Sciweavers

COMPSEC
2002

A framework for understanding and predicting insider attacks

14 years 8 days ago
A framework for understanding and predicting insider attacks
In this paper an insider attack is considered to be deliberate misuse by those who are authorized to use computers and networks. Applying this definition in real-life settings to determine whether or not an attack was caused by an insider is often, however, anything but straightforward. We know very little about insider attacks, and misconceptions concerning insider attacks abound. The belief that "most attacks come from inside" is held by many information security professionals, for example, even though empirical statistics and firewall logs indicate otherwise. This paper presents a framework based on previous studies and models of insider behavior as well as firsthand experience in dealing with insider attacks. This framework defines relevant types of insider attack-related behaviors and symptoms--"indicators" that include deliberate markers, meaningful errors, preparatory behaviors, correlated usage patterns, verbal behavior and personality traits. From these se...
E. Eugene Schultz
Added 18 Dec 2010
Updated 18 Dec 2010
Type Journal
Year 2002
Where COMPSEC
Authors E. Eugene Schultz
Comments (0)