Title :
Insider threat detection using situation-aware MAS
Author :
Buford, John F. ; Lewis, Lundy ; Jakobson, Gabriel
Author_Institution :
Avaya Labs. Res., Lincroft, NJ
Abstract :
Previous work in automating insider threat detection has included top-down analysis and fusion of events from network and system monitors. Situation-awareness can extend the capability of such techniques to include observables outside of cyber-space. The application of situation-management to insider threats is becoming more practical due to the growing volume of different types of transactions and social networking performed electronically as well as the increasing capability for surveillance. We describe our distributed architecture for insider threat detection based on our earlier work in situation-aware BDI agents. In addition we consider examples of using the agent-based approach to simulate insider behavior, both expected and malicious. This approach offers the potential of detecting changes in behavior patterns as well as mis-information activities.
Keywords :
distributed processing; multi-agent systems; security of data; BDI agents; distributed architecture; insider threat detection; multiagent systems; situation-aware MAS; social networking; BDI; Insider threat; cyber-security; multi-agent system; situation management; situation-awareness;
Conference_Titel :
Information Fusion, 2008 11th International Conference on
Print_ISBN :
978-3-8007-3092-6
Electronic_ISBN :
978-3-00-024883-2
