Abstract
Insider threats come in many facets and nuances. This results in two major problems: mining big amounts of data for evidence of an insider attack, and keeping track of different aspects of threats is very cumbersome. To enable techniques that support detection of insider threats as early as possible, one needs mechanisms to automate significant parts of the detection process, and that allow to specify what is meant by insider threat. This chapter describes the Insider Threat Prediction Specification Language (ITPSL), a research effort to address the description of threat factors as a mechanism to mitigate insider threats.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Accessdata inc. web portal, available at http://www.accessdata.com, last accessed in march 2010.
Adelstein, F.: Live forensics: diagnosing your system without killing it first. Communications of the ACM 49(2), 63-66 (2006). DOI http://doi.acm.org/10.1145/1113034.1113070.
Amoroso, E.G.: Intrusion detection: an introduction to Internet surveillance, correlation, traps, trace back, and response, 1st ed edn. Intrusion.Net Books, Sparta, NJ (1999)
Bach, M.J.: The design of the UNIX operating system. Prentice-Hall, Inc., Upper Saddle River, NJ, USA (1986)
Bishop, M., Gollmann, D., Hunker, J., Probst, C.: Countering insider threats. In: Dagstuhl Seminar 08302, Dagstuhl Seminar Proceedings, p. 18 pp. Leibnitz Center for Informatics (2008)
Brancik, K.: Insider Computer Fraud; An Indepth Framework for Detecting and Defending Against Insider IT Attacks. Auerbach Publications, Boston, MA, USA (2007)
Caelli, W., Longley, D., Shain, M.: Information Security Handbook. Stockton Press (1991)
Cappelli, D., Moore, A., Shimeall, T., R., T.: Common sense guide to prevention and detection of insider threats. Tech. rep., Common Sense Guide to Prevention and Detection of Insider Threats (2006). Available at http://www.cert.org/archive/pdf/ CommonSenseInsiderThreatsV2.1-1-070118.pdf, last accessed March 2010.
Carrier, B.D.: Risks of live digital forensic analysis. Communications of the ACM 49(2), 56-61 (2006)
The common intrusion detection framework (CIDF). Available at http://gost.isi. edu/cidf, last accessed in March 2010.
Consel, C.: From a program family to a domain-specific language. In: Domain-Specific Program Generation, International Seminar, Dagstuhl Castle, Germany, March 23-28, 2003, pp. 19-29 (2003)
Doyle, J.: Some representational limitations of the common intrusion specification language. Tech. rep., Laboratory for Computer Science, Massachusets Institute for Technology, Cambridge MA (1999)
Feiertag, R., Kahn, C., Porras, P., Schnackenberg, D., Staniford-Chen, S., Tung, B.: A Common Intrusion Specification Language (CISL) (1999). Available from http://gost.isi.edu/cidf/drafts/language.txt, last accessed in March 2010.
Frykholm, N.: Countermeasures against buffer overflow attacks. Tech. rep., RSA Laboratories (2000)
Furnell, S., Magklaras, G., Papadaki, M., Dowland, P.: A generic taxonomy forintrusion specification and response. In: Proceedings of Euromedia 2001, pp. 125-131 (2001)
Furnell, S., Papadaki, M., Magklaras, G., Alayed, A.: Security vulnerabilities and system intrusions - the need for automatic response frameworks. In: Proceedings of the IFIP TC11 WG11.1/WG11.2 Eigth Annual Working Conference on Advances in Information Security anagement & Small Systems Security, pp. 87-98. Kluwer, B.V., Deventer, The Netherlands (2001)
G., M., S., F.: The insider misuse threat survey: investigating it misuse from legitimate users. In: Proceedings of the 5th Australian Information Warfare & Security Conference, pp. 42-51
G., M., S., F.: A preliminary model of end user sophistication for insider threat prediction in it systems. Computers & Security 24(5), 371-380 (2005)
Guidance software inc. web portal, available at http://www.guidancesoftware.com, last accessed in march 2010.
Hay, B., Bishop, M., Nance, K.L.: Live analysis: Progress and challenges. IEEE Security & Privacy 7(2), 30-37 (2009)
M., F.: Language workbenches: The killer-app for domain specific languages? Available from http://martinfowler.com/articles/languageWorkbench.html, last accessed in March 2010.
