用于检测内部威胁的信任增强安全架构

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications Pub Date : 2013-07-16 DOI:10.1109/TrustCom.2013.8

U. Tupakula, V. Varadharajan

{"title":"用于检测内部威胁的信任增强安全架构","authors":"U. Tupakula, V. Varadharajan","doi":"10.1109/TrustCom.2013.8","DOIUrl":null,"url":null,"abstract":"Attacks on the organization networks can be classified as external and internal attacks. For the purpose of this paper we consider that external attacks are generated by the attackers or from hosts outside the organization, and internal attacks are generated by malicious insiders within the organization. Insider attacks have always been challenging to deal with as insiders have legitimate and physical access to the systems within the organization, and they have knowledge of the organization networks and more importantly, are aware of the security environment enforced within the organization. In this paper we propose novel trust enhanced security techniques to deal with the insider attack problem. Our architecture detects the attacks by monitoring the user activity as well as the state of the system using trusted computing in exposing and analyzing suspicious behaviour. We will demonstrate how an insider can exploit the weakness in the systems to generate different attacks and how our architecture can help to prevent such attacks.","PeriodicalId":206739,"journal":{"name":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Trust Enhanced Security Architecture for Detecting Insider Threats\",\"authors\":\"U. Tupakula, V. Varadharajan\",\"doi\":\"10.1109/TrustCom.2013.8\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Attacks on the organization networks can be classified as external and internal attacks. For the purpose of this paper we consider that external attacks are generated by the attackers or from hosts outside the organization, and internal attacks are generated by malicious insiders within the organization. Insider attacks have always been challenging to deal with as insiders have legitimate and physical access to the systems within the organization, and they have knowledge of the organization networks and more importantly, are aware of the security environment enforced within the organization. In this paper we propose novel trust enhanced security techniques to deal with the insider attack problem. Our architecture detects the attacks by monitoring the user activity as well as the state of the system using trusted computing in exposing and analyzing suspicious behaviour. We will demonstrate how an insider can exploit the weakness in the systems to generate different attacks and how our architecture can help to prevent such attacks.\",\"PeriodicalId\":206739,\"journal\":{\"name\":\"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-07-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TrustCom.2013.8\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TrustCom.2013.8","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

对组织网络的攻击可以分为外部攻击和内部攻击。为了本文的目的，我们认为外部攻击是由攻击者或来自组织外部的主机产生的，而内部攻击是由组织内部的恶意内部人员产生的。处理内部攻击一直是一项挑战，因为内部人员对组织内的系统具有合法和物理访问权限，并且他们了解组织网络，更重要的是，他们了解组织内实施的安全环境。本文提出了一种新的增强信任的安全技术来解决内部攻击问题。我们的架构通过监控用户活动以及使用可信计算暴露和分析可疑行为的系统状态来检测攻击。我们将演示内部人员如何利用系统中的弱点来产生不同的攻击，以及我们的体系结构如何帮助防止此类攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Trust Enhanced Security Architecture for Detecting Insider Threats

Attacks on the organization networks can be classified as external and internal attacks. For the purpose of this paper we consider that external attacks are generated by the attackers or from hosts outside the organization, and internal attacks are generated by malicious insiders within the organization. Insider attacks have always been challenging to deal with as insiders have legitimate and physical access to the systems within the organization, and they have knowledge of the organization networks and more importantly, are aware of the security environment enforced within the organization. In this paper we propose novel trust enhanced security techniques to deal with the insider attack problem. Our architecture detects the attacks by monitoring the user activity as well as the state of the system using trusted computing in exposing and analyzing suspicious behaviour. We will demonstrate how an insider can exploit the weakness in the systems to generate different attacks and how our architecture can help to prevent such attacks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

自引率

0.00%

发文量