Award Date

5-1-2013

Degree Type

Thesis

Degree Name

Master of Science in Computer Science

Department

Computer Science

First Committee Member

Yoohwan Kim

Second Committee Member

Laxmi Gewali

Third Committee Member

Evangelos A. Yfantis

Fourth Committee Member

Emma Regentova

Number of Pages

115

Abstract

An insider is an individual (usually an employee, contractor, or business partner) that has been trusted with access to an organization's systems and sensitive data for legitimate purposes. A malicious insider abuses this access in a way that negatively impacts the company, such as exposing, modifying, or defacing software and data.

Many algorithms, strategies, and analyses have been developed with the intent of detecting and/or preventing insider attacks. In an academic setting, these tools and approaches show great promise. To be sure of their effectiveness, however, these analyses need to be tested. While real data is available on insider attacks (including logs of actions taken by the insider), the real data is limited in its usefulness. If the analysis being tested passes or fails in detecting the insider attack, how much can be attributed to the analysis's precision, the circumstances of the attack, or just luck? The ability to test an analysis against a wide range of data with circumstances that vary in complexity and circumstance would allow insight into strengths and weaknesses of the analysis. Data for multiples tests would also help in ruling out luck in the results.

To address this, I've built an insider attack simulator that generates test scenarios for analyses. Specifically, it generates logs of employee actions with both insider attacks and false positives hidden within the logs. This simulator allows for customization of the actions that are logged, the average behavior of individuals, the departments within the simulated company, and the abnormal events (including insider attacks) that take place. This thesis will discuss the nature of insider threats, the benefits of a simulator, how to customize the simulation, and how one can gain insight into analyses using logs generated by the simulator.

Keywords

Analysis; Attack; Computer crimes; Computer security; Computer simulation; Insider; Sabotage in the workplace; Simulation; Simulator; Threat

Disciplines

Computer Sciences | Information Security

Language

English


Share

COinS