Visible to the public Insider Threats 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

Insider Threats 2015


Insider threats are a difficult problem.  The research cited here looks at both intentional and accidental threats, including the effects of social engineering, and methods of identifying potential threats. For the Science of Security, insider threat relates to human behavior, as well as metrics, policy-based governance  and resilience. These works were presented in 2015.

Maasberg, M.; Warren, J.; Beebe, N.L., "The Dark Side of the Insider: Detecting the Insider Threat through Examination of Dark Triad Personality Traits," in System Sciences (HICSS), 2015 48th Hawaii International Conference on, pp. 3518-3526, 5-8 Jan. 2015. doi: 10.1109/HICSS.2015.423

Abstract: Efforts to understand what goes on in the mind of an insider have taken a back seat to developing technical controls, yet insider threat incidents persist. We examine insider threat incidents with malicious intent and propose an explanation through a relationship between Dark Triad personality traits and the insider threat. Although Dark Triad personality traits have emerged in insider threat cases and deviant workplace behavior studies, they have not been labeled as such and little empirical research has examined this phenomenon. This paper builds on previous research on insider threat and introduces ten propositions concerning the relationship between Dark Triad personality traits and insider threat behavior. We include behavioral antecedents based on the Theory of Planned Behavior and Capability Means Opportunity (CMO) model and the factors affecting those antecedents. This research addresses the behavioral aspect of the insider threat and provides new information in support of academics and practitioners.

Keywords: behavioural sciences; security of data; CMO model; behavioral antecedents; capability means opportunity; dark triad personality traits; insider threat behavior; insider threat detection; theory of planned behavior; Correlation; Employment; Information systems; Law; Organizations; Security (ID#: 15-8324) (ID#: 15-8377)



Legg, P.A., "Visualizing the Insider Threat: Challenges and Tools for Identifying Malicious User Activity," in Visualization for Cyber Security (VizSec), 2015 IEEE Symposium on, pp. 1-7, 25-25 Oct. 2015. doi: 10.1109/VIZSEC.2015.7312772

Abstract: One of the greatest challenges for managing organisational cyber security is the threat that comes from those who operate within the organisation. With entitled access and knowledge of organisational processes, insiders who choose to attack have the potential to cause serious impact, such as financial loss, reputational damage, and in severe cases, could even threaten the existence of the organisation. Security analysts therefore require sophisticated tools that allow them to explore and identify user activity that could be indicative of an imminent threat to the organisation. In this work, we discuss the challenges associated with identifying insider threat activity, along with the tools that can help to combat this problem. We present a visual analytics approach that incorporates multiple views, including a user selection tool that indicates anomalous behaviour, an interactive Principal Component Analysis (iPCA) tool that aids the analyst to assess the reasoning behind the anomaly detection results, and an activity plot that visualizes user and role activity over time. We demonstrate our approach using the Carnegie Mellon University CERT Insider Threat Dataset to show how the visual analytics workflow supports the Information-Seeking mantra.

Keywords: principal component analysis; security of data; CERT insider threat dataset; Carnegie Mellon University; anomaly detection; iPCA tool; information-seeking mantra; malicious user activity; organisational cyber security; principal component analysis; security analyst; visual analytics workflow; Data visualization; Electronic mail; Feature extraction; Principal component analysis; Security; Visual analytics; Insider threat; behavioural analysis; model visualization (ID#: 15-8325) (ID#: 15-8378)


Padayachee, K., "A Framework of Opportunity-Reducing Techniques to Mitigate the Insider Threat," in Information Security for South Africa (ISSA), 2015, pp. 1-8, 12-13 Aug. 2015. doi: 10.1109/ISSA.2015.7335064

Abstract: This paper presents a unified framework derived from extant opportunity-reducing techniques employed to mitigate the insider threat leveraging best practices. Although both motive and opportunity are required to commit maleficence, this paper focuses on the concept of opportunity. Opportunity is more tangible than motive; hence, it is more pragmatic to reflect on opportunity-reducing measures. Situational Crime Prevention theory is the most evolved criminology theory with respect to opportunity-reducing techniques. Hence, this theory will be the basis of the theoretical framework. The derived framework highlights several areas of research and may assist organizations in implementing controls that are situationally appropriate to mitigate insider threat.

