Skip to main content
SpringerLink
Log in

Insider Threat Specification as a Threat Mitigation Technique

  • Chapter
  • First Online:
Book cover Insider Threats in Cyber Security

Part of the book series: Advances in Information Security ((ADIS,volume 49))

Abstract

Insider threats come in many facets and nuances. This results in two major problems: mining big amounts of data for evidence of an insider attack, and keeping track of different aspects of threats is very cumbersome. To enable techniques that support detection of insider threats as early as possible, one needs mechanisms to automate significant parts of the detection process, and that allow to specify what is meant by insider threat. This chapter describes the Insider Threat Prediction Specification Language (ITPSL), a research effort to address the description of threat factors as a mechanism to mitigate insider threats.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Accessdata inc. web portal, available at http://www.accessdata.com, last accessed in march 2010.

  2. Adelstein, F.: Live forensics: diagnosing your system without killing it first. Communications of the ACM 49(2), 63-66 (2006). DOI http://doi.acm.org/10.1145/1113034.1113070.

    Article  Google Scholar 

  3. Amoroso, E.G.: Intrusion detection: an introduction to Internet surveillance, correlation, traps, trace back, and response, 1st ed edn. Intrusion.Net Books, Sparta, NJ (1999)

    Google Scholar 

  4. Bach, M.J.: The design of the UNIX operating system. Prentice-Hall, Inc., Upper Saddle River, NJ, USA (1986)

    Google Scholar 

  5. Bishop, M., Gollmann, D., Hunker, J., Probst, C.: Countering insider threats. In: Dagstuhl Seminar 08302, Dagstuhl Seminar Proceedings, p. 18 pp. Leibnitz Center for Informatics (2008)

    Google Scholar 

  6. Brancik, K.: Insider Computer Fraud; An Indepth Framework for Detecting and Defending Against Insider IT Attacks. Auerbach Publications, Boston, MA, USA (2007)

    Book  Google Scholar 

  7. Caelli, W., Longley, D., Shain, M.: Information Security Handbook. Stockton Press (1991)

    Google Scholar 

  8. Cappelli, D., Moore, A., Shimeall, T., R., T.: Common sense guide to prevention and detection of insider threats. Tech. rep., Common Sense Guide to Prevention and Detection of Insider Threats (2006). Available at http://www.cert.org/archive/pdf/ CommonSenseInsiderThreatsV2.1-1-070118.pdf, last accessed March 2010.

  9. Carrier, B.D.: Risks of live digital forensic analysis. Communications of the ACM 49(2), 56-61 (2006)

    Article  Google Scholar 

  10. The common intrusion detection framework (CIDF). Available at http://gost.isi. edu/cidf, last accessed in March 2010.

  11. Consel, C.: From a program family to a domain-specific language. In: Domain-Specific Program Generation, International Seminar, Dagstuhl Castle, Germany, March 23-28, 2003, pp. 19-29 (2003)

    Google Scholar 

  12. Doyle, J.: Some representational limitations of the common intrusion specification language. Tech. rep., Laboratory for Computer Science, Massachusets Institute for Technology, Cambridge MA (1999)

    Google Scholar 

  13. Feiertag, R., Kahn, C., Porras, P., Schnackenberg, D., Staniford-Chen, S., Tung, B.: A Common Intrusion Specification Language (CISL) (1999). Available from http://gost.isi.edu/cidf/drafts/language.txt, last accessed in March 2010.

  14. Frykholm, N.: Countermeasures against buffer overflow attacks. Tech. rep., RSA Laboratories (2000)

    Google Scholar 

  15. Furnell, S., Magklaras, G., Papadaki, M., Dowland, P.: A generic taxonomy forintrusion specification and response. In: Proceedings of Euromedia 2001, pp. 125-131 (2001)

    Google Scholar 

  16. Furnell, S., Papadaki, M., Magklaras, G., Alayed, A.: Security vulnerabilities and system intrusions - the need for automatic response frameworks. In: Proceedings of the IFIP TC11 WG11.1/WG11.2 Eigth Annual Working Conference on Advances in Information Security anagement & Small Systems Security, pp. 87-98. Kluwer, B.V., Deventer, The Netherlands (2001)

    Google Scholar 

  17. G., M., S., F.: The insider misuse threat survey: investigating it misuse from legitimate users. In: Proceedings of the 5th Australian Information Warfare & Security Conference, pp. 42-51

    Google Scholar 

  18. G., M., S., F.: A preliminary model of end user sophistication for insider threat prediction in it systems. Computers & Security 24(5), 371-380 (2005)

    Google Scholar 

  19. Guidance software inc. web portal, available at http://www.guidancesoftware.com, last accessed in march 2010.

  20. Hay, B., Bishop, M., Nance, K.L.: Live analysis: Progress and challenges. IEEE Security & Privacy 7(2), 30-37 (2009)

    Article  Google Scholar 

  21. M., F.: Language workbenches: The killer-app for domain specific languages? Available from http://martinfowler.com/articles/languageWorkbench.html, last accessed in March 2010.

  22. Magklaras, G.: An architecture for insider misuse threat prediction in it systems. Master’s thesis, School of Computing, Communications and Electronics, University of Plymouth, UK

    Google Scholar 

  23. Magklaras, G., Furnell, S., Brooke, P.J.: Towards an insider threat prediction specification language. Information Management & Computer Security 14(4), 361-381 (2006)

    Article  Google Scholar 

  24. McAuliffe, W.: Firms shop around for net law jurisdictions (2001). Available at http://news.zdnet.co.uk/itmanagement/0,1000000308,2085983,00.htm, last visited March 2010.

