• DocumentCode
    3595875
  • Title

    Insider threat detection using situation-aware MAS

  • Author

    Buford, John F. ; Lewis, Lundy ; Jakobson, Gabriel

  • Author_Institution
    Avaya Labs. Res., Lincroft, NJ
  • fYear
    2008
  • Firstpage
    1
  • Lastpage
    8
  • Abstract
    Previous work in automating insider threat detection has included top-down analysis and fusion of events from network and system monitors. Situation-awareness can extend the capability of such techniques to include observables outside of cyber-space. The application of situation-management to insider threats is becoming more practical due to the growing volume of different types of transactions and social networking performed electronically as well as the increasing capability for surveillance. We describe our distributed architecture for insider threat detection based on our earlier work in situation-aware BDI agents. In addition we consider examples of using the agent-based approach to simulate insider behavior, both expected and malicious. This approach offers the potential of detecting changes in behavior patterns as well as mis-information activities.
  • Keywords
    distributed processing; multi-agent systems; security of data; BDI agents; distributed architecture; insider threat detection; multiagent systems; situation-aware MAS; social networking; BDI; Insider threat; cyber-security; multi-agent system; situation management; situation-awareness;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Fusion, 2008 11th International Conference on
  • Print_ISBN
    978-3-8007-3092-6
  • Electronic_ISBN
    978-3-00-024883-2
  • Type

    conf

  • Filename
    4632213
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3595875