Announcements
Center for Information Protection
UC Davis is planning to join the NSF I/UCRC
Center for Information Protection. We are looking
for companies to join our Industrial Advisory
Board.
Find out more here!
Conferences and Workshops
- ISGIG 2009
- ACSAC 25
- PETRA 2010 (due 11/15)
- Oakland 2010 (due 11/18)
My Links
- My Home Page
- Books
- Classes
- Papers
- Reports and Notes
- Research
- Security in Programming
- Service
- Students
- Talks
- Miscellaneous
- My Family
- About Me (CV and such)
Other Links
- MyUCDavis
- Computer Security Lab
- Dept. of Computer Science
- College of Engineering
- University of California, Davis
- City of Davis
- County of Yolo
- State of California
- United States of America
AZALIA: an A to Z Assessment of the Likelihood of Insider Attack
Citation
- M. Bishop, C. Gates, D. Frincke, and F. Greitzer, “AZALIA: an A to Z Assessment of the Likelihood of Insider Attack,” Proceedings of the 2009 IEEE International Conference on Technologies for Homeland Security (May 2009).
Paper
Abstract
The insider threat problem is increasing, both in terms of the number of incidents and their financial impact. To date, solutions have been developed to detect specific instances of insider attacks (e.g., fraud detection) and therefore use very limited information for input. In this paper we describe an architecture for an enterprise-level solution that incorporates data from multiple sources. The unique aspects of this solution include the prioritization of resources based on the business value of the protected assets, and the use of psychological indicators and language affectation analysis to predict insider attacks. The goal of this architecture is not to detect that insider abuse has occurred, but rather to determine how to prioritize monitoring activities, giving priority to scrutinizing those whose background includes access to key combinations of assets as well as those psychological/other factors that have in the past been associated with malicious insiders.Copyright Notice
©2009 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author’s copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
The definitive version was published in the Proceedings of the 2009 IEEE International Conference on Technologies for Homeland Security, May 2009.