Keywords: computer crime; criminology theory; extant opportunity-reducing techniques; insider threat mitigation; situational crime prevention theory; unified framework; Computer crime; Computers; Mobile communication; Monitoring; Abuse; Insider Threat; crime involving computers (ID#: 15-8326) (ID#: 15-8379)



Pengfei Hu; Hongxing Li; Hao Fu; Cansever, D.; Mohapatra, P., "Dynamic Defense Strategy Against Advanced Persistent Threat with Insiders," in Computer Communications (INFOCOM), 2015 IEEE Conference on, pp. 747-755, April 26 2015-May 1 2015. doi: 10.1109/INFOCOM.2015.7218444

Abstract: The landscape of cyber security has been reformed dramatically by the recently emerging Advanced Persistent Threat (APT). It is uniquely featured by the stealthy, continuous, sophisticated and well-funded attack process for long-term malicious gain, which render the current defense mechanisms inapplicable. A novel design of defense strategy, continuously combating APT in a long time-span with imperfect/incomplete information on attacker's actions, is urgently needed. The challenge is even more escalated when APT is coupled with the insider threat (a major threat in cyber-security), where insiders could trade valuable information to APT attacker for monetary gains. The interplay among the defender, APT attacker and insiders should be judiciously studied to shed insights on a more secure defense system. In this paper, we consider the joint threats from APT attacker and the insiders, and characterize the fore-mentioned interplay as a two-layer game model, i.e., a defense/attack game between defender and APT attacker and an information-trading game among insiders. Through rigorous analysis, we identify the best response strategies for each player and prove the existence of Nash Equilibrium for both games. Extensive numerical study further verifies our analytic results and examines the impact of different system configurations on the achievable security level.

Keywords: game theory; security of data; APT; Nash equilibrium; advanced persistent threat; attack process; cyber security; defense/attack game; dynamic defense strategy; information-trading game; malicious gain; two-layer game model; Computer security; Computers; Cost function; Games; Joints; Nash equilibrium (ID#: 15-8327) (ID#: 15-8380)



Mayhew, Michael; Atighetchi, Michael; Adler, Aaron; Greenstadt, Rachel, "Use of Machine Learning in Big Data Analytics for Insider Threat Detection," in Military Communications Conference, MILCOM 2015 - 2015 IEEE, pp.915-922, 26-28 Oct. 2015. doi: 10.1109/MILCOM.2015.7357562

Abstract: In current enterprise environments, information is becoming more readily accessible across a wide range of interconnected systems. However, trustworthiness of documents and actors is not explicitly measured, leaving actors unaware of how latest security events may have impacted the trustworthiness of the information being used and the actors involved. This leads to situations where information producers give documents to consumers they should not trust and consumers use information from non-reputable documents or producers. The concepts and technologies developed as part of the Behavior-Based Access Control (BBAC) effort strive to overcome these limitations by means of performing accurate calculations of trustworthiness of actors, e.g., behavior and usage patterns, as well as documents, e.g., provenance and workflow data dependencies. BBAC analyses a wide range of observables for mal-behavior, including network connections, HTTP requests, English text exchanges through emails or chat messages, and edit sequences to documents. The current prototype service strategically combines big data batch processing to train classifiers and real-time stream processing to classifier observed behaviors at multiple layers. To scale up to enterprise regimes, BBAC combines clustering analysis with statistical classification in a way that maintains an adjustable number of classifiers.

Keywords: Access control; Big data; Computer security; Electronic mail; Feature extraction; Monitoring; HTTP; TCP; big data; chat; documents; email; insider threat; machine learning; support vector machine; trust; usage patterns (ID#: 15-8328) (ID#: 15-8381)



Feng, Xiaotao; Zheng, Zizhan; Hu, Pengfei; Cansever, Derya; Mohapatra, Prasant, "Stealthy Attacks Meets Insider Threats: A Three-Player Game Model," in Military Communications Conference, MILCOM 2015 - 2015 IEEE, pp. 25-30, 26-28 Oct. 2015. doi: 10.1109/MILCOM.2015.7357413

Abstract: Advanced persistent threat (APT) is becoming a major threat to cyber security. As APT attacks are often launched by well funded entities that are persistent and stealthy in achieving their goals, they are highly challenging to combat in a cost-effective way. The situation becomes even worse when a sophisticated attacker is further assisted by an insider with privileged access to the inside information. Although stealthy attacks and insider threats have been considered separately in previous works, the coupling of the two is not well understood. As both types of threats are incentive driven, game theory provides a proper tool to understand the fundamental tradeoffs involved. In this paper, we propose the first three-player attacker-defender-insider game to model the strategic interactions among the three parties. Our game extends the two-player FlipIt game model for stealthy takeover by introducing an insider that can trade information to the attacker for a profit. We characterize the subgame perfect equilibria of the game with the defender as the leader and the attacker and the insider as the followers, under two different information trading processes. We make various observations and discuss approaches for achieving more efficient defense in the face of both APT and insider threats.

