Accession Number:

ADA454839

Title:

Detecting the Misappropriation of Sensitive Information through Bottleneck Monitoring

Descriptive Note:

Research paper

Corporate Author:

STOTTLER HENKE ASSOCIATES INC SEATTLE WA

Personal Author(s):

Report Date:

2005-01-01

Pagination or Media Count:

7.0

Abstract:

The insider threat has proved a tough nut to crack. Previous work in this area has been dominated by efforts to model normal user behavior through statistical measures and then detect substantial anomalies. Unfortunately, while these methods have shown some ability in the detection of masqueraders, broader applications have proved ineffectual due to extremely high false alarm rates. In this paper, the authors describe an alternative approach, Stochastic Long-String Analysis with Feedback SL-SAFE, that can achieve high levels of accuracy in detecting the unauthorized access and distribution of sensitiveproprietary information by insiders -- the single most costly type of computer crime. SL-SAFE succeeds in this task by means of a stochastic sampling of bottlenecks through which information must flow to be useful to the malicious insider. Further, it achieves a low and shrinking false alarm rate by validating its suspicions through public information sources and eliciting feedback from the information owner.

Subject Categories:

  • Information Science
  • Computer Programming and Software
  • Computer Systems Management and Standards
  • Cybernetics

Distribution Statement:

APPROVED FOR PUBLIC RELEASE