Title :
A framework of defense system for prevention of insider´s malicious behaviors
Author :
Eom, Jung-Ho ; Park, Min-Woo ; Park, Seon-Ho ; Chung, Tai-Myoung
Author_Institution :
Internet Manage. Technol. Lab., Sungkyunkwan Univ., Suwon, South Korea
Abstract :
In this paper, we proposed a framework of defense system by applying attack tree and misuse monitor for prevention of insider´s malicious behaviors. Recently, a major interest of network security is the threat from insiders who execute their authorization legitimately to leak information on network system. If insider threats his/her system, he/she has caused a severe damage and loss to compromise information assets. Our proposed framework is consisted of 3 prevention modules. It prevents abnormal behaviors by monitoring all activities according to each prevention techniques. The main keys to prevention are attack tree and misuse monitor. An attack tree is conceptual diagrams of insider threats on systems and possible attacks to reach those goals. And a misuse monitor can prevent the misuse of resources by matching the actual running process pattern to the expected processing pattern in pre-defined current insider executed process profile.
Keywords :
authorisation; computer network security; trees (mathematics); attack tree; authorization; defense system framework; insider malicious behavior prevention; misuse monitor; network security; process pattern matching; Mercury (metals); Insider threat; attack tree; defense system; misuse monitor;
Conference_Titel :
Advanced Communication Technology (ICACT), 2011 13th International Conference on
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-8830-8
