Accession Number:

ADA456356

Title:

Analysis and Detection of Malicious Insiders

Descriptive Note:

Conference paper

Corporate Author:

MITRE CORP BEDFORD MA

Report Date:

2005-03-01

Pagination or Media Count:

8.0

Abstract:

This paper summarizes a collaborative, six month ARDA NRRC challenge workshop to characterize and create analysis methods to counter sophisticated malicious insiders in the United States Intelligence Community. Based upon a careful study of past and projected cases, we report a generic model of malicious insider behaviors, distinguishing motives, cyber and physical actions, and associated observables. The paper outlines several prototype techniques developed to provide early warning of insider activity, including novel algorithms for structured analysis and data fusion. We report the assessment of their performance in an operational network against distinct classes of human insiders an analyst, application administrator, and system administrator, measuring timeliness and accuracy of detection.

Subject Categories:

  • Computer Systems Management and Standards
  • Defense Systems
  • Military Intelligence
  • Information Science
  • Miscellaneous Detection and Detectors

Distribution Statement:

APPROVED FOR PUBLIC RELEASE