Sciweavers

HICSS
2009
IEEE

Trapping Malicious Insiders in the SPDR Web

13 years 10 months ago
Trapping Malicious Insiders in the SPDR Web
The insider threat has assumed increasing importance as our dependence on critical cyber information infrastructure has increased. In this paper we describe an approach for thwarting and attributing insider attacks. The Sense, Prepare, Detect, and React (SPDR) approach utilizes both a highly intelligent software reasoning system to anticipate, recognize, respond to, and attribute attacks as well as a widely distributed set of hardware-based sensor-effectors to provide alerts used by the reasoning system and to implement responses as directed by it. Using hardware sensor-effectors greatly reduces the risk that a savvy malicious insider can bypass or cripple the system’s monitoring and control capabilities. In this paper we describe the prototype SPDR system and the results of its successful evaluation by an independent, DARPA-sponsored Red Team. We conclude with thoughts on possible SPDR enhancements and further research.
J. Thomas Haigh, Steven A. Harp, Richard C. O'Brie
Added 19 May 2010
Updated 19 May 2010
Type Conference
Year 2009
Where HICSS
Authors J. Thomas Haigh, Steven A. Harp, Richard C. O'Brien, Charles N. Payne, Johnathan Gohde, John Maraist
Comments (0)