Keywords: Computational modeling; Computer security; Face; Games; Numerical models; Real-time systems (ID#: 15-8329) (ID#: 15-8382)



Elmrabit, N.; Shuang-Hua Yang; Lili Yang, "Insider Threats in Information Security Categories and Approaches," in Automation and Computing (ICAC), 2015 21st International Conference on, pp. 1-6, 11-12 Sept. 2015. doi: 10.1109/IConAC.2015.7313979

Abstract: The main concern of most security experts in the last years is the need to mitigate insider threats. However, leaking and selling data these days is easier than before; with the use of the invisible web, insiders can leak confidential data while remaining anonymous. In this paper, we give an overview of the various basic characteristics of insider threats. We also consider current approaches and controls to mitigating the level of such threats by broadly classifying them into two categories.

Keywords: Internet; data privacy; security of data; confidential data; information security; insider threats; invisible Web; security experts; Authorization; Cloud computing; Companies; Databases; Information security; Intellectual property; Insider threats; data leaking; insider attacks; insider predictions; privileged user abuse (ID#: 15-8330) (ID#: 15-8383)



Zhuo Lu; Sagduyu, Y.E.; Li, J.H., "Queuing the Trust: Secure Backpressure Algorithm Against Insider Threats in Wireless Networks," in Computer Communications (INFOCOM), 2015 IEEE Conference on, pp. 253-261, April 26 2015-May 1 2015. doi: 10.1109/INFOCOM.2015.7218389

Abstract: The backpressure algorithm is known to provide throughput optimality in routing and scheduling decisions for multi-hop networks with dynamic traffic. The essential assumption in the backpressure algorithm is that all nodes are benign and obey the algorithm rules governing the information exchange and underlying optimization needs. Nonetheless, such an assumption does not always hold in realistic scenarios, especially in the presence of security attacks with intent to disrupt network operations. In this paper, we propose a novel mechanism, called virtual trust queuing, to protect backpressure algorithm based routing and scheduling protocols from various insider threats. Our objective is not to design yet another trust-based routing to heuristically bargain security and performance, but to develop a generic solution with strong guarantees of attack resilience and throughput performance in the backpressure algorithm. To this end, we quantify a node's algorithm-compliance behavior over time and construct a virtual trust queue that maintains deviations from expected algorithm outcomes. We show that by jointly stabilizing the virtual trust queue and the real packet queue, the backpressure algorithm not only achieves resilience, but also sustains the throughput performance under an extensive set of security attacks.

Keywords: queueing theory; radio networks; routing protocols; telecommunication scheduling; telecommunication security; telecommunication traffic; dynamic traffic; heuristic bargain security; information exchange; multihop wireless network threat; routing protocol; scheduling protocol; secure backpressure algorithm; virtual trust queuing; Algorithm design and analysis; Heuristic algorithms; Optimization; Queueing analysis; Routing; Scheduling; Throughput (ID#: 15-8331) (ID#: 15-8384)



Clark, J.W.; Collins, M.; Strozer, J., "Malicious Insiders with Ties to the Internet Underground Community," in Availability, Reliability and Security (ARES), 2015 10th International Conference on, pp. 374-381, 24-27 Aug. 2015. doi: 10.1109/ARES.2015.63

Abstract: In this paper, we investigate insider threat cases in which the insider had relationships with the Internet under-ground community. To this end, we begin by explaining our insider threat corpus and the current state of Internet underground forums. Next, we provide a discussion of each of the 17 cases that blend insider threat with the use of malicious Internet underground forums. Based on those cases, we provide an in-depth analysis to include:1) who the insiders are, 2) why they strike, 3) how they strike, 4) what sectors are most at risk, and 5) how the insiders were identified. Lastly, we describe our aggregated results and provide best practices to help mitigate the type of insider threat we describe.

Keywords: Internet; security of data; Internet underground community insider threat corpus; malicious Internet underground forum; malicious insider; Computers; Credit cards; Electronic mail; Internet; Organizations; Security; Servers; IRC; Internet Underground; best practices; case studies; cybercrime; forums; insider threat (ID#: 15-8332) (ID#: 15-8385)



Bertino, E.; Hartman, N.W., "Cybersecurity for Product Lifecycle Management a Research Roadmap," in Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on, pp. 114-119, 27-29 May 2015. doi: 10.1109/ISI.2015.7165949

Abstract: This paper introduces a research agenda focusing on cybersecurity in the context of product lifecycle management. The paper discusses research directions on critical protection techniques, including protection techniques from insider threat, access control systems, secure supply chains and remote 3D printing, compliance techniques, and secure collaboration techniques. The paper then presents an overview of DBSAFE, a system for protecting data from insider threat.

