Who Really Did It? Controlling Malicious Insiders by Merging Biometric Behavior with Detection and Automated Responses

Abstract

This ongoing research and development activity addresses aspects of a potential capability to detect credential misuse and a suggested alerting approach based on known attack conditions to support automated mitigation techniques. This research is based on the assumption that the audit data and human-computer activity characteristics extracted from networked components contain the footprint(s) of those trying to breach network security. It takes advantage of the combination of near-real-time suspicious activity detection with biometric behavior profiling to reduce profiling false positives and network access controls that enable faster and more focused responses to detected suspicious activities.