Title :
Detecting insider threats by monitoring system call activity
Author :
Nguyen, Nam ; Reiher, Peter ; Kuenning, Geoffrey H.
Author_Institution :
Comput. Sci. Dept., California Univ., Los Angeles, CA, USA
Abstract :
One approach to detecting insider misbehavior is to monitor system call activity and watch for danger signs or unusual behavior. We describe an experimental system designed to test this approach. We tested the system´s ability to detect common insider misbehavior by examining file system and process-related system calls. Our results show that this approach can detect many such activities.
Keywords :
authorisation; computer crime; network operating systems; statistical analysis; system monitoring; user interfaces; file system; insider misbehavior detection; process-related system call; system ability; system call activity monitoring; Companies; Computer science; Computer security; Computerized monitoring; Data mining; File systems; Intrusion detection; System testing; Telecommunication traffic; Watches;
Conference_Titel :
Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society
Print_ISBN :
0-7803-7808-3
DOI :
10.1109/SMCSIA.2003.1232400
