• DocumentCode
    1707741
  • Title

    Molehunt: near-line semantic activity tracing

  • Author

    Wolthusen, Stephen D.

  • Author_Institution
    Fraunhofer-IGD, Germany
  • fYear
    2005
  • Firstpage
    410
  • Lastpage
    418
  • Abstract
    This paper discusses threats posed by low granularity in access to confidential (classified) data typically found at lower protection levels, namely direct access beyond need to know and the correlation of materials yielding more sensitive aggregate data by both insider threats and malware, an area of particular concern for intelligence analysis. It is argued that while active security controls at both the procedural and technical level are currently not pragmatically feasible, near-line semantic monitoring particularly at the file system but also at the network level can provide capabilities to detect anomalous and also directed malicious activity. A mechanism for implementing the tracing and monitoring mechanism on an COTS operating system is described.
  • Keywords
    data privacy; operating systems (computers); security of data; Molehunt; active security control; anomalous activity detection; classified data; confidential data; data access; data protection; intelligence analysis; malicious activity detection; malware; near-line semantic activity tracing; near-line semantic monitoring; operating system; sensitive aggregate data; Aggregates; Control systems; Data security; File systems; Information systems; Monitoring; Multilevel systems; National security; Operating systems; Protection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
  • Print_ISBN
    0-7803-9290-6
  • Type

    conf

  • DOI
    10.1109/IAW.2005.1495981
  • Filename
    1495981
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1707741