Magklaras, G.: An architecture for insider misuse threat prediction in it systems. Master’s thesis, School of Computing, Communications and Electronics, University of Plymouth, UK
Magklaras, G., Furnell, S., Brooke, P.J.: Towards an insider threat prediction specification language. Information Management & Computer Security 14(4), 361-381 (2006)
McAuliffe, W.: Firms shop around for net law jurisdictions (2001). Available at http://news.zdnet.co.uk/itmanagement/0,1000000308,2085983,00.htm, last visited March 2010.
Microsoft Corp.: The computer online forensic evidence extractor (cofee). Available online at http://www.microsoft.com/industry/government/solutions/cofee, last accessed March 2010.
Moore, D., Voelker, G.M., Savage, S.: Inferring internet denial-of-service activity. In: SSYM’01: Proceedings of the 10th conference on USENIX Security Symposium. USENIX Association, Berkeley, CA, USA (2001)
The insider threat to us government information systems. Tech. rep., U.S. National Security Telecommunications And Information Systems Security Committee (1999). Available http: //www.cnss.gov/Assets/pdf/nstissam\_infosec\_ 1-9 9.pdf, last accessed March 2010.
Ousterhout, J.K.: Scripting: Higher-level programming for the 21st century. Computer 31, 23-30 (1998). DOI http://doi.ieeecomputersociety.org/10.1109/2.660187
Petroni, N.L., Aaron, J., Timothy, W., William, F., Arbaugh, A.: Fatkit: A framework for the extraction and analysis of digital forensic data from volatile system memory. Digital Investigation 3(4), 197-210(2006)
Pfleeger, C.P., Pfleeger, S.L.: Security in Computing (4th Edition). Prentice Hall PTR, Upper Saddle River, NJ, USA (2006)
Postel, J., Reynolds, J.: TELNET Protocol Specification, Request For Comments (RFC) 854. IETF Network Working Group (1983)
Power, R.: 2001 csi/fbi computer crime and security survey. Computer Security Journal 17(2), 29-51 (2001)
Raymond, E.: The Art of UNIX Programming. Addison-Wesley Professional (2003)
Richter, J.: Advanced Windows. Microsoft Press, Redmond, Washington, USA (1997)
Schultz, E.E.: A framework for understanding and predicting insider attacks. Computers & Security 21(6), 526-531 (2002)
Sharda, N.K.: Multimedia information networking. Prentice-Hall, Inc., Upper Saddle River, NJ, USA (1998)
Shaw, E., Ruby, K., Post, J.: The insider threat to information systems. Security Awareness Bulletin 98(2) (1998)
Sommerville, I.: Software engineering (5th ed.). Addison Wesley Longman Publishing Co., Inc., Redwood City, CA, USA (1995)
Spinellis, D.: Notable design patterns for domain-specific languages. Journal of Systems and Software 56(1), 91-99 (2001)
Spinellis, D., Gritzalis, D.: Panoptis: intrusion detection using a domain-specific language. Journal of Computer Security 10(1-2), 159-176 (2002)
T., A., I., K., E., S.: Use of a taxonomy of security faults. Tech. Rep. TR-96-051, COAST Laboratory, Department of Computer Sciences, Purdue University (1996)
Tugular, T.: A preliminary structural approach to insider computer misuse incidents. In: Proceedings of the EICAR Conference 2000, pp. 105-125. European Institute for Computer An- tivirus Research (EICAR) (2000)
Wood, B.: An insider threat model for adversary simulation. In: Proceedings of the Workshop on Research on Mitigating the Insider Threat to Information Systems (2000)
Ylonen, T.: The SSH (Secure Shell) Remote Login Protocol, Internet Draft. IETF Network Working Group (1995). Available http://www.free.lp.se/fish/rfc.txt, last accessed March, 2010.
Ziegler, R.: Linux firewalls. New Riders Publishing, Indianapolis, IN, USA (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Magklaras, G., Furnell, S. (2010). Insider Threat Specification as a Threat Mitigation Technique. In: Probst, C., Hunker, J., Gollmann, D., Bishop, M. (eds) Insider Threats in Cyber Security. Advances in Information Security, vol 49. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-7133-3_10
Download citation
DOI: https://doi.org/10.1007/978-1-4419-7133-3_10
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-7132-6
Online ISBN: 978-1-4419-7133-3
eBook Packages: Computer ScienceComputer Science (R0)