@inproceedings{b3fe744dd6184770aaa58397742b90f0,
title = "Insider abuse comprehension through capability acquisition graphs",
abstract = "Insider attacks constitute one of the most potent, yet difficult to detect threats to information security in the cyberdomain. Malicious actions perpetrated by privileged insiders usually circumvent intrusion detection systems (IDS) and other mechanisms designed to detect and prevent unauthorized activity. In this paper, we present an architectural framework and technique to aid in situation awareness of insider threats in a networked computing environment such as a corporate network. Individual actions by users are analyzed using a theoretical model called a Capability Acquisition Graph (CAG) to evaluate their cumulative effect and detect possible violations. Our approach is based on periodic evaluation of the privileges that users accumulate with respect to critical information assets during their workflow. A static analysis tool called Information-Centric Modeler and Auditor Program (ICMAP) is used to periodically construct CAGs which are then analyzed to uncover possible attacks. The process is demonstrated by considering an information process cycle from the real-world.",
keywords = "Capability acquisition graph, Insider threat, Situation awareness",
author = "Sunu Mathew and Shambhu Upadhyaya and Duc Ha and Ngo, \{Hung Q.\}",
year = "2008",
doi = "10.1109/ICIF.2008.4632279",
language = "English",
isbn = "9783000248832",
series = "Proceedings of the 11th International Conference on Information Fusion, FUSION 2008",
booktitle = "Proceedings of the 11th International Conference on Information Fusion, FUSION 2008",
note = "11th International Conference on Information Fusion, FUSION 2008 ; Conference date: 30-06-2008 Through 03-07-2008",
}