A Frame-Based Approach to Generating Insider Threat Test Suite on Cloud File-Sharing
Insider threat has attracted considerable attention in security industry. It is difficult to detect insiders, because they know organization’s security countermeasures and usually hide their tracks in their normal activities. For evaluating insider detection algorithm on specific organization, it is important to generate a test suite with the corresponding normal activities. However, it is costly and time consuming to generate tailor-made test suite. Due to the complexity of combining different insider attack technique with different organization’s audit data, the insider attack scenario modeling issue arises when adaptively generate test suite for insider threat detection. In this paper, we propose the insider attack frame hierarchy to describe stereotype features of insider attack scenario. The proposed frame-based approach has been combined with the RBAC technologies, and its instantiation property allow us generate the customized insider attack test suite with full test coverage. The evaluation results show that most of experts satisfy with our proposed system.
KeywordsFrame-based approach Insider threat
This study is conducted under the “III Innovative and Prospective Technologies Project (1/1)” of the Institute for Information Industry which is subsidized by the Ministry of Economic Affairs of the Republic of China. This work was partially supported by National Science Council of the Republic of China under contracts 106-2511-S-468-002-MY3 and 106-2511-S-468-004-MY2.
- 1.Kitts, B., et al.: Click fraud detection with bot signatures. In: 2013 IEEE International Conference on Intelligence and Security Informatics (2013)Google Scholar
- 3.Yaseen, Q., et al.: An insider threat aware access control for cloud relational databases. Clust. Comput. J. Netw. Softw. Tools Appl. 20(3), 2669–2685 (2017)Google Scholar
- 6.Aleman-Meza, B., Burns, P., Eavenson, M., Palaniswami, D., Sheth, A.: An ontological approach to the document access problem of insider threat. In: Kantor, P., et al. (eds.) ISI 2005. LNCS, vol. 3495, pp. 486–491. Springer, Heidelberg (2005). https://doi.org/10.1007/11427995_47CrossRefGoogle Scholar
- 8.Agrafiotis, I., et al.: Formalising policies for insider-threat detection: a tripwire grammar. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 8(1), 26–43 (2017)Google Scholar
- 9.Kammüller, F., et al.: Insider threats and auctions: formalization, mechanized proof, and code generation. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 8(1), 26–43 (2017)Google Scholar
- 10.Kammüller, F., et al.: Enhancing video surveillance with usage control and privacy-preserving solutions. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 7(4), 20–40 (2016)Google Scholar
- 12.Guerar, M., et al.: ClickPattern: a pattern lock system resilient to smudge and side-channel attacks. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 8(2), 64–78 (2017)Google Scholar