Abstract
Insider threat is typically attributed to legitimate users who maliciously leverage their system privileges, and familiarity and proximity to their computational environment to compromise valuable information or inflict damage. According to the annual CSI/FBI surveys conducted since 1996, internal attacks and insider abuse form a significant portion of reported incidents. The strongest indication yet that insider threat is very real is given by the recent study [2] jointly conducted by CERT and the US Secret Service; the first of its kind, which provides an in-depth insight into the problem in a real-world setting. However, there is no known body of work which addresses this problem effectively. There are several challenges, beginning with understanding the threat.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
2004 E-Crime Watch Survey: Summary Of Findings, CERT/United States Secret Service/CSO, 2004. http://www.cert.org/archive/pdf/2004eCrimeWatchSummary.pdf.
Insider Threat Study: Illicit Cyber Activity In The Banking And Finance Sector, CERT/United States Secret Service, August 2004. http://www.secretservice.gov/ntac/its_report_040820.pdf.
M. Alekhnovich, S. Buss, S. Moran, and T. Pitassi, Minimum propositional proof length is NP-hard to linearly approximate, J. Symb. Log., 66 (2001), pp. 171–191.
P. Ammann, D. Wijesekera, and S. Kaushik, Scalable, graph-based network vulnerability analysis, in Proceedings of the 9th ACM conference on Computer and communications security, ACM Press, 2002, pp. 217–224.
S. Arora, L. Babai, J. Stern, and Z. Sweedyk, The hardness of approximate optima in lattices, codes, and systems of linear equations, J. Comput. System Sci., 54 (1997), pp. 317–331. 34th Annual Symposium on Foundations of Computer Science (Palo Alto, CA, 1993).
S. Arora and C. Lund, Hardness of approximation, in Approximation Algorithms for NP-Hard Problems, D. Hochbaum, ed., PWS Publishing Company, Boston, 1997, pp. 399–346.
R. Chinchani, D. Ha, A. Iyer, H. Q. Ngo, and S. Upadhyaya, On the hardness of approximating the min-hack problem, J. Comb. Optim., (2005). To appear.
R. Chinchani, A. Iyer, H. Q. Ngo, and S. Upadhyaya, Towards a theory of insider threat assessment, in Proceedings of the International Conference on Dependable Systems and Networks (DSN 2005, Yokohama, Japan), IEEE, 2005.
P. Crescenzi, V. Kann, R. Silvestri, and L. Trevisan, Structure in approximation classes, SIAM J. Comput., 28 (1999), pp. 1759–1782 (electronic).
M. Dacier, Towards Quantitative Evaluation of Computer Security, PhD thesis, Institut National Polytechnique de Toulouse, December 1994.
I. Dinur, E. Fischer, G. Kindler, R. Raz, and S. Safra, PCP characterizations of NP: towards a polynomially-small error-probability, in Annual ACM Symposium on Theory of Computing (Atlanta, GA, 1999), ACM, New York, 1999, pp. 29–40 (electronic).
I. Dinur and S. Safra, On the hardness of approximating label-cover, Inform. Process. Lett., 89 (2004), pp. 247–254.
J. Gorski and A. Wardzinski, Formalizing Fault Trees, Achievement and Assurance of Safety, (1995), pp. 311–327.
D. S. Hochbaum, ed., Approximation Algorithms for NP Hard Problems, PWS Publishing Company, Boston, 1997.
M. Howard, J. Pincus, and J. Wing, Measuring Relative Attack Surfaces, in Proceedings of Workshop on Advanced Developments in Software and Systems Security, 2003.
K. Ilgun, R. A. Kemmerer, and P. A. Porras, State Transition Analysis: A Rule-Based Intrusion Detection Approach, IEEE Transactions on Software Engineering, (1995).
INSECURE.ORG, Top 75 Security Tools, 2003. http://www.insecure.org/tools.html.
K. Jensen, Colored Petri Nets: Basic Concepts, Analysis Methods, And Practical Use, vol. 1.2, Springer, Berlin, 1992.
S. Jha, O. Sheyner, and J. Wing, Two Formal Analyses of Attack Graphs, in 15th IEEE Computer Security Foundations Workshop (CSFW’02), Cape Breton, Nova Scotia, Canada, 2002, pp. 49–63.
E. Kindler, Safety and liveness properties: A survey, Bull. Eur. Assoc. Theor. Comput. Sci., 53 (1994), pp. 268–272.
C. Lund and M. Yannakakis, On The Hardness Of Approximating Minimization Problems, J. Assoc. Comput. Mach., 41 (1994), pp. 960–981.
E. W. Mayr, An Algorithm For The General Petri Net Reachability Problem, SIAM J. Comput., 13 (1984), pp. 441–460.
C. Meadows, A Representation of Protocol Attacks for Risk Assessment, in DIMACS Series in Discrete Mathematics and Theoretical Computer Science: Network Threats, R. N. Wright and P. G. Neumann, eds., vol. 38, December 1998.
Nessus, Security Scanner for Various Flavors of Unix and Windows. http://www.nessus.org/intro.html
P. G. Neumann, The Challenges of Insider Misuse. Prepared for the workshop on Preventing, Detecting, and Responding to Malicious Insider Misuse, Aug. 1999.
R. Ortalo, Y. Dewarte, and M. Kaaniche, Experimenting With Quantitative Evaluation Tools For Monitoring Operation Security, IEEE Transactions on Software Engineering, 25 (1999), pp. 633–650.
C. H. Papadimitriou, Computational complexity, Addison-Wesley Publishing Company, Reading, MA, 1994.
C. Phillips and L. P. Swiler, A Graph-Based System For Network-Vulnerability Analysis, in Proceedings of 1998 New Security Paradigms Workshop, Charlottesville, Virginia, 1998, pp. 71–79.
P. A. Porras and R. A. Kemmerer, Penetration State Transition Analysis A Rule-Based Intrusion Detection Approach, in Proceedings of the Eighth Annual Computer Security Applications Conference, San Antonio, Texas, December 1992, pp. 220–229.
SAINT, Vulnerability Scanning Engine. http://www.saintcorporation.com/.
O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing, Automated Generation and Analysis of Attack Graphs, in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA., May 2002.
L. P. Swiler, C. Phillips, D. Ellis, and S. Chakerian, Computer-Attack Graph Generation Tool, in DARPA Information Survivability Conference and Exposition (DISCEX 11’01), vol. 2, June 2001.
V. V. Vazirani, Approximation algorithms, Springer, Berlin, 2001.
B. J. Wood, An insider threat model for adversary simulation, 2000.
Acknowledgments
This research is supported in part by by Telcordia Technologies Subcontract: FA8750-04-C-0249 from the DARPA SRS Program.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Chinchani, R., Ha, D., Iyer, A., Ngo, H.Q., Upadhyaya, S. (2010). Insider Threat Assessment: Model, Analysis and Tool. In: Huang, SH., MacCallum, D., Du, DZ. (eds) Network Security. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-73821-5_7
Download citation
DOI: https://doi.org/10.1007/978-0-387-73821-5_7
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-73820-8
Online ISBN: 978-0-387-73821-5
eBook Packages: Computer ScienceComputer Science (R0)