Insider Threat Analysis Using Information-Centric Modeling

13 years 10 months ago

Download www.cse.buffalo.edu

Capability acquisition graphs (CAGs) provide a powerful framework for modeling insider threats, network attacks and system vulnerabilities. However, CAG-based security modeling systems have yet to be deployed in practice. This paper demonstrates the feasibility of applying CAGs to insider threat analysis. In particular, it describes the design and operation of an information-centric, graphics-oriented tool called ICMAP. ICMAP enables an analyst without any theoretical background to apply CAGs to answer security questions about vulnerabilities and likely attack scenarios, as well as to monitor network nodes. This functionality makes the tool very useful for attack attribution and forensics.

Duc T. Ha, Shambhu J. Upadhyaya, Hung Q. Ngo, S. P

Real-time Traffic

CAG-based Security Modeling | Capability Acquisition Graphs | Communications | IFIP 2007 | Insider Threat |

claim paper

» IntentDriven Insider Threat Detection in Intelligence Analyses

» Mitigating Inadvertent Insider Threats with Incentives

» Formal Specification of Common Criteria Based Access Control Policy Model

» A framework for understanding and predicting insider attacks

» Case Studies of an Insider Framework

» Threat Modeling Revisited Improving Expressiveness of Attack

» SIDD A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack

» A DataCentric Approach to Insider Attack Detection in Database Systems

Post Info
More Details (n/a)

Added	08 Jun 2010
Updated	08 Jun 2010
Type	Conference
Year	2007
Where	IFIP
Authors	Duc T. Ha, Shambhu J. Upadhyaya, Hung Q. Ngo, S. Pramanik, Ramkumar Chinchani, Sunu Mathew

Comments (0)

Sciweavers

Insider Threat Analysis Using Information-Centric Modeling

CAG-based Security Modeling | Capability Acquisition Graphs | Communications | IFIP 2007 | Insider Threat |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers