Home‎ > ‎Current Projects‎ > ‎



"RUU (pronounced Are You You?) is the Columbia IDS Insider Threat Detection project. The goal of the project is to create technologies aimed at monitoring and detecting malicious insider activity in the context of host based systems.

Background of this Project

The problem of a malicious insider within an organization is an all too real problem. Insiders primarily include two distinct classes of users: Masqueraders and Traitors.

Masqueraders, or identity thieves, have stolen a legitimate user's credentials and misuse the victim's account for malicious purposes. A Masquerader may know a user's stolen credentials, but they may not know the user's behavior. Hence, we approach the problem by profiling user behavior and measuring in real-time any significant deviations from normal user behavior. We also seek to differentiate between malicious actions and innocent mistakes. We also approach the problem of Masquerader attack detection by modeling user intent to reveal the malicious user.

Traitors are users within an organization granted legitimate access to systems and resources but whose actions are counter to the organizations policies and interests. A traitor is assumed to have full knowledge of the local system and policies. Malicious traitors may perform arbitrary nefarious acts that may appear to be entirely normal from prior user behavior.

The technology developed under the project includes host-based sensors for profiling user behavior (for Masquerade detection), and decoy, trap-based sensors (for Traitor detection).

This project is a collaborative effort funded by the I3P organization. The I3P Human Behavior, Insider Threat and Awareness project is joint with 6 other universities and research organizations; funding is provided under contract from the Department of Homeland Security. Further detail about the I3P can be found HERE .

  • Insider Attack and Cyber Security: Beyond the Hacker (Advances in Information Security) (Hardcover)
    by Salvatore Stolfo, Steven M. Bellovin, Shlomo Hershkop, Angelos D. Keromytis, Sara Sinclair , Sean W. Smith,
  • Tech Report
  • Ke Wang, Salvatore J. Stolfo. "One Class Training for Masquerade Detection ". 3rd IEEE Conf Data Mining Workshop on Data Mining for Computer Security, Florida, Nov. 19, 2003 [ PDF]