Insiders and insider threats an overview of definitions and mitigation techniques

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications

Volumn 2, Issue 1, 2011, Pages 4-27

  Hunker, Jeffrey ^a   Probst, Christian W ^b  

^a Jeffrey Hunker Associates LLC   (Denmark)

^b TECHNICAL UNIVERSITY OF DENMARK   (Denmark)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 80052621067     PISSN: 20935374     EISSN: 20935382     Source Type: Journal    
DOI: None     Document Type: Article

References (71)

1. C. P. Pfleeger, Reflections on the Insider Threat. Springer, 2008, ch. in [71].
2. R. Richardson, "CSI computer crime & security survey," http://gocsi.com/sites/default/files/uploads/CSIsurvey2008.pdf (last viewed March 2011), 2008.
3. R. H. Anderson, "Research and development initiatives focused on preventing, detecting, and responding to insider misuse of critical defense information systems," RAND Corporation, Tech. Rep. RAND CF-151-OSD, 1999.
4. R. H. Anderson, T. Bozek, T. Longstaff, W. Meitzler, M. Skroch, and K. V. Wyk, "Research on mitigating the insider threat to information systems #2," RAND Corporation, Tech. Rep. RAND CF-163-DARPA, 2000.
5. R. C. Brackney and R. H. Anderson, "Understanding the insider threat," RAND Corporation, Tech. Rep. RAND CF-196-ARDA, 2004.
6. "DoD Insider Threat Mitigation. Final Report of the Insider Threat Integrated Process Team." US Department of Defense, Office of the Assistant Secretary of Defense (Command, Control, Commuications, and Intelligence). Available from https://acc.dau.mil/CommunityBrowser.aspx?id=37478 (last viewed March 2011), 2000.
7. C. Gates and C. Taylor, "Challenging the anomaly detection paradigm: a provocative discussion," in Proc. of New Security Paradigms Workshop 2006 (NSPW'06), Schloss Dagstuhl, Germany. ACM Press, September 2007, pp. 21-29. [Online]. Available: http://doi.acm.org.globalproxy.cvt.dk/10.1145/1278940.1278945
8. S. R. Band, D. M. Cappelli, L. F. Fischer, A. P. Moore, E. D. Shaw, and R. F. Trzeciak, "Comparing insider IT sabotage and espionage: A model-based analysis," Carnegie Mellon University, Tech. Rep. CMU/SEI-2006-TR-026, 2006.
9. C. W. Probst, J. Hunker, M. Bishop, and D. Gollmann, "Countering insider threats," Dagstuhl Seminar Proceedings, 2008. [Online]. Available: http://drops.dagstuhl.de/opus/volltexte/2008/1793
10. C. W. Probst, J. Hunker, D. Gollmann, and M. Bishop, Aspects of Insider Threats. Springer, 2010, ch. in [44].
11. U. Flegel, J. Vayssiere, and G. Bitz, A State of the Art Survey of Fraud Detection Technology. Springer, 2010, ch. in [44].
12. M. Bishop, "The insider problem revisited," in Proc. of New Security Paradigms Workshop 2005 (NSPW'05), Lake Arrowhead, California, USA. ACM Press, September 2005, pp. 75-76.
13. B. Schneier, Secrets and Lies: Digital Security in a Networked World. John Wiley & Sons, 2004.
14. V. Caruso, "Outsourcing information technology and the insider threat," Master's thesis, Air Force Institute of Technology, 2003, available from http://handle.dtic.mil/100.2/ADA415113 (last viewed March 2011).
15. N. Einwechter, "Preventing and detecting insider attacks using ids," Available from http://www.symantec.com/connect/articles/preventing-and-detecting-insider-attacks-using-ids (last viewed March 2011), 2002.
16. E. E. Schultz and R. Shumway, Incident Response: A Strategic Guide to Handling System and Network Security Breaches. New Riders, 2001.
17. M. Bishop, S. Engle, S. Peisert, S. Whalen, and C. Gates, "Case studies of an insider framework," in Proc. of the 42nd Hawaii International Conference on System Sciences (HICSS'09), Hawaii, USA. IEEE, January 2009, pp. 1-10.
