Malicious Insider Detection

About

In many instances, most damaging information attacks are perpetrated by privileged insiders. Malicious insiders utilize the power of human intellect unmatched by computers, and, being insiders, the knowledge of "what to look for" and "how to access it". The insider’s behavior leaves digital trails (computer log data) that could be observed and processed for the detection of malicious intent before the damage was incurred. This is done by bridging many available sources of information into more understandable event graphs, connected by causal relationships. These event graphs will provide more insight into the reasoning behind certain actions of the privileged insid-er.  The behavior formalization approach, proposed herein, is intended for a wide class of complex systems with human operators. Resultant models are suitable for the solution of behavior analysis problems ultimately addressing the safety and efficiency of critical infrastructure. The deployment of the proposed technology in a computer system will surely make the task of performing insider attacks by the privileged users more difficult and risky.  KEY ELEMENTS  Creation of individual defenses for systems that could be targeted by information attack  Capable of detecting any "extracurricular" activities, either malicious or benign  Seamlessly upgraded normalcy profile   APPLICATIONS  The behavior formalization approach system is intended for a wide class of complex systems with human operators (i.e. computer systems)  ADVANTAGES  The technology is based on structured behavior tracking and not on statistical averages  Reduction in false positive rate  Improved report quality  Detection of more advanced cases   PATENTING  Patent strategy is currently under evaluation.