On Insider Threats, Deception, and User Modeling
Abstract
There exists a critical gap in current insider threat technology. To date, efforts on insider threat have not seriously taken into account the impact of deception by the insider. Needless to say, without a clear understanding of this impact and mechanisms for deception detection, technology for handling insider threat attacks (beyond simple attacks) can only be reactive in nature that will be often too slow and too late to prevent or even correct the damage done. In this project, we have identified a number of potential technology and research avenues that can provide an essential avenue for developing a dynamic and proactive response to insider threats. The two primary technologies of interest are user modeling and deception detection. First the application of user modeling technology in a novel manner provides unique capabilities in recognizing various classes of insider threats. User modeling in the past has typically been employed to assist the user, to capitalize on knowledge about his/her previous behavior and current roles to infer goals, motives, and intentions in order to anticipate (predict) and facilitate subsequent actions. We observed that such prediction can be used not only to anticipate a future course for the purpose of facilitating pursuit of that course, but also to detect deviations from that course. The second technology is the detection of deception, where different levels and types of deception and their indicators are modeled.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 30, 2011
- Accession Number
- ADA567009
Entities
People
- Eugene Santos