18. J. Predd, S. L. Pfleeger, J. Hunker, and C. Bulford, "Insiders behaving badly," IEEE Security and Privacy, vol. 6, pp. 66-70, July 2008. [Online]. Available: http://portal.acm.org/citation.cfm?id=1441365.1441416
19. G. B. Magklaras and S. M. Furnell, "Insider threat prediction tool: Evaluating the probability of it misuse," Computers & Security, vol. 21, no. 1, pp. 62-73, 2001. [Online]. Available: http://www.sciencedirect.com/science/article/B6V8G-452D9TY-C/2/d3ce0be409d1fbb34d981e7f0cfecc13
20. C. W. Probst and J. Hunker, "The risk of risk analysis and its relation to the economics of insider threats," in Economics of Information Security and Privacy, T. Moore, D. Pym, and C. Ioannidis, Eds. Springer, 2010, pp. 279-299.
21. A. P. Moore, D. M. Cappelli, and R. F. Trzeciak, The 'Big' Picture' of IT Sabotage Across U.S. Critical Infrastructures. Springer, 2008, ch. in [71].
22. M. B. Salem, S. Hershkop, and S. J. Stolfo, A Survey of Insider Attack Detection Research. Springer, 2008, ch. in [71].
23. S. M. Bellovin, The Insider Attack Problem: Nature and Scope. Springer, 2008, ch. in [71].
24. S. Smith and J. Marchesini, The Craft of System Security. Addison-Wesley Professional, 2007.
25. S. Sinclair and S. W. Smith, Preventative Directions for Insider Threat Mitigation via Access Control. Springer, 2008, ch. in [71].
26. P. G. Neumann, Combating Insider Threats. Springer, 2010, ch. in [44].
27. S. Pramanik, V. Sankaranarayanan, and S. Upadhyaya, "Security policies to mitigate insider threat in the document control domain," in Proc of the 20th Annual Computer Security Applications Conference (ACSAC'04), Tucson, Arizona, USA. IEEE, December 2004, pp. 304-313.
28. R. K. Iyer, P. Dabrowski, N. Nakka, and Z. Kalbarczyck, Preconfiguarable Tamper-resistant Hardware Support Against Insider Threats: The Tested ILLIAC Approach. Springer, 2008, ch. in [71].
29. M. A. Maloof and G. D. Stephens, "Elicit: a system for detecting insiders who violate need-to-know," in Proc. of the 10th International Conference on Recent Advances in Intrusion Detection (RAID'07), Gold Goast, Australia, LNCS, vol. 4637. Springer-Verlag, August 2007, pp. 146-166.
30. B. M. Bowen, M. B. Salem, A. D. Keromytis, and S. J. Stolfo, Monitoring Technologies for Mitigating Insider Threats. Springer, 2010, ch. in [44].
31. B. D. Davison and H. Hirsh, "Predicting sequences of user actions," in Predicting the Future: AI Approaches to Time Series Problems. AAAI Press, 1998, pp. 5-12.
32. W. Ju and Y. Vardun, "A hybrid high-order markov chain model for computer intrusion detection," National Institute of Statistical Sciences, Tech. Rep. 92, 1999.
33. K. S. Killourhy and R. A. Maxion, Naive Bayes as a Masquerade Detector: Addressing a Chronic Failure. Springer, 2008, ch. in [71].
34. L. Spitzner, "Honeypots: Catching the insider threat," in Proc. of the 19th Annual Computer Security Applications Conference (CSAC'03), Las Vegas, NV, USA. IEEE, December 2003, pp. 170-179.
35. M. Schonlau, W. DuMouchel, W. H. Ju, A. F. Karr, M. Theus, and Y. Vardi, "Computer Intrusion: Detecting Masquerades," Statistical Science, vol. 16, no. 1, pp. 58-74, 2001. [Online]. Available: http://dx.doi.org/10.2307/2676780
36. M. Maybury, P. Chase, B. Cheikes, D. Brackney, S. Matzner, T. Hetherington, B. Wood, C. Sibley, J. Marin, T. Longstaff, L. Spitzner, J. Haile, J. Copeland, and S. Lewandowski, "Analysis and detection of malicious insiders," The MITRE Corporation, Tech. Rep., 2005.
37. J. H. Saltzer, "Protection and the control of information sharing in multics," Commun. ACM, vol. 17, pp. 388-402, July 1974. [Online]. Available: http://doi.acm.org/10.1145/361011.361067
38. Q. Althebyan and B. Panda, "A knowledge-base model for insider threat prediction," in Proc. of the 2007 IEEE SMC Information Assurance and Security Workshop (IAW'07), West Point, New York, USA. IEEE, June 2007, pp. 239-246.
