ELICIT: A system for detecting insiders who violate need-to-know

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4637 LNCS, Issue , 2007, Pages 146-166

  Maloof, Marcus A ^a   Stephens, Gregory D ^b  

^a GEORGETOWN UNIVERSITY   (United States)

^b MITRE CORPORATION   (United States)

Author keywords

Anomaly detection; Insider threat; Misuse

Indexed keywords

CASE BASED REASONING; DATA ACQUISITION; DECISION THEORY;

ANOMALY DETECTION; INSIDER THREAT; MISUSE;

SECURITY OF DATA;

EID: 38349036494     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-74320-0_8     Document Type: Conference Paper

References (19)

1. United States v. Leandro Aragoncillo and Michael Ray Aquino: Criminal complaint. District of New Jersey (September 9, 2005)
2. Keeney, M., et al.: Insider threat study: Computer system sabotage in critical infrastructure sector. Technical report, US Secret Service and CERT Program, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA (May 2005)
3. Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security 3(4), 227-261 (2000)
4. Porras, P.A., Neumann, P.G.: EMERALD: Event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the 20th NIST-NCSC National Information Systems Security Conference, pp. 353-365. National Institute of Standards and Technology, Gaithersburg, MD (1997)
5. Lane, T., Brodley, C.E.: Temporal sequence learning and data reduction for anomaly detection. ACM Transactions on Information and System Security 2(3), 295-331 (1999)
6. Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security 6(3), 151-180 (1988)
7. Ethereal, Inc.: Ethereal. Software (2007), http://www.ethereal.com
8. Leone, F.C., Nelson, L.S., Nottingham, R.B.: The Folded Normal Distribution. Technometrics 3(4), 543-550 (1961)
9. Silverman, B.W.: Density estimation for statistics and data analysis. Chapman & Hall/CRC, Boca Raton, FL (1998)
10. Jensen, F.V.: Bayesian networks and decision graphs. Statistics for Engineering and Information Science. Springer, New York, NY (2001)
11. Lippmann, R., et al.: The 1999 DARPA off-line intrusion detection evaluation. Computer Networks 34, 579-595 (2000)
12. McHugh, J.: Testing intrusion detection systems. ACM Transactions on Information and System Security 3(4), 262-294 (2000)
13. Bishop, M.: Computer security. Addison-Wesley, Boston, MA (2003)
14. Denning, D.E.: An intrusion-detection model. IEEE Transactions on Software Engineering SE-13(2), 222-232 (1987)
15. Lunt, T., et al.: IDES: A progress report. In: Proceedings of the Sixth Annual Computer Security Applications Conference. Applied Computer Security Associates, pp. 273-285. Silver Spring, MD (1990)
16. Christoph, G.G., et al.: UNICORN: Misuse detection for UNICOS™. In: Supercomputing '95, p. 56. IEEE Press, Los Alamitos, CA (1995)
17. Schonlau, M., et al.: Computer intrusion: Detecting masquerades. Statistical Science 16(1), 58-74 (2001)
18. Maxion, R.A.: Masquerade detection using enriched command lines. In: Proceedings of the International Conference on Dependable Systems and Networks, pp. 5-14. IEEE Press, Los Alamitos, CA (2003)
19. Maybury, M., et al.: Analysis and detection of malicious insiders. In: Proceedings of the 2005 International Conference on Intelligence Analysis, The MITRE Corporation, McLean, VA (2005)