Keywords: authorisation; groupware; product life cycle management; supply chain management; three-dimensional printing; DBSAFE; access control systems; compliance techniques; critical protection techniques; cybersecurity; insider threat; product lifecycle management; remote 3D printing; research roadmap; secure collaboration techniques; secure supply chains; Access control; Collaboration; Companies; Computer security; Encryption; PLM; access control systems; data security; embedded systems; insider threat (ID#: 15-8333) (ID#: 15-8386)



Mohan, R.; Vaidehi, V.; Krishna A, A.; Mahalakshmi, M.; Chakkaravarthy, S.S., "Complex Event Processing based Hybrid Intrusion Detection System," in Signal Processing, Communication and Networking (ICSCN), 2015 3rd International Conference on, pp. 1-6, 26-28 March 2015. doi: 10.1109/ICSCN.2015.7219827

Abstract: Insider threats are evolving constantly and misuse the granted resource access for various malicious activities. These insider threats make use of internal network flaws as the loop holes and are the root cause for data exfiltration and infiltration (Data leakage). Organizations are devising and deploying new solutions for analyzing, monitoring and predicting these insider threats. However data leakage and network breach problems still exist and are increasing day by day. This is due to multiple root accounts, top priority privileges, shared root access, shared file system privileges etc. In this paper a new Hybrid Intrusion Detection System (IDS) is developed to overcome the above stated problem. The objective of this research is to develop a Complex Event Processing (CEP) based Hybrid IDS that integrates the output of the Host IDS and Network IDS into the CEP Module and produces a consolidated output with higher accuracy. The overall deployment protects the internal information system without any data leakage by Stateful Packet Inspection. Multivariate Correlation Analysis (MCA) is used to estimate and characterize the normal behavior of the network and send the values to the CEP Engine which alerts in case of any deviation from the normal pattern. The performance of the proposed Hybrid IDS is examined using test bed with normal and various attack scenarios.

Keywords: computer network security; peer-to-peer computing; CEP engine; CEP module; complex event processing; data exfiltration; data infiltration; data leakage problem; file system privilege sharing; file system sharing; host IDS; hybrid IDS; hybrid intrusion detection system; internal information system; internal network flaw; loop hole; multivariate correlation analysis; network IDS; network breach problem; root access sharing; stateful packet inspection; threat analysis; threat monitoring; threat prediction; Covariance matrices; Feature extraction; Linux; Random access memory; Servers; Standards; Testing; CEP; Hybrid IDS;IDS; Insider Threat; MCA; Multivariate Correlation Analysis (ID#: 15-8334) (ID#: 15-8387)



Rizvi, S.; Razaque, A.; Cover, K., "Cloud Data Integrity Using a Designated Public Verifier," in High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conference on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on, pp. 1361-1366, 24-26 Aug. 2015. doi: 10.1109/HPCC-CSS-ICESS.2015.277

Abstract: Cloud computing presents many advantages over previous computing paradigms such as rapid data processing and increased storage capacity. In addition, there are many cloud service providers (CSPs) that ensures for easy and an efficient migration and provide varying levels of security with respect to information or assets contained in the storage. However, the average cloud service user (CSU) may not have the auditing expertise and sufficient computing power to perform the necessary auditing of cloud data storage and an accurate security evaluation which facilitates to maintain the trust deficit between CSUs and CSPs. Therefore, the use of a trusted third party (TTP) to perform the required auditing tasks is inevitable since it provides several advantages to both CSUs and CSPs in terms of efficiency, fairness, trust, etc. -- which is essential to achieve the economies of scale for the cloud computing. Motivated with this, we present a new data security scheme which allows a CSU to enable a public verifier (e.g., a third-party auditor) to perform the necessary auditing tasks at the cloud data. Our proposed scheme is the extension of the TTP based encryption scheme proposed in [7]. Specifically, the auditing tasks include the checking of cloud data integrity on cloud user's request employing a public verifier. The simulation results demonstrate the effectiveness and the efficiency of our proposed scheme when auditing the cloud data integrity in terms of reliability of CSPs and the trust-level between the CSUs and a public verifier.

Keywords: cloud computing; data integrity; trusted computing; CSP; CSU; TTP based encryption scheme; cloud computing; cloud data integrity; cloud data storage; cloud service providers; cloud service user; public verifier; trusted third party; Cloud computing; Data privacy; Encryption; Memory; Protocols; Reliability; Cloud computing; authentication; cloud auditing; data privacy; insider threats; integrity; public verifier (ID#: 15-8335) (ID#: 15-8388)



Gunasekhar, T.; Rao, K.T.; Basu, M.T., "Understanding Insider Attack Problem and Scope in Cloud," in Circuit, Power and Computing Technologies (ICCPCT), 2015 International Conference on, pp. 1-6, 19-20 March 2015. doi: 10.1109/ICCPCT.2015.7159380

Abstract: The malicious insider can be an employees, user and/or third party business partner. The insiders can have legitimate access to their organization data centers. In organizations, the security related aspects are based on insider's behaviors, the malicious insiders may theft sensitive data and no protection mechanisms are addressed till now to completely defend against the attacks. Such that organizational data could be so vulnerable from insider threat attacks. The malicious insiders of an organization can perform stealing on sensitive data at cloud storage as well as at organizational level. The insiders can misuse their credentials in order to perform malicious tasks on sensitive information as they agreed with the competitors of that organization. By doing this, the insiders may get financial benefits from the competitors. The damages of insider threat are: IT sabotages, theft of confidential information, trade secrets and Intellectual properties (IP). It is very important for the nation to start upgrading it's IT infrastructure and keep up with the latest security guidelines and practices.