39. T. Dimkov, W. Pieters, and P. Hartel, "Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain," University of Twente, Tech. Rep., 2009.
40. T. Dimkov, W. Pieters and P. Hartel, "Portunes: representing attack scenarios spanning through the physical, digital and social domain," in Proc. of the Joint Workshop on Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (ARSPA-WITS'10), Paphos, Cyprus, LNCS. Springer Verlag, March 2010.
41. C. W. Probst and R. R. Hansen, "Analysing access control specifications," 2009 Fourth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 5,6, 2009.
42. C. W. Probst, "An extensible analysable system model," Information Security Technical Report, vol. 13, pp. 235-246, 2008.
43. M. Bishop, S. Engle, S. Peisert, S. Whalen, and C. Gates, "We have met the enemy and he is us," in Proc. of the 2008 Workshop on New Security Paradigms (NSPW'08), Lake Tahoe, California, USA. ACM Press, September 2008, pp. 1-12.
44. C. W. Probst, J. Hunker, D. Gollmann, and M. Bishop, Eds., Insider Threats in Cybersecurity. Springer, 2010.
45. E. D. Shaw and L. F. Fischer, "Ten tales of betrayal: The threat to corporate infrastructures by information technology insiders analysis and observations," Defense Personnel Security Research Center (PERSEREC), Monterey, CA, Tech. Rep. 05-13, 2005.
46. K. Aquino, T. M. Tripp, and R. J. Bies, "Getting even or moving on? power, procedural justice and types of offense as predictors of revenge, forgiveness, reconciliation and avoidance in organizations," Journal of Applied Psychology, vol. 91, no. 3, pp. 653-668, 2006.
47. K. Aquino, T. M. Tripp, and R. J. Bies, "How employees respond to personal offense: The effects of blame attribution, victim status, and offender status on revenge and reconciliation in the workplace," Journal of Applied Psychology, vol. 86, no. 1, pp. 52-59, 2001.
48. D. De Cremer, "Unfair treatment and revenge taking: The roles of collective identification and feelings of disappointment," Group Dynamics: Theory, Research and Practice, vol. 10, no. 3, pp. 220-232, 2006.
49. E. E. Schultz, "A framework for understanding and predicting insider attacks," Computers & Security, vol. 21, no. 6, pp. 526-531, 2002. [Online]. Available: http://www.sciencedirect.com/science/article/B6V8G-46XGM6D-9/2/69a602ad8a9c42af84570b33777c4c0c
50. F. L. Greitzer and D. A. Frinke, Toward Predictive Modeling for Insider Threat Mitigation. Springer, 2010, ch. in [44].
51. L. A. Kramer, J. Richards J. Heuer, and K. S. Crawford, "Technological, social and economic trends that are increasing u.s. vulnerability to insider espionage," Defense Personnel Security Research Center (PERSEREC), Monterey, CA, Tech. Rep. 05-10, 2005.
52. B. J. Wood, "An insider threat model for adversary simulation," in [4], 2000.
53. G. B. Magklaras and S. M. Furnell, "Insider threat prediction tool: Evaluating the probability of it misuse," Computers & Security, vol. 21, no. 1, pp. 62-73, 2001. [Online]. Available: http://www.sciencedirect.com/science/article/B6V8G-452D9TY-C/2/d3ce0be409d1fbb34d981e7f0cfecc13
54. J. W. Butts, R. F. Mills, and R. O. Baldwin, "Developing an insider threat model using functional decomposition," in Computer Network Security, ser. Lecture Notes in Computer Science, V. Gorodetsky, I. Kotenko, and V. Skormin, Eds. Springer Berlin/Heidelberg, 2005, vol. 3685, pp. 412-417. [Online]. Available: http://dx.doi.org/10.1007/1156032632
55. R. Chinchani, A. Iyer, H. Q. Ngo, and S. Upadhyaya, "Towards a theory of insider threat assessment," in Proc. of the 2005 International Conference on Dependable Systems and Networks (DSN'05), Yokohama, Japan. IEEE, June-July 2005, pp. 108-117.
