Insider Threat Control: Using Universal Serial Bus (USB) Device Auditing to Detect Possible Data Exfiltration by Malicious Insiders

Silowash, George J; Lewellen, Todd

doi:10.21236/ada610588

Cited by 6 publications

(3 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Virtual Private Network (VPN) data flow monitoring (Cappelli et al, 2012), Web traffic inspection (George J. Silowash, Todd Lewellen, 2013), and Correlating Events from Multiple Sources such as Universal Serial Bus (USB) (Silowash and Lewellen, 2013), are different types of DLP security controls. All of these controls can be used to mitigate insider threats by analysing information about changes in the behaviour or activities of authorised users.…”

Section: Technical Approachesmentioning

confidence: 99%

“…In the proposed framework, opportunities were measured by contract expiration dates, authorised user system role, as well as the employee's relationship to the organisation they work for (for example, a current employee, former employee, contractor, etc.) (Centre for the Protection of National Infrastructure, 2013; Moore et al, 2011;Silowash and Lewellen, 2013;Ghaffarzadegan, 2008).…”

Section: Human Factorsmentioning

confidence: 99%

See 1 more Smart Citation

Insider Threat Risk Prediction based on Bayesian Network

Elmrabit

Yang

et al. 2020

Computers & Security

View full text Add to dashboard Cite

Insider threat protection has received increasing attention in the last ten years due to the serious consequences of malicious insider threats. Moreover, data leaks and the sale of mass data have become much simpler to achieve, e.g., the dark web can allow malicious insiders to divulge confidential data whilst hiding their identities. In this paper, we propose a novel approach to predict the risk of malicious insider threats prior to a breach taking place. Firstly, we propose a new framework for insider threat risk prediction, drawing on technical, organisational and human factor perspectives. Secondly, we employ a Bayesian network to model and implement the proposed framework. Furthermore, this Bayesian network-based prediction model is evaluated in a range of challenging environments. The risk level predictions for each authorised users within the organisation are examined so that any insider threat risk can be identified. The proposed insider threat prediction model achieved better results when compared to the empirical judgments of security experts

show abstract

Section: Technical Approachesmentioning

confidence: 99%

Section: Human Factorsmentioning

confidence: 99%

Insider Threat Risk Prediction based on Bayesian Network

Elmrabit

Yang

et al. 2020

Computers & Security

View full text Add to dashboard Cite

show abstract

“…The Software Engineering Institute at Carnegie Mellon University has done considerable work on detecting insider threats. For example, researchers have inspected network traffic through the Squid proxy server [25], set up access control lists and signatures, and tagged documents to check if data leakage has occurred from within an organization. Splunk [27] has created mature security products for log management and anomaly detection.…”

Section: Related Workmentioning

confidence: 99%

Insider Threat Detection Using Multi-autoencoder Filtering and Unsupervised Learning

Wei

Chow

Yiu

2020

Advances in Digital Forensics XVI

View full text Add to dashboard Cite

Insider threat detection and investigation are major challenges in digital forensics. Unlike external attackers, insiders have privileges to access resources in their organizations and violations of normal behavior are difficult to detect.This chapter describes an unsupervised deep learning framework for detecting insider threats by analyzing system log files. A typical deep neural network can capture normal behavior patterns, but not insider threat behavior patterns because of the presence of small, if any, amounts of insider threat data. For example, the autoencoder unsupervised deep learning model, which is widely used for anomaly detection, requires a dataset containing labeled normal data for training purposes and does not work well when the training dataset contains anomalies. In contrast, the framework proposed in this chapter leverages unsupervised multi-autoencoder filtering to remove anomalies from a training dataset and uses the resulting trained Gaussian mixture model to estimate the distributions of encoded and recognized normal data; data with lower probabilities is identified as insider threat data by the trained model. Experiments demonstrate that the multi-autoencoder-filtered unsupervised learning framework has superior detection performance compared with state-of-the-art baseline models.

show abstract

Putting a Hat on a Hen? Learnings for Malicious Insider Threat Prevention from the Background of German White-Collar Crime Research

Hugl

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Insider Threat Control: Using Universal Serial Bus (USB) Device Auditing to Detect Possible Data Exfiltration by Malicious Insiders

Cited by 6 publications

References 1 publication

Insider Threat Risk Prediction based on Bayesian Network

Insider Threat Risk Prediction based on Bayesian Network

Insider Threat Detection Using Multi-autoencoder Filtering and Unsupervised Learning

Putting a Hat on a Hen? Learnings for Malicious Insider Threat Prevention from the Background of German White-Collar Crime Research

Contact Info

Product

Resources

About