Analysis and Detection of Malicious Insiders

Abstract

This paper summarizes a collaborative, six month ARDA NRRC challenge workshop to characterize and create analysis methods to counter sophisticated malicious insiders in the United States Intelligence Community. Based upon a careful study of past and projected cases, we report a generic model of malicious insider behaviors, distinguishing motives, (cyber and physical) actions, and associated observables. The paper outlines several prototype techniques developed to provide early warning of insider activity, including novel algorithms for structured analysis and data fusion. We report the assessment of their performance in an operational network against distinct classes of human insiders (an analyst, application administrator, and system administrator), measuring timeliness and accuracy of detection.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2005
Accession Number
ADA456356

Entities

People

  • Brad Wood
  • Brant Cheikes
  • Conner Sibley
  • Dick Brackney
  • Jack Marin
  • Mark Maybury
  • Penny Chase
  • Sara Matzner
  • Tom Hetherington
  • Tom Longstaff

Organizations

  • MITRE Corporation

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Anomaly Detection
  • Change Detection
  • Computer Network Security
  • Data Fusion
  • Data Sets
  • Detection
  • Detectors
  • Electronic Mail
  • Geographic Regions
  • Information Operations
  • Information Systems
  • Insider Threats
  • Intelligence Analysis
  • Intrusion Detection
  • Security
  • Software Development
  • Structural Analysis

Readers

  • Cybersecurity.
  • Geospatial Intelligence and Artificial Intelligence Analytics
  • Systems Analysis and Design

Technology Areas

  • AI & ML
  • Cyber