
"RUU (pronounced Are You You?) is the Columbia IDS Insider Threat
Detection project. The goal of the project is to create technologies
aimed at monitoring and detecting malicious insider activity in the
context of host based systems.
Background of this Project
The problem of a malicious insider within an
organization is an all too real problem. Insiders primarily include two
distinct classes of users: Masqueraders and Traitors.
Masqueraders, or identity thieves, have stolen a legitimate user's
credentials and misuse the victim's account for malicious purposes. A
Masquerader may know a user's stolen credentials, but they may not know the
user's behavior. Hence, we approach the problem by profiling user behavior
and measuring in real-time any significant deviations from normal user
behavior. We also seek to differentiate between malicious actions and
innocent mistakes. We also approach the problem of Masquerader attack
detection by modeling user intent to reveal the malicious user.
Traitors are users within an organization granted legitimate access to
systems and resources but whose actions are counter to the organizations
policies and interests. A traitor is assumed to have full knowledge of the
local system and policies. Malicious traitors may perform arbitrary
nefarious acts that may appear to be entirely normal from prior user behavior.
The technology developed under the project includes host-based sensors for
profiling user behavior (for Masquerade detection), and decoy, trap-based
sensors (for Traitor detection).
This project is a collaborative effort funded by the I3P organization. The
I3P Human Behavior, Insider Threat and Awareness project is joint
with 6 other universities and research organizations; funding is provided
under contract from the Department of Homeland Security. Further
detail about the I3P can be found HERE .
Publications
-
Insider Attack and Cyber Security: Beyond the Hacker (Advances in Information Security) (Hardcover)
by Salvatore Stolfo, Steven M. Bellovin, Shlomo Hershkop, Angelos D. Keromytis, Sara Sinclair , Sean W. Smith,
2008
-
Tech Report
-
Ke Wang, Salvatore J. Stolfo. "One Class Training for Masquerade
Detection ". 3rd IEEE Conf Data Mining Workshop on Data Mining for
Computer Security, Florida, Nov. 19, 2003 [ PDF]
|
|
|