Detecting insider threats by monitoring system call activity

Author

Nguyen, Nam ; Reiher, Peter ; Kuenning, Geoffrey H.

Author_Institution

Comput. Sci. Dept., California Univ., Los Angeles, CA, USA

fYear

2003

fDate

18-20 June 2003

Firstpage

Lastpage

Abstract

One approach to detecting insider misbehavior is to monitor system call activity and watch for danger signs or unusual behavior. We describe an experimental system designed to test this approach. We tested the system´s ability to detect common insider misbehavior by examining file system and process-related system calls. Our results show that this approach can detect many such activities.

Keywords

authorisation; computer crime; network operating systems; statistical analysis; system monitoring; user interfaces; file system; insider misbehavior detection; process-related system call; system ability; system call activity monitoring; Companies; Computer science; Computer security; Computerized monitoring; Data mining; File systems; Intrusion detection; System testing; Telecommunication traffic; Watches;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society

Print_ISBN

0-7803-7808-3

Type

conf

DOI

10.1109/SMCSIA.2003.1232400

Filename

1232400

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2084313