Title :
Trust Enhanced Security Architecture for Detecting Insider Threats
Author :
Tupakula, Udaya ; Varadharajan, Vijay
Author_Institution :
Inf. & Networked Syst. Security Res., Macquarie Univ., Sydney, NSW, Australia
Abstract :
Attacks on the organization networks can be classified as external and internal attacks. For the purpose of this paper we consider that external attacks are generated by the attackers or from hosts outside the organization, and internal attacks are generated by malicious insiders within the organization. Insider attacks have always been challenging to deal with as insiders have legitimate and physical access to the systems within the organization, and they have knowledge of the organization networks and more importantly, are aware of the security environment enforced within the organization. In this paper we propose novel trust enhanced security techniques to deal with the insider attack problem. Our architecture detects the attacks by monitoring the user activity as well as the state of the system using trusted computing in exposing and analyzing suspicious behaviour. We will demonstrate how an insider can exploit the weakness in the systems to generate different attacks and how our architecture can help to prevent such attacks.
Keywords :
behavioural sciences computing; security of data; trusted computing; external attacks; insider threat detection; internal attacks; legitimate access; malicious insiders; organization networks; physical access; security environment; suspicious behaviour; trust enhanced security architecture; trusted computing; user activity monitoring; Computer architecture; Monitoring; Organizations; Runtime; Security; Servers; Software; Insider Threat; Security Architecture; Secuurity Attacks; Trusted Computing;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on
Conference_Location :
Melbourne, VIC
DOI :
10.1109/TrustCom.2013.8
