为下一个维基解密做准备:让取证技术发挥作用

2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering Pub Date : 2011-05-05 DOI:10.1109/SADFE.2011.14

R. Erbacher

{"title":"为下一个维基解密做准备:让取证技术发挥作用","authors":"R. Erbacher","doi":"10.1109/SADFE.2011.14","DOIUrl":null,"url":null,"abstract":"The success of Manning in acquiring and releasing US State Department cables provides strong implications for the likelihood of similar insider threat attacks occurring again in the future. Such future attacks will likely employ more sophisticated methodologies. The first goal of this paper is to begin examining what such sophisticated insider threat attacks might include. Traditionally, organizations have avoided employing insider threat detection mechanisms due to the high rate of false positives and false negatives. This is a consequence of the chaotic nature and sheer volume of data needing analysis. A second goal of this paper is to begin proposing mechanism by which insider threat detection can be made feasible, especially in critical domains. More specifically this paper proposes multiple layers of event detection which when correlated over time will provide identification of significant irregularities requiring investigation.","PeriodicalId":264200,"journal":{"name":"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-05-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Preparing for the Next Wikileaks: Making Forensics Techniques Work\",\"authors\":\"R. Erbacher\",\"doi\":\"10.1109/SADFE.2011.14\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The success of Manning in acquiring and releasing US State Department cables provides strong implications for the likelihood of similar insider threat attacks occurring again in the future. Such future attacks will likely employ more sophisticated methodologies. The first goal of this paper is to begin examining what such sophisticated insider threat attacks might include. Traditionally, organizations have avoided employing insider threat detection mechanisms due to the high rate of false positives and false negatives. This is a consequence of the chaotic nature and sheer volume of data needing analysis. A second goal of this paper is to begin proposing mechanism by which insider threat detection can be made feasible, especially in critical domains. More specifically this paper proposes multiple layers of event detection which when correlated over time will provide identification of significant irregularities requiring investigation.\",\"PeriodicalId\":264200,\"journal\":{\"name\":\"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering\",\"volume\":\"32 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-05-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SADFE.2011.14\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SADFE.2011.14","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

曼宁成功获取并公布了美国国务院的电报，这为未来类似的内部威胁攻击再次发生的可能性提供了强有力的暗示。未来的此类攻击可能会采用更复杂的方法。本文的第一个目标是开始研究这种复杂的内部威胁攻击可能包括什么。传统上，由于假阳性和假阴性的高比率，组织避免使用内部威胁检测机制。这是需要分析的数据的混乱性质和庞大数量的结果。本文的第二个目标是开始提出内部威胁检测的可行机制，特别是在关键领域。更具体地说，本文提出了多层事件检测，当随着时间的推移相关时，将提供需要调查的重大违规行为的识别。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Preparing for the Next Wikileaks: Making Forensics Techniques Work

The success of Manning in acquiring and releasing US State Department cables provides strong implications for the likelihood of similar insider threat attacks occurring again in the future. Such future attacks will likely employ more sophisticated methodologies. The first goal of this paper is to begin examining what such sophisticated insider threat attacks might include. Traditionally, organizations have avoided employing insider threat detection mechanisms due to the high rate of false positives and false negatives. This is a consequence of the chaotic nature and sheer volume of data needing analysis. A second goal of this paper is to begin proposing mechanism by which insider threat detection can be made feasible, especially in critical domains. More specifically this paper proposes multiple layers of event detection which when correlated over time will provide identification of significant irregularities requiring investigation.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering

自引率

0.00%

发文量