56. D. M. Cappelli, A. G. Desai, A. P. Moore, T. J. Shimeall, E. A. Weaver, and B. J. Willke, "Management and education of the risk of insider threat (merit): System dynamics modeling of computer system sabotage," in Proc. of the 24th International Conference of the System Dynamics Society, Nijmegen, The Netherlands. System Dynamics Society, July 2006.
57. P. C. Costa, D. Barbará, K. B. Laskey, E. J. Wright, G. Alghamdi, S. Mirza, M. Revankar, and T. Shackelford, "Dtb project: A behavioral model for detecting insider threats," in Proc. of the 2005 International Conference on Intelligence Analysis, McLean, VA, USA. The MITRE Corporation, 2005.
58. B. Aleman-Meza, P. Burns, M. Eavenson, D. Palaniswami, and A. Sheth, "An ontological approach to the document access problem of insider threat," in Intelligence and Security Informatics, ser. Lecture Notes in Computer Science, P. Kantor, G. Muresan, F. Roberts, D. D. Zeng, F.-Y. Wang, H. Chen, and R. C. Merkle, Eds. Springer Berlin/Heidelberg, 2005, vol. 3495, pp. 45-47. [Online]. Available: http://dx.doi.org/10.1007/1142799547
59. M. Keeney, E. Kowalski, D. Cappelli, A. Moore, T. Shimeall, and S. Rogers, "Insider threat study: Computer system sabotage in critical infrastructure sectors," U.S. Secret Service and CERT Coordination Center, Tech. Rep., 2005, available from http://www.cert.org/insiderthreat/insidercross.html (last viewed March 2011).
60. C. Hlavica, U. Klapproth, and F. M. Hülsberg, Eds., Tax Fraud & Forensic Accounting. Gabler, 2011.
61. M. Bishop, S. Engle, D. A. Frincke, C. Gates, F. L. Greitzer, S. Peisert, and S. Whalen, A Risk Management Approach to the "Insider Threat". Springer, 2010, ch. in [44].
62. Director of Central Intelligence/Intelligence, "Community staff memorandum ics 0858-90: Project slammer interim report (u)," Central Intelligence Agency, 1990, project Slammer is a CIA-sponsored study of Americans convicted of espionage against the United States. A declassified interim report is available at: http://antipolygraph.org/documents/slammer-12-04-1990.shtml and http://antipolygraph.org/documents/slammer-12-04-1990.pdf.
63. M. G. Gelles, "Exploring the mind of the spy," In: Employees' guide to security responsibilities: Treason 101, Texas A&M University Research Foundation, 2005.
64. J. Krofcheck and M. G. Gelles, Behavioral consultation in personnel security: Training and reference manual for personnel security professionals, Yarrow Associates, 2006.
65. E. D. Shaw, J. M. Post, and K. G. Ruby, "Inside the mind of the insider," Security Management, vol. 43, no. 12, p. 34, 1999.
66. A. H. Maslow, "A theory of human motivation," Psychological Review, vol. 50, no. 4, pp. 370-396, 1943.
67. C. W. Probst, J. Hunker, M. Bishop, L. Coles-Kemp, and D. Gollmann, "Insider threats: Strategies for prevention, mitigation, and response," Dagstuhl Seminar Proceedings, 2010. [Online]. Available: http://drops.dagstuhl.de/opus/volltexte/2010/2903
68. M. R. Randazzo, M. M. Keeney, E. Kowalski, D. Cappelli, and A. Moore, "Insider threat study: Illicit cyber activity in the banking and finance sector," U.S. Secret Service and CERT Coordination Center, Tech. Rep., 2004, available from http://www.cert.org/archive/pdf/bankfin040820.pdf (last viewed March 2011).
69. J. Hunker and C. Bulford, "Federal prosecution of insider threats demonstrates need for reform: Analysis based on data base of federal prosecutions since 1995," 2009.
70. D. Maughan et al., A roadmap for cybersecurity research, Department of Homeland Security, 2009.
71. S. Stolfo, S. Bellovin, S. Hershkop, A. Keromytis, S. Sinclair, and S. W. Smith, Eds., Insider Attack and Cyber Security: Beyond the Hacker. Springer, 2008.