Knowing who to watch: Identifying attackers whose actions are hidden within false alarms and background noise

Chivers, Howard; Clark, John A.; Nobles, P.; Shaikh, Siraj Ahmed; Chen, Hao

doi:10.1007/s10796-010-9268-7

Cited by 20 publications

(18 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Now, at any given time, an organization needs to focus on two fronts to mitigate unknown attacks. It is possible to study patterns and attributes of certain or all events but if the end focus is not determine, it could lead in missing exploits unless IDS detected it as being an anomaly [23]. Some research refer to this dilemma as the "Dark Side of IT" where stopping an employee that has access to sensitive information is difficult if he/she wants to sell to competitors but implementing strong security policy is critical in such situation [73].…”

Section: Applied Methodsmentioning

confidence: 99%

Discovering New Cyber Protection Approaches from a Security Professional Prospective

Loukaka¹,

Rahman²

2017

IJCNC

View full text Add to dashboard Cite

Cybersecurity has become a very hot topic due to high profile breaches that occurred in the past years. Despite the implementation of current known pre-emptive methods such as intrusion detection systems, anti-viruses, and the use of firewalls, hackers still find sophisticated means to steal data or impair an organization by targeting their assets. It is important that security professionals need to "think outside the box" and use new tools and techniques to mitigate threats beyond current known detections and prevention technologies. It is imperative that our infrastructure and assets are impermeable from domestic and foreign attackers. Our best line of defense is the detection of any threats or vulnerability to prevent or minimize damages of our assets from domestic and foreign attackers.

show abstract

Section: Applied Methodsmentioning

confidence: 99%

Discovering New Cyber Protection Approaches from a Security Professional Prospective

Loukaka¹,

Rahman²

2017

IJCNC

View full text Add to dashboard Cite

show abstract

“…However it is not a methodological weakness of this approach, and only due to a practical constraint accessing a sufficiently large known malicious (heartbleed) dataset. In such a situation, if the historical rate of occurrences of certain attacks is known, it can be used to estimate the likelihood that certain events derive from such attacks or it may be sufficient to quantify these frequencies by an expert in a similar way to estimating risk likelihoods to an accuracy of an order of magnitude [22].…”

Section: Discussionmentioning

confidence: 99%

“…Such uncertainty needs to be acknowledged [21]. Using Bayesian technique and its variants for intrusions detection can be found in [22], [23]. The relevance of information fusion for network security monitoring has been widely discussed [24].…”

Section: Related Workmentioning

confidence: 99%

Towards an Early Warning System for Network Attacks Using Bayesian Inference

Kalutarage

Lee

Shaikh

et al. 2015

2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing

View full text Add to dashboard Cite

Towards an early warning system for network attacks using Bayesian inference Abstract-The Internet has become the most vulnerable part of critical civil infrastructures. Proactive measures such as early warnings are required to reduce the risk of disasters that can be created using it. With the continuous growth in scale, complexity and variety of networked systems the quality of data is continuously decreasing. This paper investigates the ability to employ Bayesian inference for network scenario analysis with low quality data to produce early warnings. Theoretical account of the approach and experimental results using a real world attack scenario and a real network traffic capture is presented.

show abstract

“…Insiders are usually employees, contractors, consultants or personnel from thirdparty service providers who would have been granted legitimate access to IT systems [1]. An insider threat could arise from anyone in these categories because these people have knowledge of the internal IT system and sometimes of the security controls protecting it [2] [3].…”

Section: Segregation Of Duties and Insider Threatsmentioning

confidence: 99%

Segregation-of-duties Conflicts in the Insider Threat Landscape-An Overview and Case Study

Ballesteros¹,

Pan²,

Batten³

et al. 2015

Advances in Social Science, Education and Humanities Research

View full text Add to dashboard Cite

-Many insider attacks originate from misuse of privileges granted by organizations to their internal employees, contractors or third-party service providers. A fundamental means of ensuring that conflicts of privilege cannot occur is to segregate role allocations in order to ensure that no individual can perform a task from beginning to end. In this paper, we provide background on insider attacks in connection with conflicts in Segregation of Duties, and present the current strategies for preventing and detecting such conflicts. To illustrate how a conflict can occur and what can result, we present an in-depth case study demonstrating a conflict in Segregation of Dutiesin an organization, along with the consequent fraud, and we discuss how it might have been prevented.

show abstract

Knowing who to watch: Identifying attackers whose actions are hidden within false alarms and background noise

Cited by 20 publications

References 9 publications

Discovering New Cyber Protection Approaches from a Security Professional Prospective

Discovering New Cyber Protection Approaches from a Security Professional Prospective

Towards an Early Warning System for Network Attacks Using Bayesian Inference

Segregation-of-duties Conflicts in the Insider Threat Landscape-An Overview and Case Study

Contact Info

Product

Resources

About