Keywords: cloud computing; industrial property; organisational aspects; security of data; storage management; IT infrastructure; IT sabotages; cloud storage; confidential information theft; insider behaviors; insider threat attack problem; intellectual properties; malicious insider; organization data centers; organizational level; security related aspects; trade secrets; Cloud computing; Companies; Computers; Firewalls (computing);Confidential; Insider; Intellectual property; attacks; sabotage (ID#: 15-8336) (ID#: 15-8389)



El Masri, A.; Wechsler, H.; Likarish, P.; Grayson, C.; Pu, C.; Al-Arayed, D.; Kang, B.B., "Active Authentication Using Scrolling Behaviors," in Information and Communication Systems (ICICS), 2015 6th International Conference on, pp. 257-262, 7-9 April 2015. doi: 10.1109/IACS.2015.7103185

Abstract: This paper addresses active authentication using scrolling behaviors for biometrics and assesses different classification and clustering methods that leverage those traits. The dataset used contained event-driven temporal data captured through monitoring users' reading habits. The derived feature set is mainly composed of users' scrolling events and their derivatives (changes) and 5-gram sequencing of scrolling events to increase the number of feature extracted and their context. Classification performance in terms of both accuracy and Area under the Curve (AUC) for Receiver Operating Characteristic (ROC) curve is first reported using several classification methods including Random Forests (RF), RF with SMOTE (for unbalanced dataset) and AdaBoost with Decision Stump and ADTree. The best performance was obtained, however, using k-means clustering with two methods used to authenticate users: simple ranking and profile standard error filtering, with the latter achieving a success rate of 83.5%. Our use of k-means represents a novel non-intrusive approach of active and continuous re-authentication to counter insider-threat. Our main contribution comes from the features considered and their coupling to k-means to create a novel state-of-the art active user re-authentication method.

Keywords: biometrics (access control); feature extraction; learning (artificial intelligence); pattern classification; pattern clustering; ADTree; AUC; AdaBoost; RF; ROC curve SMOTE; active authentication; area under the curve; biometrics; classification methods; continuous re-authentication; decision stump; event-driven temporal data; feature extraction; insider-threat ;k-means clustering; profile standard error filtering; random forests; ranking; receiver operating characteristic scrolling behaviors; scrolling events 5-gram sequencing; user reading habits monitoring; Authentication; Biometrics (access control); Feature extraction; Radio frequency; Standards; Support vector machines; Active authentication; AdaBoost; Behavioral Biometrics; Random Forests; SMOTE; k-means clustering (ID#: 15-8337) (ID#: 15-8390)



Walton, S.; Maguire, E.; Min Chen, "A Visual Analytics Loop for Supporting Model Development," in Visualization for Cyber Security (VizSec), 2015 IEEE Symposium on, pp. 1-8, 25-25 Oct. 2015. doi: 10.1109/VIZSEC.2015.7312767

Abstract: Threats in cybersecurity come in a variety of forms, and combating such threats involves handling a huge amount of data from different sources. It is absolutely necessary to use algorithmic models to defend against these threats. However, all models are sensitive to deviation from the original contexts in which the models were developed. Hence, it is not really an overstatement to say that `all models are wrong'. In this paper, we propose a visual analytics loop for supporting the continuous development of models during their deployment. We describe the roles of three types of operators (monitors, analysts and modelers), present the visualization techniques used at different stages of model development, and demonstrate the utility of this approach in conjunction with a prototype software system for corporate insider threat detection. In many ways, our environment facilitates an agile approach to the development and deployment of models in cybersecurity.

