|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
540:691 SEMINAR IN INDUSTRIAL & SYSTEMS ENGINEERING |
|
|
SPECIAL SEMINAR How to Deal with Insider Threats? Prof.
Shambhu Upadhyaya Abstract: Insider Threat Management products based on misuse signatures are a first step in dealing with insider attacks, but there are still several fundamental challenges, beginning with the understanding of the insider threat. In fact, any good model or assessment methodology will be already a significant advance. In this talk, we will first look into the challenges and examine some of the recent attempts to address them. This includes a new threat assessment methodology by which specific and targeted countermeasures can be deployed against stealthy attacks for which no effective solutions currently exist. Central to our approach is the information-centric threat model called Capability Acquisition Graph (CAG) model that works at higher level of abstraction—namely, the user operation level—as opposed to low levels, such as network packets or system calls, which are considered in attack-centric models that are fraught with implementation constraints. We briefly outline this scheme, present some theoretical results, demonstrate a proof-of-concept prototype and show how this scheme can be used to assess insider activities and harden the network against insider attacks. Some open research problems will also be discussed.
|
||
|
CoRE Building |
|
||
|
|
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
