Trust Enhanced Security Architecture for Detecting Insider Threats

Attacks on the organization networks can be classified as external and internal attacks. For the purpose of this paper we consider that external attacks are generated by the attackers or from hosts outside the organization, and internal attacks are generated by malicious insiders within the organization. Insider attacks have always been challenging to deal with as insiders have legitimate and physical access to the systems within the organization, and they have knowledge of the organization networks and more importantly, are aware of the security environment enforced within the organization. In this paper we propose novel trust enhanced security techniques to deal with the insider attack problem. Our architecture detects the attacks by monitoring the user activity as well as the state of the system using trusted computing in exposing and analyzing suspicious behaviour. We will demonstrate how an insider can exploit the weakness in the systems to generate different attacks and how our architecture can help to prevent such attacks.