Keywords: business data processing; data analysis; data visualisation; security of data; agile approach; corporate insider threat detection; cybersecurity threats; model development; prototype software system; visual analytics loop; visualization techniques; Analytical models; Data models; Mathematical model; Monitoring; Reliability; Visual analytics (ID#: 15-8338) (ID#: 15-8391)



Chang, Sang-Yoon; Hu, Yih-Chun; Liu, Zhuotao, "Securing Wireless Medium Access Control Against Insider Denial-of-Service Attackers," in Communications and Network Security (CNS), 2015 IEEE Conference on, pp. 370-378, 28-30 Sept. 2015. doi: 10.1109/CNS.2015.7346848

Abstract: In a wireless network, users share a limited resource in bandwidth. To improve spectral efficiency, the network dynamically allocates channel resources and, to avoid collisions, has its users cooperate with each other using a medium access control (MAC) protocol. In a MAC protocol, the users exchange control messages to establish more efficient data communication, but such MAC assumes user compliance and can be detrimental when a user misbehaves. An attacker who compromised the network can launch a two-pronged denial-of-service (DoS) attack that is more devastating than an outsider attack: first, it can send excessive reservation requests to waste bandwidth, and second, it can focus its power on jamming those channels that it has not reserved. Furthermore, the attacker can falsify information to skew the network control decisions to its favor. To defend against such insider threats, we propose a resource-based channel access scheme that holds the attacker accountable for its channel reservation. Building on the randomization technology of spread spectrum to thwart outsider jamming, our solution comprises of a bandwidth allocation component to nullify excessive reservations, bandwidth coordination to resolve over-reserved and under-reserved spectrum, and power attribution to determine each node's contribution to the received power. We analyze our scheme theoretically and validate it with WARP-based testbed implementation and MATLAB simulations. Our results demonstrate superior performance over the typical solutions that bypass MAC control when faced against insider adversary, and our scheme effectively nullifies the insider attacker threats while retaining the MAC benefits between the collaborative users.

Keywords: Bandwidth; Communication system security; Data communication; Jamming; Media Access Protocol; Wireless communication (ID#: 15-8339) (ID#: 15-8392)



Daubert, J.; Grube, T.; Muhlhauser, M.; Fischer, M., "Internal Attacks in Anonymous Publish-Subscribe P2P Overlays," in Networked Systems (NetSys), 2015 International Conference and Workshops on, pp. 1-8, 9-12 March 2015. doi: 10.1109/NetSys.2015.7089074

Abstract: Privacy, in particular anonymity, is desirable in Online Social Networks (OSNs) like Twitter, especially when considering the threat of political repression and censorship. P2P-based publish-subscribe is a well suited paradigm for OSN scenarios as users can publish and follow topics of interest. However, anonymity in P2P-based publish-subscribe (pub-sub) has been hardly analyzed so far. Research on add-on anonymization systems such as Tor mostly focuses on large scale traffic analysis rather than malicious insiders. Therefore, we analyze colluding insider attackers in more detail that operate on the basis of timing information. For that, we model a generic anonymous pub-sub system, present an attacker model, and discuss timing attacks. We analyze these attacks by a realistic simulation model and discuss potential countermeasures. Our findings indicate that even few malicious insiders are capable to disclose a large number of participants, while an attacker using large amounts of colluding nodes achieves only minor additional improvements.

Keywords: data privacy; overlay networks; peer-to-peer computing; social networking (online); OSN;P2P-based publish-subscribe; Twitter; add-on anonymization system; anonymous publish-subscribe P2P overlays; colluding insider attackers; generic anonymous pub-sub system; internal attacks; online social networks; peer-to-peer overlay; timing information; Delays; Mathematical model; Protocols; Publish-subscribe; Subscriptions; Topology (ID#: 15-8340) (ID#: 15-8393)



Filipek, J.; Hudec, L., "Distributed firewall in Mobile Ad Hoc Networks," in Applied Machine Intelligence and Informatics (SAMI), 2015 IEEE 13th International Symposium on, pp. 233-238, 22-24 Jan. 2015. doi: 10.1109/SAMI.2015.7061882

Abstract: Mobile Ad-hoc Networks (MANET) are increasingly employed in tactical military and civil rapid-deployment networks, including emergency rescue operations and ad hoc disaster-relief networks. When compared to wired and base station-based wireless networks: MANETs are susceptible to both insider and outsider attacks. This is mainly because of the lack of well-defined defense perimeter. In this paper, we define distributed firewall architecture that is designed specifically for MANET networks. Our design is using the concept of network capabilities and is especially suited for environment which lacks centralized structure and is composed of different devices. Our model denies all communication by default and nodes can access only services and other nodes that they are authorized to. Every node contains a firewall mechanism which includes intrusion prevention system and compromised node will not necessarily compromise whole secured network. Our approach should add security features for MANETs and help them withstand security threats which would otherwise damage, if not shutdown unsecured MANET network. Our simulation shows, that our solution has minimal overhead in terms of bandwidth and latency, works well even in the presence of routing changes due to mobile nodes and is effective in containing misbehaving nodes.

