Intelligence analyses and the insider threat

IEEE Transactions on Systems, Man, and Cybernetics Part A:Systems and Humans

Volumn 42, Issue 2, 2012, Pages 331-347

  Santos Jr , Eugene ^a   Nguyen, Hien ^b   Yu, Fei ^a   Kim, Keum Joo ^a   Li, Deqing ^a   Wilkinson, John T ^a   Olson, Adam ^b   Russell, Jacob ^c   Clark, Brittany ^b  

^a DARTMOUTH COLLEGE   (United States)

^b UNIVERSITY OF WISCONSIN WHITEWATER   (United States)

^c UNIVERSITY OF WISCONSIN MILWAUKEE   (United States)

Author keywords

Cognitive styles; decision making process; insider threat; intelligence analyses

Indexed keywords

COGNITIVE STYLES; COMPREHENSIVE ANALYSIS; COMPUTATIONAL MODEL; DECISION MAKERS; DECISION MAKING PROCESS; DETECTION METHODS; DETECTION PERFORMANCE; INSIDER THREAT; INTELLIGENCE ANALYSIS; INTELLIGENCE COMMUNITIES; MALICIOUS INSIDERS; NOVEL METHODOLOGY; WORKING STYLES;

EXPERIMENTS;

EID: 84857505501     PISSN: 10834427     EISSN: None     Source Type: Journal    
DOI: 10.1109/TSMCA.2011.2162500     Document Type: Article

References (45)

