Insider Threat Identification by Process Analysis
M. Bishop, H. Conboy, H. Phan, B. Simidchieva, G. Avrunin, L. Clarke, L. Osterweil, and S. Peisert, “Insider Threat Identification by Process Analysis” Proceedings of the 2014 Workshop on Research on Insider Threat (2014 IEEE Security and Privacy Workshops) pp. 251–264 (May 2014).
- Published version web page, paper paywalled at IEEE Explore: [DOI] [URL]
- Authors’ final version:
The insider threat is one of the most pernicious in computer security. Traditional approaches typically instrument systems with decoys or intrusion detection mechanisms to detect individuals who abuse their privileges (the quintessential “insider”). Such an attack requires that these agents have access to resources or data in order to corrupt or disclose them. In this work, we examine the application of process modeling and subsequent analyses to the insider problem. With process modeling, we first describe how a process works in formal terms. We then look at the agents who are carrying out particular tasks, perform different analyses to determine how the process can be compromised, and suggest countermeasures that can be incorporated into the process model to improve its resistance to insider attack.