Title :
Trapping Malicious Insiders in the SPDR Web
Author :
Haigh, J.T. ; Harp, S.A. ; O´Brien, R.C. ; Payne, C.N. ; Gohde, J. ; Maraist, J.
Author_Institution :
Adventium Labs., Minneapolis, MN
Abstract :
The insider threat has assumed increasing importance as our dependence on critical cyber information infrastructure has increased. In this paper we describe an approach for thwarting and attributing insider attacks. The Sense, Prepare, Detect, and React (SPDR) approach utilizes both a highly intelligent software reasoning system to anticipate, recognize, respond to, and attribute attacks as well as a widely distributed set of hardware-based sensor-effectors to provide alerts used by the reasoning system and to implement responses as directed by it. Using hardware sensor-effectors greatly reduces the risk that a savvy malicious insider can bypass or cripple the system´s monitoring and control capabilities. In this paper we describe the prototype SPDR system and the results of its successful evaluation by an independent, DARPA-sponsored Red Team. We conclude with thoughts on possible SPDR enhancements and further research.
Keywords :
Internet; computer crime; SPDR Web; cyber information; hardware-based sensor-effectors; intelligent software reasoning system; malicious insiders; Air traffic control; Control systems; Hardware; Information systems; Intelligent sensors; Intelligent systems; Monitoring; Prototypes; Software systems; Workstations;
Conference_Titel :
System Sciences, 2009. HICSS '09. 42nd Hawaii International Conference on
Conference_Location :
Big Island, HI
Print_ISBN :
978-0-7695-3450-3
DOI :
10.1109/HICSS.2009.474
