Skip to main content
eScholarship
Open Access Publications from the University of California

Insider Detection by Process Analysis

  • Author(s): Bishop, Matt
  • Conboy, Heather M.
  • Phan, Huong
  • Simidchieva, Borislava I.
  • Avrunin, George S.
  • Clarke, Lori A.
  • Osterweil, Leon J.
  • Peisert, Sean
  • et al.
Abstract

The insider threat is one of the most pernicious in computer security. Traditional approaches typically instrument systems with decoys or intrusion detection mechanisms to detect individuals who abuse their privileges (the quintessential "insider"). Such an attack requires that these agents have access to resources or data in order to corrupt or disclose them. In this work, we examine the application of process modeling and subsequent analyses to the insider problem. With process modeling, we first describe how a process works in formal terms. We then look at the agents who are carrying out particular tasks, perform different analyses to determine how the process can be compromised, and suggest countermeasures that can be incorporated into the process model to improve its resistance to insider attack.

Many UC-authored scholarly publications are freely available on this site because of the UC Academic Senate's Open Access Policy. Let us know how this access is important for you.

Main Content
Current View