Keywords: computer network reliability; firewalls; military communication; mobile ad hoc networks; telecommunication network routing; base station-based wireless network routing; civil rapid-deployment network security; distributed firewall architecture; emergency rescue operations; intrusion prevention system security threats; mobile ad hoc disaster-relief network; mobile node fault; tactical military MANET; well-defined defense perimeter; Databases; Firewalls (computing);Mobile ad hoc networks; Peer-to-peer computing; Public key; Ad hoc; firewall; mobile network; network capability (ID#: 15-8341) (ID#: 15-8394)



Varghese, S.; Vigila, S.M.C., "A Comparative Analysis on Cloud Data Security," in Communication Technologies (GCCT), 2015 Global Conference on, pp. 507-510, 23-24 April 2015. doi: 10.1109/GCCT.2015.7342713

Abstract: Cloud computing a distributed network for sharing data over internet, serves as an online data backup with scalability. The paper describes various categories of clouds depending on the usage of cloud and also on the services provided by the cloud. Data security is one of the major challenges faced by cloud providers and cloud users. Cryptography is suggested as the appropriate solution for securing the cloud data. Review on some of the existing cryptographic methods for securing the data stored in the cloud is also included in this paper. The data owners can upload data on to the cloud; can also create permissions on the uploaded data to control its access by various types of users. Cryptographic techniques incorporated along with the traditional access control policies really enhances the security of data. The analysis on the review points to the insider threats in cloud security as one of the greatest issue in cloud computing.

Keywords: authorisation; cloud computing; cryptography; Internet; access control policies ;cloud computing; cloud providers; cloud users; cryptographic methods; data sharing; distributed network; online data backup; uploaded data; Access control; Cloud computing; Computational modeling; Encryption; Servers; access control; cloud computing; cryptography; security (ID#: 15-8342) (ID#: 15-8395)



Jana, D.; Bandyopadhyay, D., "Controlled Privacy in Mobile Cloud," in Recent Trends in Information Systems (ReTIS), 2015 IEEE 2nd International Conference on, pp. 98-103, 9-11 July 2015. doi: 10.1109/ReTIS.2015.7232860

Abstract: Mobile devices face restrictions due to limitation of resources like life of battery, capacity of memory, power of processor and communication bandwidth specially during mobility and handover. Mobile based cloud computing is getting greater plea amid mobile users to lessen limitations of resource in mobile devices. The extensive espousal of programmable smart mobile handsets and communicating or exchanging data to Internet remaining in public domain leads to newer privacy and security challenges across enterprises. Smartphones and Tablets are not only storing users' private data but also the private data of the involvers - be it friends, family members, customers, vendors or any other individual. Denial of services, data leakage, account confiscation, exposure to insecure application program interface, isolation of virtual machine, mischievous attacks from insider, losing the key used in encryption give rise to several added threats related to privacy and security. We have attempted to compute a number of threats pertaining to privacy and security and commend best practices and endorsements to counter and prevent occurrence.

Keywords: cloud computing; data privacy; mobile computing; cloud computing; controlled privacy; mobile cloud; security; Cloud computing; Data privacy; Mobile communication; Mobile handsets; Privacy; Security; AAA Vulnerabilities; Cloud Computing; Mobile Cloud Computing; STRIDE (ID#: 15-8343) (ID#: 15-8396)



Geiger, Christopher; Hale, Robert; VanDerPol, Mathew; Borowski, Kyle, "Hardware-Based Whitelisting for Automated Test System Cybersecurity and Configuration Management," in IEEE AUTOTESTCON, 2015, pp. 33-37, 2-5 Nov. 2015. doi: 10.1109/AUTEST.2015.7356462

Abstract: To reap the benefits of prognostic health management, intelligent Test Program Set (TPS) diagnostic reasoning, and remote TPS configuration management Automated Test Systems (ATSs) must be networked in spite of increasing cybersecurity concerns. Traditional cybersecurity tools such as Intrusion Prevention Systems (IPS), firewalls and antivirus software are continuously proven vulnerable to the increasing sophistication of bad actors and insider threats. In addition, these software security appliances and their recurring updates can be burdensome to TPS development and interfere with TPS performance.

Keywords: Computer security; Cryptography; Hardware; Information systems; Operating systems (ID#: 15-8344) (ID#: 15-8397)



Chaisiri, S.; Ko, R.K.L.; Niyato, D., "A Joint Optimization Approach to Security-as-a-Service Allocation and Cyber Insurance Management," in Trustcom/BigDataSE/ISPA, 2015 IEEE, vol. 1, pp. 426-433, 20-22 Aug. 2015. doi: 10.1109/Trustcom.2015.403

Abstract: Security-as-a-Service (SECaaS), pay-per-use cloud-based services that provides information security measures via the cloud, are increasingly used by corporations to maintain their systems' security posture. Customers often have to provision these SECaaS services based on the potential subscription costs incurred. However, these security services are unable to deal with all possible types of threats. A single threat (e.g. malicious insiders) can result in the loss of valuable data and revenue. Hence, it is also common to see corporations (i.e. cloud customers) manage their risks by purchasing cyber insurance to cover costs and liabilities due to unforeseen losses. A balance between service allocation cost and insurance is often required but not well studied. In this paper, we propose an optimized SECaaS provisioning framework that enables customers to optimally allocate security services from SECaaS providers to their applications, while managing risks from information security breaches via purchasing cyber insurance policies. Finding the right balance is a great challenge, and the solutions of the security service allocation and insurance management are obtained through solving an optimization model derived from stochastic programming with a three-stage recourse. Simulations were conducted to evaluate this optimization model. We exposed our model to several uncertain information parameters and the results are promising -- demonstrating an effective approach to balance customers' security requirements while keeping service subscription and insurance policy costs low.

