S.: A comparison of system call feature representations for insider threat detection. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, pp. 340–347. IEEE (2005)

    Google Scholar 

  20. Anderson, K., Carzaniga, A., Heimbigner, D., Wolf, A.: Event-based document sensing for Insider Threats. University of Colorado, Computer Science Technical Report CUCS-968-04 (2004)

    Google Scholar 

  21. Nguyen, N.T., Reiher, P.L., Kuenning, G.H.: Detecting insider threats by monitoring system call activity. In: IAW, pp. 45–52 (2003)

    Google Scholar 

  22. Ahmad, M.B., Akram, A., Islam, H.: Implementation of a behavior driven methodology for insider threats detection of misuse of information in windows environment. Information 16(11), 8121 (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Norwegian University of Science and Technology, Gjovik, Norway

    Muhammad Mudassar Yamin & Basel Katt

  2. University of Arid Agriculture Rawalpindi, Rawalpindi, Pakistan

    Kashif Sattar

  3. PAF KIET Karachi, Karachi, Pakistan

    Maaz Bin Ahmad

Authors
  1. Muhammad Mudassar Yamin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Basel Katt
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kashif Sattar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Maaz Bin Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Muhammad Mudassar Yamin .

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

  2. The Science and Information (SAI) Organization, Bradford, UK

    Rahul Bhatia

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yamin, M.M., Katt, B., Sattar, K., Ahmad, M.B. (2020). Implementation of Insider Threat Detection System Using Honeypot Based Sensors and Threat Analytics. In: Arai, K., Bhatia, R. (eds) Advances in Information and Communication. FICC 2019. Lecture Notes in Networks and Systems, vol 70. Springer, Cham. https://doi.org/10.1007/978-3-030-12385-7_56

Download citation

Publish with us

Policies and ethics

Search

Navigation