1. R. J. Riding and S. Rayner, Cognitive Styles, S. Rayner and R. J. Riding, Eds. Westport, CT: Greenwood, 2000.
2. E. Santos, Jr., H. Nguyen, F. Yu, K. J. Kim, D. Li, J. T. Wilkinson, A. Olson, and R. Jacob, "Intent-driven insider threat detection in intelligence analyses," in Proc. IEEE/WIC/ACM Int. Conf. Web Intell. Intell. Agent Technol., Sydney, Australia, 2008, pp. 345-349.
3. M. B. Salem, S. Hershkop, and S. J. Stolfo, "A survey of insider attack detection research," in Insider Attack and Cyber Security. NewYork: Springer-Verlag, 2008, pp. 69-90.
4. S. A. Hofmeyr, S. Forrest, and A. Somayaji, "Intrusion detection using sequences of system calls," J. Comput. Security, vol. 6, no. 3, pp. 151-180, Aug. 1998.
5. D.-K. Kang, D. Fuller, and V. Honavar, "Learning classifiers for misuse detection using a bag of system calls representation," in Proc. 6th Annu. IEEE SMC IAW, 2005, pp. 118-125. (Pubitemid 43948712)
6. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, "A sense of self for Unix processes," in Proc. IEEE Symp. Security Privacy, Oakland, CA, 1996, pp. 120-128.
7. D. Mutz, W. Robertson, G. Vigna, and R. Kemmerer, "Exploiting execution context for the detection of anomalous system calls," in Proc. Int. Symp. RAID, Gold Coast, Australia, 2007, pp. 1-20.
8. M. S. Sharif, K. Singh, J. Giffin, and W. Lee, "Understanding precision in host based intrusion detection," in Proc. Int. Symp. RAID, 2007, pp. 21-41.
9. B. Mukherjee, L. T. Heberlein, and K. N. Levitt, "Network intrusion detection," IEEE Netw., vol. 8, no. 3, pp. 26-41, May/Jun. 1994.
10. C. Ko, "Execution monitoring of security-critical programs in distributed systems: A specification-based approach," in Proc. IEEE Symp. Security Privacy, 1997, pp. 175-187.
11. N. Nguyen, P. Reiher, and G. H. Kuenning, "Detecting insider threats by monitoring system call activity," in Proc. IEEE Syst., Man Cybern. Soc. Inf. Assur. Workshop, 2003, pp. 45-52.
12. A. Liu, C. Martin, T. Hetherington, and S. Matzner, "A comparison of system call feature representations for insider threat detection," in Proc. 6th Annu. IEEE SMC IAW, 2005, pp. 340-347. (Pubitemid 43948742)
13. A. Liu, C. Martin, T. Hetherington, and S. Matzner, "AI lessons learned from experiments in insider threat detection," in Proc. AAAI Spring Symp., 2006, pp. 49-55. (Pubitemid 44230661)
14. C. Kruegel, D. Mutz, F. Valeur, and G. Vigna, "On the detection of anomalous system call arguments," in Proc. ESORICS, 2003, pp. 326-343.
15. M. Schonlau, W. DuMouchel, W.-H. Ju, and A. F. Karr, "Computer intrusion: Detecting masquerades," Stat. Sci., vol. 16, no. 1, pp. 58-74, Feb. 2001. (Pubitemid 33632847)
16. R. A. Maxion and T. N. Townsend, "Masquerade detection using truncated command lines," in Proc. Int. Conf. DSN, 2002, pp. 219-228.
17. J. Seo and S. Cha, "Masquerade detection based on SVM and sequencebased user commands profile," in Proc. 2nd ACM Symp. Inf., Comput. Commun. Security, 2007, pp. 398-400. (Pubitemid 47479263)
18. R. A. Maxion, "Masquerade detection using enriched command lines," in Proc. Int. Conf. DSN, San Francisco, CA, 2003, pp. 5-14.
19. S. Greenberg, "Using Unix: Collected traces of 168 users," Dept. Comput. Sci., Univ. Calgary, Calgary, AB, Canada, Tech. Rep. 88/333/45, 1988.
20. M. Kirkpatrick, E. Bertino, and F. Sheldon, "An architecture for contextual insider threat detection," cspurdueedu, 2009, pp. 1-11.
21. Y. Yang and C. Tzi-cker, "Display-only file server: A solution against information theft due to insider attack," in Proc. ACM Workshop Digital Rights, 2004, pp. 31-39.
22. P. Suranjan, S. Vidyaraman, and U. Shambhu, "Security policies to mitigate insider threat in the document control domain," in Proc. Comput. Security Appl. Conf., 2004, pp. 304-313.
23. M. Maloof and G. D. Stephens, "ELICIT: A system for detecting insiders who violate need-to-know," in Proc. Recent Adv. Intrusion Detection, 2007, pp. 146-166.
24. A. Natarajan and L. Hossain, "Towards a social network approach for monitoring insider threats to information security," in Proc. 2nd NSF/NIJ Symp. Intell. Security Informat., Tucson, AZ, 2004, pp. 501-507.
25. S. Symonenko, E. D. Liddy, O. Yilmazel, R. Del Zoppo, E. Brown, and M. Downey, "Semantic analysis for monitoring insider threats," in Proc. 2nd NSF/NIJ Symp. Intell. Security Informat., Tucson, AZ, 2004, pp. 492-500.
26. O. Yilmazel, S. Symonenko, N. Balasubramanian, and E. D. Liddy, "Leveraging one-class SVM and semantic analysis to detect anomalous content," in Terrorism Informatics. New York: Springer-Verlag, 2008, pp. 407-424.
27. J. S. Park and S. M. Ho, "Composite role-based monitoring (CRBM) for countering insider threats," in Proc. 2nd NSF/NIJ Symp. Intell. Security Informat., Tucson, AZ, 2004, pp. 201-213.
28. C. P. Pfleeger, "Reflections on the insider threat," in Insider Attack and Cyber Security: Beyond the Hacker. New York: Springer-Verlag, 2008, pp. 5-16.
29. J. Hunker and C. W. Probst, "Insiders and insider threats-An overview of definitions and mitigation techniques," J. Wireless Mobile Netw., Ubiquitous Comput., Dependable Appl., vol. 2, no. 1, pp. 4-27, 2011.
30. H. Nguyen, E. Santos, Jr., Q. Zhao, and H. Wang, "Capturing user intent for information retrieval," in Proc. 48th Annu. Meeting HFES, New Orleans, LA, 2004, pp. 371-375.
31. E. Santos, Jr., Q. Zhao, H. Nguyen, and H. Wang, "Impacts of user modeling on personalization of information retrieval: An evaluation with human intelligence analysts," in Proc. 4th Workshop Eval. Adapt. Syst., Conjunction With UM, 2005, pp. 27-36.
32. H. Nguyen, "Capturing user intent for information," Ph.D. dissertation, Univ. Connecticut, Storrs, CT, 2005.
33. E. Santos, Jr., H. Nguyen, Q. Zhao, and H. Wang, "User modelling for intent prediction in information analysis," in Proc. 47th Annu. Meeting Hum. Factors Ergonom. Soc., 2003, pp. 1034-1038.
34. D. Grinberg, J. Lafferty, and D. Sleator, "A robust parsing algorithm for link grammars," in Proc. 4th Int. Workshop Parsing Technol., 1995, pp. 111-125.
35. C. D. Manning and H. Schütze, Foundations of Statistical Natural Language Processing. Cambridge, MA: MIT Press, 2002.
36. M. Montes-y-Gómez, A. Gelbukh, and A. Lópes-López, "Comparison of conceptual graphs," in Proc. 1st MICAI, 2000, pp. 548-556.
37. R. J. Heuer, Jr., Psychology of Intelligence Analysis. Washington, DC: U.S. Govt. Printing Off., 1999.
38. B. Wood, "An insider threat model for adversary simulation," in Proc. Res. Mitigating Insider Threat Inf. Syst., 2000, vol. 2, pp. 41-47.
39. R. J. Riding and S. Rayner, Cognitive Styles and Learning Strategies: Understanding Style Differences in Learning and Behaviour, S. Rayner, Ed. London, U.K.: Fulton, 1998.
40. H. A. Witkin, D. R. Goodenough, and S. A. Karp, "Stability of cognitive style from childhood to young adulthood," J. Personality Social Psychol., vol. 7, no. 3, pp. 291-300, Nov. 1967.
41. G. Pask, "Styles and strategies of learning," Brit. J. Educ. Psychol., vol. 46, no. II, pp. 128-148, 1976.
42. H. A. Witkin, C. A. Moore, D. R. Goodenough, and P. W. Cox, "Fielddependent and field-independent cognitive styles and their educational implications," Rev. Educ. Res., vol. 47, no. 1, pp. 1-64, 1977.
43. L. Hudson, Contrary Imaginations: A Psychological Study of the English Schoolboy. New York: Taylor & Francis, 1966.
44. K. Michael, "Adaptors and innovators: A description and measure," J. Appl. Psychol., vol. 61, no. 5, pp. 622-629, Oct. 1976.
45. E. R. Peterson, S. G. Rayner, and S. J. Armstrong, "Researching the psychology of cognitive style and learning style: Is there really a future?" Learning Individual Differences, vol. 19, no. 4, pp. 518-523, Dec. 2009.