Keywords: cloud computing; costing; insurance; resource allocation; risk management; security of data; stochastic programming; SECaaS; cyber insurance management; cyber insurance policy purchasing; information security breach; information security measures; insurance management; joint optimization approach; optimized SECaaS provisioning framework; pay-per-use cloud-based services; risk management; security-as-a-service allocation; service allocation cost; stochastic programming; three-stage recourse; uncertain information parameters; Cloud computing; Electronic mail; Insurance; Optimization; Resource management; Security; Uncertainty; cloud security; cloud security economics; cyber insurance; optimization; resource allocation; stochastic programming (ID#: 15-8345) (ID#: 15-8398)



Fernandez-Aleman, J.L.; Belen Sanchez Garcia, A.; Garcia-Mateos, G.; Toval, A., "Technical Solutions for Mitigating Security Threats Caused by Health Professionals in Clinical Settings," in Engineering in Medicine and Biology Society (EMBC), 2015 37th Annual International Conference of the IEEE, pp. 1389-1392, 25-29 Aug. 2015. doi: 10.1109/EMBC.2015.7318628

Abstract: The objective of this paper is to present a brief description of technical solutions for health information system security threats caused by inadequate security and privacy practices in healthcare professionals. A literature search was carried out in ScienceDirect, ACM Digital Library and IEEE Digital Library to find papers reporting technical solutions for certain security problems in information systems used in clinical settings. A total of 17 technical solutions were identified: measures for password security, the secure use of e-mail, the Internet, portable storage devices, printers and screens. Although technical safeguards are essential to the security of healthcare organization's information systems, good training, awareness programs and adopting a proper information security policy are particularly important to prevent insiders from causing security incidents.

Keywords: authorisation; digital libraries; health care; medical computing; medical information systems; professional aspects; security of data; ACM Digital Library; IEEE Digital Library; Internet; ScienceDirect; e-mail; health information system security threats; health professionals; healthcare organization information systems; healthcare professionals; mitigating security threats; password security; portable storage devices; technical safeguards; Authentication; Cryptography; Information systems; Medical services; Printers; Privacy (ID#: 15-8346) (ID#: 15-8399)



Figueroa, M.; Uttecht, K.; Rosenberg, J., "A SOUND Approach to Security in Mobile and Cloud-Oriented Environments," in Technologies for Homeland Security (HST), 2015 IEEE International Symposium on, pp. 1-7, 14-16 April 2015. doi: 10.1109/THS.2015.7225266

Abstract: Ineffective legacy practices have failed to counter contemporary information security and privacy threats. Modern IT operates on large, heterogeneous, distributed sets of computing resources, from small mobile devices to large cloud environments that manage millions of connections and petabytes of data. Protection must often span organizations with varying reliability, trust, policies, and legal restrictions. Centrally managed, host-oriented trust systems are not flexible enough to meet the challenge. New research in distributed and adaptive trust frameworks shows promise to better meet modern needs, but lab constraints make realistic implementations impractical. This paper describes our experience transitioning technology from the research lab to an operational environment. As our case study, we introduce Safety on Untrusted Network Devices (SOUND), a new platform built from the ground up to protect mobile and cloud network communications against persistent adversaries. Initially based on three founding technologies- Accountable Virtual Machines (AVM), Quantitative Trust Management (QTM), and Introduction-Based Routing (IBR)- our research efforts extended those technologies to develop a more powerful and practical SOUND implementation.

Keywords: cloud computing; data privacy; law; mobile computing; trusted computing; virtual machines; AVM; IBR; QTM; SOUND approach accountable virtual machines; adaptive trust framework; cloud-oriented environment; distributed trust framework; host-oriented trust systems; information security; introduction-based routing; legacy practices; legal restriction; mobile environment; policy restriction; privacy threats; quantitative trust management; reliability restriction; safety on untrusted network devices; trust restriction; Context; Measurement; Ports (Computers); Resilience; Security; Servers; Virtual private networks; cyber security; digital immune system; incident response; insider attack; multistage attack; reputation; trust (ID#: 15-8347) (ID#: 15-8400)



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications.