Dynamic Bayesian networks to model insider user behavior in trusted computing environment

Posted on:2006-03-23

Degree:Ph.D

Type:Dissertation

University:George Mason University

Candidate:AlGhamdi, Ghazi A

Full Text:PDF

GTID:1458390008462645

Subject:Engineering

Abstract/Summary:

This research tackles a key part of information security problem; modeling insider user threat behavior. The specific problem we deal with in this research is the identification of malicious behavior by insiders in trusted computing environments, i.e. individuals who attempt to misuse their own system resources. Even if insider users are assumed trusted, modeling their behavior can give important information about the legitimacy of their actions. Most work in information security focused on intrusion detection systems (IDS's) to detect and respond to intrusions. Although most of the security techniques in IDS lean toward protecting the system boundaries from outside attacks, defending against an insider who attempts to misuse privileges is an equally significant problem for network security. Violations of system security policy by authorized computer users present a major threat to the all three information security objectives: confidentiality, integrity, and availability.; Modeling insider user behavior is a complex problem that requires a systematic and a structured process to manage design, development, and evaluation of models. This research provides a methodology, based on multi-entity Bayesian networks, to develop a scalable and extensible behavior model that can be applied to any computer network. The research methodology provides an approach to design, develop, and evaluate an insider behavior model. This systematic process is based on the spiral lifecycle model. At each phase, we develop a prototype model, evaluate the prototypes, and plan for the next phase. At the first phase, we develop a proof-of-concept model and provide a computational experiment in dynamic simulated situations to demonstrate the potential of the model to detect abnormal behavior. This cyclic process of design, development, evaluation, and modification is repeated as necessary. The evaluation process that we followed in this research includes expert elicitation, computational experiments to test prototype models, and sensitivity analysis experiments to test the robustness of the model.

Keywords/Search Tags:

Model, Behavior, Insider user, Information security, Trusted, Problem

Related items

1	Insider Threat Detection Based On User Behaviors
2	Study On Behavior Tendency Of Insider Threat In Information Security
3	The Basic Research And Application Of Trusted Software Designing Based On Trusted User Behavior
4	Analysis Of Insider Risk Based On User Behaviors And Relationships
5	Research On Trusted Assessment Of User Behavior On Information System Terminal
6	Trust Chain To Pass Under The Trusted Computing Model
7	Study On Evaluation Of User Behavior Trust In Trusted Network
8	Research On Insider Threat Detection And User Behavior Evaluation Method Based On Deep Learning
9	The Study And Implementation Of Suspicious User Tracking Based On Web Data Analysis
10	Research On Defense Technology On Insider Threats In Cloud Computing Model