Who Really Did It? Controlling Malicious Insiders by Merging Biometric Behavior with Detection and Automated Responses

Author

Gabrielson, Bruce

fYear

2012

fDate

4-7 Jan. 2012

Firstpage

2441

Lastpage

2449

Abstract

This ongoing research and development activity addresses aspects of a potential capability to detect credential misuse and a suggested alerting approach based on known attack conditions to support automated mitigation techniques. This research is based on the assumption that the audit data and human-computer activity characteristics extracted from networked components contain the footprint(s) of those trying to breach network security. It takes advantage of the combination of near-real-time suspicious activity detection with biometric behavior profiling to reduce profiling false positives and network access controls that enable faster and more focused responses to detected suspicious activities.

Keywords

authorisation; biometrics (access control); computer network security; human computer interaction; alerting approach; audit data characteristics; automated mitigation techniques; automated responses; biometric behavior merging; biometric behavior profiling; credential misuse detection; detection responses; human-computer activity characteristics; malicious insider control; near-real-time suspicious activity detection; network access controls; profiling false positive reduction; Access control; Data mining; Hip; Intrusion detection; US Department of Defense; Workstations; NAC control; automated response; biometric profiling; data standards; insider threat detection;

fLanguage

English

Publisher

ieee

Conference_Titel

System Science (HICSS), 2012 45th Hawaii International Conference on

Conference_Location

Maui, HI

ISSN

1530-1605

Print_ISBN

978-1-4577-1925-7

Electronic_ISBN

1530-1605

Type

conf

DOI

10.1109/HICSS.2012.643

Filename

6149310