• DocumentCode
    3293889
  • Title

    Managing Malicious Insider Risk through BANDIT

  • Author

    Berk, Vincent H. ; Cybenko, George ; Souza, Ian Gregorio-de ; Murphy, John P.

  • Author_Institution
    Thayer Sch. of Eng., Dartmouth Coll., Hanover, NH, USA
  • fYear
    2012
  • fDate
    4-7 Jan. 2012
  • Firstpage
    2422
  • Lastpage
    2430
  • Abstract
    The transition from system-to information-based security has continued steadily over the last 30 years. Correspondingly, it is increasingly not the computer that is at risk, but the information in it. The human operator is ultimately the cornerstone of information security, an integral part of the information infrastructure. We are therefore forced to use techniques and methods that help us understand the role of human actors in the information infrastructure, so that we may make meaningful progress in mitigating insider threat. Malicious versus benign human behavior cannot easily be categorized based on a signature such as conventional virus and intrusion detection approaches. Because the cost of a false positive is high, we must be careful in our classification and subsequent actions. This article outlines our BANDIT (Behavioral Anomaly Detection for Insider Threat) system, using the traditional notion of Motive, Means, and Opportunity, combined with comprehensive behavioral analysis techniques to place each individual on a sliding scale of ´insider risk´. Finally, an insider threat detection cost-benefit analysis, based on classical risk assessment techniques, is presented to quantify how effective the technology has to be for beneficial deployment in a given enterprise.
  • Keywords
    cost-benefit analysis; information networks; invasive software; risk management; BANDIT system; behavioral anomaly detection for insider threat; benign human behavior; comprehensive behavioral analysis techniques; computer virus; cost-benefit analysis; human operator; information infrastructure; information security; intrusion detection approaches; malicious insider risk management; threat detection; Context; Electronic mail; Frequency measurement; Humans; Security; Vectors; insider threat; network behavioral analysis; social network analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    System Science (HICSS), 2012 45th Hawaii International Conference on
  • Conference_Location
    Maui, HI
  • ISSN
    1530-1605
  • Print_ISBN
    978-1-4577-1925-7
  • Electronic_ISBN
    1530-1605
  • Type

    conf

  • DOI
    10.1109/HICSS.2012.420
  • Filename
    6149308