  25. Microsoft Corp.: The computer online forensic evidence extractor (cofee). Available online at http://www.microsoft.com/industry/government/solutions/cofee, last accessed March 2010.

  26. Moore, D., Voelker, G.M., Savage, S.: Inferring internet denial-of-service activity. In: SSYM’01: Proceedings of the 10th conference on USENIX Security Symposium. USENIX Association, Berkeley, CA, USA (2001)

    Google Scholar 

  27. The insider threat to us government information systems. Tech. rep., U.S. National Security Telecommunications And Information Systems Security Committee (1999). Available http: //www.cnss.gov/Assets/pdf/nstissam\_infosec\_ 1-9 9.pdf, last accessed March 2010.

  28. Ousterhout, J.K.: Scripting: Higher-level programming for the 21st century. Computer 31, 23-30 (1998). DOI http://doi.ieeecomputersociety.org/10.1109/2.660187

    Article  Google Scholar 

  29. Petroni, N.L., Aaron, J., Timothy, W., William, F., Arbaugh, A.: Fatkit: A framework for the extraction and analysis of digital forensic data from volatile system memory. Digital Investigation 3(4), 197-210(2006)

    Article  Google Scholar 

  30. Pfleeger, C.P., Pfleeger, S.L.: Security in Computing (4th Edition). Prentice Hall PTR, Upper Saddle River, NJ, USA (2006)

    Google Scholar 

  31. Postel, J., Reynolds, J.: TELNET Protocol Specification, Request For Comments (RFC) 854. IETF Network Working Group (1983)

    Google Scholar 

  32. Power, R.: 2001 csi/fbi computer crime and security survey. Computer Security Journal 17(2), 29-51 (2001)

    Google Scholar 

  33. Raymond, E.: The Art of UNIX Programming. Addison-Wesley Professional (2003)

    Google Scholar 

  34. Richter, J.: Advanced Windows. Microsoft Press, Redmond, Washington, USA (1997)

    Google Scholar 

  35. Schultz, E.E.: A framework for understanding and predicting insider attacks. Computers & Security 21(6), 526-531 (2002)

    Article  Google Scholar 

  36. Sharda, N.K.: Multimedia information networking. Prentice-Hall, Inc., Upper Saddle River, NJ, USA (1998)

    Google Scholar 

  37. Shaw, E., Ruby, K., Post, J.: The insider threat to information systems. Security Awareness Bulletin 98(2) (1998)

    Google Scholar 

  38. Sommerville, I.: Software engineering (5th ed.). Addison Wesley Longman Publishing Co., Inc., Redwood City, CA, USA (1995)

    Google Scholar 

  39. Spinellis, D.: Notable design patterns for domain-specific languages. Journal of Systems and Software 56(1), 91-99 (2001)

    Article  Google Scholar 

  40. Spinellis, D., Gritzalis, D.: Panoptis: intrusion detection using a domain-specific language. Journal of Computer Security 10(1-2), 159-176 (2002)

    Google Scholar 

  41. T., A., I., K., E., S.: Use of a taxonomy of security faults. Tech. Rep. TR-96-051, COAST Laboratory, Department of Computer Sciences, Purdue University (1996)

    Google Scholar 

  42. Tugular, T.: A preliminary structural approach to insider computer misuse incidents. In: Proceedings of the EICAR Conference 2000, pp. 105-125. European Institute for Computer An- tivirus Research (EICAR) (2000)

    Google Scholar 

  43. Wood, B.: An insider threat model for adversary simulation. In: Proceedings of the Workshop on Research on Mitigating the Insider Threat to Information Systems (2000)

    Google Scholar 

  44. Ylonen, T.: The SSH (Secure Shell) Remote Login Protocol, Internet Draft. IETF Network Working Group (1995). Available http://www.free.lp.se/fish/rfc.txt, last accessed March, 2010.

  45. Ziegler, R.: Linux firewalls. New Riders Publishing, Indianapolis, IN, USA (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centre for Security, Communications and Network Research, University of Plymouth, Plymouth, United Kingdom

    George Magklaras & Steven Furnell

  2. The Biotechnology Center of Oslo, University of Oslo, Oslo, Norway

    George Magklaras

Authors
  1. George Magklaras
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Steven Furnell
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to George Magklaras .

Editor information

Editors and Affiliations

  1. , Informatics & Mathematical Modelling, Technical University of Denmark, Richard Petersens Plads, Kongens Lyngby, DK-2800, Denmark

    Christian W. Probst

  2. Copeland St., Pittsburgh, 15232, USA

    Jeffrey Hunker

  3. Hamburg-Harburg, Institut für Sicherheit in verteilten, Technische Universitaet, Harburger Schlossstrasse 20, Hamburg-Harburg, 21079, Germany

    Dieter Gollmann

  4. , Department of Computer Science, University of California, Davis, Shields Ave. One, Davis, 95616-8562, USA

    Matt Bishop

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer Science+Business Media, LLC

About this chapter

Cite this chapter

Magklaras, G., Furnell, S. (2010). Insider Threat Specification as a Threat Mitigation Technique. In: Probst, C., Hunker, J., Gollmann, D., Bishop, M. (eds) Insider Threats in Cyber Security. Advances in Information Security, vol 49. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-7133-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-1-4419-7133-3_10

  • Published:

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-1-4419-7132-6

  • Online ISBN: 978-1-4419-7133-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation