To see the other types of publications on this topic, follow the link: Insider attacks.
Journal articles on the topic 'Insider attacks'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Insider attacks.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Henge, Santosh Kumar, Aditya Upadhyay, Ashok Kumar Saini, Neha Mishra, Dimpal Sharma, and Gajanand Sharma. "Analysis and detection of insider attacks using behaviour rule based architecture in enterprise multitenancy." Journal of Discrete Mathematical Sciences & Cryptography 26, no. 3 (2023): 707–18. http://dx.doi.org/10.47974/jdmsc-1743.
Full textAbstract:
The enterprise level data security and privacy are one of the focal key challenges to the pr enterprise and security companies to prevent private data from outside and inside attacks. The insider threats and attacks can pretense a real defense risk to the various internal multi-tenants of various enterprises and companies. The data thievery by insiders of the companies is as a great deal the consequence of enterprises failing to execute the scheme and expertise to member of staff supervise activities and administrate the authenticated data-access to data as it the authentic spiteful activities of member of staff looking for economic benefits in multi-tenancy environment. This research composed with three major objectives: Description of insider attack causes with their impact factors; Implications of behavior rule-based architecture in enterprise multitenancy; Integration of behavior rules with prevention thresholds to control user accessibility for prevention of insider attacks and threats; This paper has described the efficient security scenario to avoid insider attaching complexities. This research is more helping the cyber security experts and network administrators to reduce the insider attacks by building the efficient monitoring intelligent system. The experimental scenarios built with125 authenticated, 29 non-authenticated internal users, and 62 authenticated, 18 non-authenticated external users of single enterprise level and avoided insider attacks and threats.
2
Nguyen, Minh-Duong, Ngoc-Tu Chau, Seungwook Jung, and Souhwan Jung. "A Demonstration of Malicious Insider Attacks inside Cloud IaaS Vendor." International Journal of Information and Education Technology 4, no. 6 (2014): 483–86. http://dx.doi.org/10.7763/ijiet.2014.v4.455.
Full text
3
Glancy, Fletcher, David P. Biros, Nan Liang, and Andy Luse. "Classification of malicious insiders and the association of the forms of attacks." Journal of Criminal Psychology 10, no. 3 (2020): 233–47. http://dx.doi.org/10.1108/jcp-03-2020-0012.
Full textAbstract:
Purpose The authors argue that the current studies about malicious insiders confuse the fact that malicious attacks belong to two different categories, namely, those that launch instrumental attacks and expressive attacks. The authors collect malicious insider data from publicly available sources and use text-mining techniques to analyze the association between malicious insiders’ characteristics and the different types of attack. Design/methodology/approach The authors investigated the relationship between personality characteristics and different types of malicious attacks. For the personality characteristics, the authors use the same method as Liang et al. (2016), which extracted these characteristics based on a keyword-characteristic dictionary. For different types of malicious attacks, two raters rated each case based on criteria modified from criminology research to determine the degree of expressiveness and instrumentality. Findings The results show that malicious insiders who are manipulative or seeking personal gain tend to carry out instrumental attacks. Malicious insiders who are arrogant tend to conduct expressive attacks. Research limitations/implications This study uses third party articles to identify the personality characteristics of known malicious insiders. As such, not all personality characteristics may have been reported. Data availability was an issue. Practical implications Understanding if different personality characteristics lead different types of attacks can help managers identify employees who exhibit them and mitigate an attack before it occurs. Social implications Malicious insider attacks can have devastating results on businesses and employees. Help to identify potential malicious insiders before they act, may prevent undue harm. Originality/value This study used 132 cases of none malicious insiders to examine their attack objectives. No other study that the authors know of used that many cases.
4
M, Rama Bai, and Bin Saad Quraishi Maaz. "Privacy Protection Against Insider Attacks." International Journal of Engineering and Advanced Technology (IJEAT) 9, no. 5 (2020): 576–78. https://doi.org/10.35940/ijeat.E9744.069520.
Full textAbstract:
A growing number of public and private sector organizations are recognizing insider threats as a critical area. In response, many steps are taken to defend assets against risks posed by employees and third-party trust. Insiders pose unique challenges for defenders. Traditional security tools are unlikely to audit insiders, let alone privileged users who have a potentially malicious intent. Although a high-risk activity, it is common to see users sharing passwords between colleagues or subordinates, defeating the purpose of authentication. This increases chances of Insider Attacks (IA), as it is hard to identify malicious insiders, given an attacker is entrusted with highly privileged access to read and write operations. Information Technology Organizations employ many workers with varying level of access, and every user is authenticated with unique login credenti¬als. Controls need to be put in place in order to secure the systems, since it can hamper login patterns. Research indicates that by analysis of system calls (SCs) that are generated upon user login can detect intrusions and read such patterns that are against the normal operations of the system. Information Technology Organizations employ many workers with varying level of access, and no two users have same login behavior. Given every user has a unique login pattern, this work proposes a system called Privacy Protection Against Insider Attacks (PPIA) which learns the login pattern of each user that is authenticated and employs data mining concepts to read user behavior and endeavors to detect insider attacks .Experimental results indicate that the approach is very effective and accurate.
5
Al-Shehari, Taher, and Rakan A. Alsowail. "An Insider Data Leakage Detection Using One-Hot Encoding, Synthetic Minority Oversampling and Machine Learning Techniques." Entropy 23, no. 10 (2021): 1258. http://dx.doi.org/10.3390/e23101258.
Full textAbstract:
Insider threats are malicious acts that can be carried out by an authorized employee within an organization. Insider threats represent a major cybersecurity challenge for private and public organizations, as an insider attack can cause extensive damage to organization assets much more than external attacks. Most existing approaches in the field of insider threat focused on detecting general insider attack scenarios. However, insider attacks can be carried out in different ways, and the most dangerous one is a data leakage attack that can be executed by a malicious insider before his/her leaving an organization. This paper proposes a machine learning-based model for detecting such serious insider threat incidents. The proposed model addresses the possible bias of detection results that can occur due to an inappropriate encoding process by employing the feature scaling and one-hot encoding techniques. Furthermore, the imbalance issue of the utilized dataset is also addressed utilizing the synthetic minority oversampling technique (SMOTE). Well known machine learning algorithms are employed to detect the most accurate classifier that can detect data leakage events executed by malicious insiders during the sensitive period before they leave an organization. We provide a proof of concept for our model by applying it on CMU-CERT Insider Threat Dataset and comparing its performance with the ground truth. The experimental results show that our model detects insider data leakage events with an AUC-ROC value of 0.99, outperforming the existing approaches that are validated on the same dataset. The proposed model provides effective methods to address possible bias and class imbalance issues for the aim of devising an effective insider data leakage detection system.
6
Soleh, Musdi Muhammad. "A Study Case in NTMC POLRI: Reducing Data Breach Risk from Insider Threats by Using Risk IT Framework." ACMIT Proceedings 3, no. 1 (2019): 171–79. http://dx.doi.org/10.33555/acmit.v3i1.41.
Full textAbstract:
Risks is not only merely comes from external threats, it is also comes from inside - internal actor. Vormetric Insider Threat mentioned that in 800 surveyed enterprise companies, 89% vulnerable to insider attacks [1]. It mentioned that Data Breach issue the highest risk happened to the company caused by insider threats. This paper will analyse the insider attacks, Risk IT framework will be used toreduce to reduce and prevent these vulnerabilities in valuable assets.
7
Lynch, David M. "Securing Against Insider Attacks." EDPACS 34, no. 1 (2006): 10–20. http://dx.doi.org/10.1201/1079.07366981/46107.34.1.20060701/93701.2.
Full text
8
Lynch, David M. "Securing Against Insider Attacks." Information Systems Security 15, no. 5 (2006): 39–47. http://dx.doi.org/10.1201/1086.1065898x/46353.15.4.20060901/95430.6.
Full text
9
Abulencia, Jesse. "Insider attacks: human-factors attacks and mitigation." Computer Fraud & Security 2021, no. 5 (2021): 14–17. http://dx.doi.org/10.1016/s1361-3723(21)00054-3.
Full text
10
Nasraddin, Jehan Turki, Eynas Hassan Balkhair, and Dr Manar Salamh. "Detection of Malicious Privileged Access Using a RuleBased Approach." International Journal of Engineering Research and Applications 14, no. 10 (2024): 63–72. http://dx.doi.org/10.9790/9622-14106372.
Full textAbstract:
Privilege insiders are harder to detect by organizations. An organization's systems are subjected to threats that will affect missions, assets, and individuals of the organization. Many organizations affected by threats over a year. This paper modeled the path of actors that aims to publish and share sensitive data of the company such as files to unauthorized users by insider attack by using State Transition Diagram and developed detection of the modeled insider attack paths using the rule-based approach. There are seventy-seven attack steps that can be taken to achieve goals of publishing and sharing sensitive company files which are done by an insider attack. After deep studying of the attacks steps, the designed diagram has layered the attack steps based on analysis and aggregated them to five groups. This paper also uses offline analysis, which use the log file after the attack occurred, publish process is not affected in offline analysis. Rules and pseudocode are explained in detail.
11
Marshet Tamirat. "Current Detection Methods for Insider Threats and Social Engineering Attacks: Enhancements and Analysis Using Deep Learning." Journal of Electrical Systems 20, no. 11s (2024): 2838–53. https://doi.org/10.52783/jes.7966.
Full textAbstract:
Despite advancements in technology, insider threats and social engineering attacks continue to pose significant challenges. Current threat detection methods often fail to effectively identifies insider threats, leaving organizations vulnerable. This systematic review thoroughly examines and evaluates existing detection methods for insider threats and social engineering attacks, performs comparative gap analyses, assesses detection effectiveness, identifies inherent challenges, and proposes conceptual system architecture. A primary challenge is distinguishing between normal and malicious insider activities, which exceed the capabilities of current network intrusion detection systems. Although machine learning and deep learning-based intrusion detection systems have been developed continuously, issues such as false positive and false negative rates persist due to the human elements involved in insider threats and social engineering attacks. The review focuses on identifying current network and host-based detection methods, analyzing existing gaps, and proposing a detection framework that integrates user behavior analysis with network and host-based detection and deep learning techniques to enhance detection accuracy and cost-effectiveness. Incorporating user cybersecurity behavior into existing intrusion detection systems and making detection unified (comprehensive) will result a high-performance threat detection system specifically for malicious insiders and social engineering attacks.
12
Abu Bakar, Rahimah, Bahbibi Rahmatullah, Erni Munastiwi, and Omar Dheyab. "A confirmatory analysis of the prevention insider threat in organization information system." Journal of Technology and Humanities 2, no. 1 (2021): 20–30. http://dx.doi.org/10.53797/jthkkss.v2i1.3.2021.
Full textAbstract:
Many issues related to insider threat in organization had been debated ever since. Although insider attacks may not occur as frequently as external attacks, they have a higher rate of success, go undetected, and pose a much greater risk than external adversaries. In relation to that, it is undeniably the fact that many mechanisms have been proposed to be an initiative to protect data from outside attacks. However, those mechanisms could not protect data from authorized users who may misuse their privileges. Due to that circumstances, the development of mechanisms that protect sensitive data from insiders somehow become pitch demand as in method to prevent harm caused by malicious insiders. The method of this research is the quantitative method using a questionnaire. The findings have contributed to developing a framework that will be used to prevent insider threat in an organization in the future.
13
Alsowail, Rakan A., and Taher Al-Shehari. "Techniques and countermeasures for preventing insider threats." PeerJ Computer Science 8 (April 1, 2022): e938. http://dx.doi.org/10.7717/peerj-cs.938.
Full textAbstract:
With the wide use of technologies nowadays, various security issues have emerged. Public and private sectors are both spending a large portion of their budget to protect the confidentiality, integrity, and availability of their data from possible attacks. Among these attacks are insider attacks which are more serious than external attacks, as insiders are authorized users who have legitimate access to sensitive assets of an organization. As a result, several studies exist in the literature aimed to develop techniques and tools to detect and prevent various types of insider threats. This article reviews different techniques and countermeasures that are proposed to prevent insider attacks. A unified classification model is proposed to classify the insider threat prevention approaches into two categories (biometric-based and asset-based metric). The biometric-based category is also classified into (physiological, behavioral and physical), while the asset metric-based category is also classified into (host, network and combined). This classification systematizes the reviewed approaches that are validated with empirical results utilizing the grounded theory method for rigorous literature review. Additionally, the article compares and discusses significant theoretical and empirical factors that play a key role in the effectiveness of insider threat prevention approaches (e.g., datasets, feature domains, classification algorithms, evaluation metrics, real-world simulation, stability and scalability, etc.). Major challenges are also highlighted which need to be considered when deploying real-world insider threat prevention systems. Some research gaps and recommendations are also presented for future research directions.
14
Paul, Swagata, Sajal Saha, and Radha Tamal Goswami. "Detection of Unknown Insider Attack on Components of Big Data System: A Smart System Application for Big Data Cluster." International Journal of Computer Network and Information Security 14, no. 5 (2022): 47–59. http://dx.doi.org/10.5815/ijcnis.2022.05.04.
Full textAbstract:
Big data applications running on a big data cluster, creates a set of process on different nodes and exchange data via regular network protocols. The nodes of the cluster may receive some new type of attack or unpredictable internal attack from those applications submitted by client. As the applications are allowed to run on the cluster, it may acquire multiple node resources so that the whole cluster becomes slow or unavailable to other clients. Detection of these new types of attacks is not possible using traditional methods. The cumulative network traffic of the nodes must be analyzed to detect such attacks. This work presents an efficient testbed for internal attack generation, data set creation, and attack detection in the cluster. This work also finds the nodes under attack. A new insider attack named BUSY YARN Attack has been identified and analyzed in this work. The framework can be used to recognize similar insider attacks of type DOS where target node(s) in the cluster is unpredictable.
15
Md., Hasan Furhad, K. Chakrabortty Ripon, J. Ryan Michael, Uddin Jia, and H. Sarker Iqbal. "A hybrid framework for detecting structured query language injection attacks in web-based applications." International Journal of Electrical and Computer Engineering (IJECE) 12, no. 5 (2022): 5405–14. https://doi.org/10.11591/ijece.v12i5.pp5405-5414.
Full textAbstract:
Almost every web-based application is managed and operated through a number of websites, each of which is vulnerable to cyber-attacks that are mounted across the same networks used by the applications, with much less risk to the attacker than physical attacks. Such web-based attacks make use of a range of modern techniques-such as structured query language injection (SQLi), cross-site scripting, and data tampering-to achieve their aims. Among them, SQLi is the most popular and vulnerable attack, which can be performed in one of two ways; either by an outsider of an organization (known as the outside attacker) or by an insider with a good knowledge of the system with proper administrative rights (known as the inside attacker). An inside attacker, in contrast to an outsider, can take down the system easily and pose a significant challenge to any organization, and therefore needs to be identified in advance to mitigate the possible consequences. Blockchain-based technique is an efficient approach to detect and mitigate SQLi attacks and is widely used these days. Thus, in this study, a hybrid method is proposed that combines a SQL query matching technique (SQLMT) and a standard blockchain framework to detect SQLi attacks created by insiders. The results obtained by the proposed hybrid method through computational experiments are further validated using standard web validation tools.
16
Al Sharah, Ashraf, Taiwo Oyedare, and Sachin Shetty. "Detecting and Mitigating Smart Insider Jamming Attacks in MANETs Using Reputation-Based Coalition Game." Journal of Computer Networks and Communications 2016 (2016): 1–13. http://dx.doi.org/10.1155/2016/4289176.
Full textAbstract:
Security in mobile ad hoc networks (MANETs) is challenging due to the ability of adversaries to gather necessary intelligence to launch insider jamming attacks. The solutions to prevent external attacks on MANET are not applicable for defense against insider jamming attacks. There is a need for a formal framework to characterize the information required by adversaries to launch insider jamming attacks. In this paper, we propose a novel reputation-based coalition game in MANETs to detect and mitigate insider jamming attacks. Since there is no centralized controller in MANETs, the nodes rely heavily on availability of transmission rates and a reputation for each individual node in the coalition to detect the presence of internal jamming node. The nodes will form a stable grand coalition in order to make a strategic security defense decision, maintain the grand coalition based on node reputation, and exclude any malicious node based on reputation value. Simulation results show that our approach provides a framework to quantify information needed by adversaries to launch insider attacks. The proposed approach will improve MANET’s defense against insider attacks, while also reducing incorrect classification of legitimate nodes as jammers.
17
Stiawan, Deris, Mohd Yazid Idris, Reza Firsandaya Malik, Siti Nurmaini, Nizar Alsharif, and Rahmat Budiarto. "Investigating Brute Force Attack Patterns in IoT Network." Journal of Electrical and Computer Engineering 2019 (April 1, 2019): 1–13. http://dx.doi.org/10.1155/2019/4568368.
Full textAbstract:
Internet of Things (IoT) devices may transfer data to the gateway/application server through File Transfer Protocol (FTP) transaction. Unfortunately, in terms of security, the FTP server at a gateway or data sink very often is improperly set up. At the same time, password matching/theft holding is among the popular attacks as the intruders attack the IoT network. Thus, this paper attempts to provide an insight of this type of attack with the main aim of coming up with attack patterns that may help the IoT system administrator to analyze any similar attacks. This paper investigates brute force attack (BFA) on the FTP server of the IoT network by using a time-sensitive statistical relationship approach and visualizing the attack patterns that identify its configurations. The investigation focuses on attacks launched from the internal network, due to the assumption that the IoT network has already installed a firewall. An insider/internal attack launched from an internal network endangers more the entire IoT security system. The experiments use the IoT network testbed that mimic the internal attack scenario with three major goals: (i) to provide a topological description on how an insider attack occurs; (ii) to achieve attack pattern extraction from raw sniffed data; and (iii) to establish attack pattern identification as a parameter to visualize real-time attacks. Experimental results validate the investigation.
18
Grosse, Eric, Fred B. Schneider, and Lynette L. Millett. "Implementing insider defenses." Communications of the ACM 64, no. 5 (2021): 60–65. http://dx.doi.org/10.1145/3418296.
Full text
19
A G, Rashmi. "Insider Attack Detection in IoT devices using Data Analytics." International Journal for Research in Applied Science and Engineering Technology 9, no. VII (2021): 870–74. http://dx.doi.org/10.22214/ijraset.2021.36520.
Full textAbstract:
In the recent years, the rate of theft of money being carried to ATM machines is increasing day by day. Each vehicle carrying money should be monitored at all times through communication protocol and the vehicle should have a GPS installed. This location information should be very confidential and accessible only to the authorized officials. Due to the advancement in the technology, there are numerous ways in which the attacks are happening. One such attack is accessing the confidential information (i.e., the GPS location of the vehicle in this case) by unauthorized means from the people within the same network and using it for various purposes. It's become a challenge to overcome these attacks and deposit the amount to ATM machines safely. There are other scenarios viz. carrying the witnesses to the court, shipping important materials like medicines or official documents where the GPS information is being misused. Providing security against insider attacks is the need of the hour. This paper mainly focuses on the development of an end-to-end system which detects the unauthorized access to the confidential information and gives analysis of the time and frequency of attack using data analytics.
20
Furhad, Md Hasan, Ripon K. Chakrabortty, Michael J. Ryan, Jia Uddin, and Iqbal H. Sarker. "A hybrid framework for detecting structured query language injection attacks in web-based applications." International Journal of Electrical and Computer Engineering (IJECE) 12, no. 5 (2022): 5405. http://dx.doi.org/10.11591/ijece.v12i5.pp5405-5414.
Full textAbstract:
<p><span>Almost every web-based application is managed and operated through a number of websites, each of which is vulnerable to cyber-attacks that are mounted across the same networks used by the applications, with much less risk to the attacker than physical attacks. Such web-based attacks make use of a range of modern techniques-such as structured query language injection (SQLi), cross-site scripting, and data tampering-to achieve their aims. Among them, SQLi is the most popular and vulnerable attack, which can be performed in one of two ways; either by an outsider of an organization (known as the outside attacker) or by an insider with a good knowledge of the system with proper administrative rights (known as the inside attacker). An inside attacker, in contrast to an outsider, can take down the system easily and pose a significant challenge to any organization, and therefore needs to be identified in advance to mitigate the possible consequences. Blockchain-based technique is an efficient approach to detect and mitigate SQLi attacks and is widely used these days. Thus, in this study, a hybrid method is proposed that combines a SQL query matching technique (SQLMT) and a standard blockchain framework to detect SQLi attacks created by insiders. The results obtained by the proposed hybrid method through computational experiments are further validated using standard web validation tools.</span></p>
21
Gunasekhar, T., K. Thirupathi Rao, V. Krishna Reddy, P. Sai Kiran, and B. Thirumala Rao. "Mitigation of Insider Attacks through Multi-Cloud." International Journal of Electrical and Computer Engineering (IJECE) 5, no. 1 (2015): 136. http://dx.doi.org/10.11591/ijece.v5i1.pp136-141.
Full textAbstract:
The malicious insider can be an employees, user and/or third party business partner. In cloud environment, clients may store sensitive data about their organization in cloud data centers. The cloud service provider should ensure integrity, security, access control and confidentiality about the stored data at cloud data centers. The malicious insiders can perform stealing on sensitive data at cloud storage and at organizations. Most of the organizations ignoring the insider attack because it is harder to detect and mitigate. This is a major emerging problem at the cloud data centers as well as in organizations. In this paper, we proposed a method that ensures security, integrity, access control and confidentiality on sensitive data of cloud clients by employing multi cloud service providers. The organization should encrypt the sensitive data with their security policy and procedures and store the encrypted data in trusted cloud. The keys which are used during encryption process are again encrypted and stored in another cloud area. So that organization contains only keys for keys of encrypted data. The Administrator of organization also does not know what data kept in cloud area and if he accesses the data, easily caught during the auditing. Hence, the only authorized used can access the data and use it and we can mitigate insider attacks by providing restricted privileges.
22
Ansar, Kainat, Mansoor Ahmed, Saif Ur Rehman Malik, Markus Helfert, and Jungsuk Kim. "Blockchain based general data protection regulation compliant data breach detection system." PeerJ Computer Science 10 (March 15, 2024): e1882. http://dx.doi.org/10.7717/peerj-cs.1882.
Full textAbstract:
Context Data breaches caused by insiders are on the rise, both in terms of frequency and financial impact on organizations. Insider threat originates from within the targeted organization and users with authorized access to an organization’s network, applications, or databases commit insider attacks. Motivation Insider attacks are difficult to detect because an attacker with administrator capabilities can change logs and login records to destroy the evidence of the attack. Moreover, when such a harmful insider attack goes undetected for months, it can do a lot of damage. Such data breaches may significantly impact the affected data owner’s life. Developing a system for rapidly detecting data breaches is still critical and challenging. General Data Protection Regulation (GDPR) has defined the procedures and policies to mitigate the problems of data protection. Therefore, under the GDPR implementation, the data controller must notify the data protection authority when a data breach has occurred. Problem Statement Existing data breach detection mechanisms rely on a reliable third party. Because of the presence of a third party, such systems are not trustworthy, transparent, secure, immutable, and GDPR-compliant. Contributions To overcome these issues, this study proposed a GDPR-compliant data breach detection system by leveraging the benefits of blockchain technology. Smart contracts are written in Solidity and deployed on a local Ethereum test network to implement the solution. The proposed system can generate alert notifications against every data breach. Results We tested and deployed our proposed system, and the findings indicate that it can accomplish the insider threat mitigation objective. Furthermore, the GDPR compliance analysis of our system was also evaluated to make sure that it complies with the GDPR principles (such as right to be forgotten, access control, conditions for consent, and breach notifications). The conducted analysis has confirmed that the proposed system offers capabilities to comply with the GDPR from an application standpoint.
23
., Sonika, Sandeep Kumar Arora, and Mahedi Masud. "Review on Security Based Vehicular Ad-Hoc Network." International Journal of Engineering & Technology 7, no. 3.8 (2018): 125. http://dx.doi.org/10.14419/ijet.v7i3.8.16846.
Full textAbstract:
VANET a vehicular ad-hoc network provides the security to vehicles. To provide security in VANET, we are using Elliptical curve cryptography. In this paper we are going to discuss various techniques of cryptography, the techniques such are Advanced Encryption Standard, Data Encryption Standard, and Triple Data Encryption Standard. These techniques are part of symmetric and asymmetric cryptography. In addition to this there are some attacks which we are discussing in this paper like, masquerade attack, replay attack, insider attack, mutual authentication attack, and parallel session attack. These attacks are on different layer. At the end we are comparing these attacks with each other and compare their quality of services.
24
Lu, Yang, and Jiguo Li. "Efficient Certificate-Based Signcryption Secure against Public Key Replacement Attacks and Insider Attacks." Scientific World Journal 2014 (2014): 1–12. http://dx.doi.org/10.1155/2014/295419.
Full textAbstract:
Signcryption is a useful cryptographic primitive that achieves confidentiality and authentication in an efficient manner. As an extension of signcryption in certificate-based cryptography, certificate-based signcryption preserves the merits of certificate-based cryptography and signcryption simultaneously. In this paper, we present an improved security model of certificate-based signcryption that covers both public key replacement attack and insider security. We show that an existing certificate-based signcryption scheme is insecure in our model. We also propose a new certificate-based signcryption scheme that achieves security against both public key replacement attacks and insider attacks. We prove in the random oracle model that the proposed scheme is chosen-ciphertext secure and existentially unforgeable. Performance analysis shows that the proposed scheme outperforms all the previous certificate-based signcryption schemes in the literature.
25
Yaramadhi, Mallikarjun, K. Subba Reddy, K. Rajendra Prasad, et al. "Prevent insider attacks, IAM (Identity and Access) solutions should be used in place of simple password-based authentication methods." Journal of Information and Optimization Sciences 46, no. 2 (2025): 509–19. https://doi.org/10.47974/jios-1931.
Full textAbstract:
Advancements in web services have increased the need for enhanced security in user authentication systems. Insider attacks, where privileged insiders compromise sensitive information, pose a significant threat. Rajamanickam et al. proposed a lightweight password-based authentication using Elliptic Curve Cryptography (ECC) to prevent such attacks. However, vulnerabilities in this method were identified by Salman Shamshad et al., highlighting the need for stronger solutions. This paper advocates for Identity and Access Management (IAM) systems, which employ multi-factor authentication (MFA) and single sign-on (SSO), offering enhanced security, access control, and regulatory compliance for organizations, effectively mitigating insider threats and other cyber risks.
26
Lallie, Harjinder Singh, Andrew Thompson, Elzbieta Titis, and Paul Stephens. "Analysing Cyber Attacks and Cyber Security Vulnerabilities in the University Sector." Computers 14, no. 2 (2025): 49. https://doi.org/10.3390/computers14020049.
Full textAbstract:
Universities hold and process vast amounts of financial, user, and research data, which makes them prime targets for cybercriminals. In addition to the usual external threat actors, universities face a unique insider threat from students, who—alongside staff—may lack adequate cyber security training despite having access to various sensitive systems. This paper provides a focused assessment of the current cyber security threats facing UK universities, based on a comprehensive review of available information. A chronological timeline of notable cyber attacks against universities is produced, with incidents classified according to the CIA triad (Confidentiality, Integrity, Availability) and incident type. Several issues have been identified. Limited disclosure of attack details is a major concern, as full information is often withheld for security reasons, hindering institutions’ abilities to assess vulnerabilities thoroughly and respond effectively. Additionally, universities increasingly rely on third-party service providers for critical services, meaning that an attack on these external providers can directly impact university operations and data security. While SQL injection attacks, previously a significant issue, appear to have declined in frequency—perhaps reflecting improvements in defences—other threats continue to persist. Universities report lower levels of concern regarding DDoS attacks, potentially due to enhanced resilience and mitigation strategies; however, ransomware and phishing attacks remain prevalent. Insider threats, especially from students with varied IT skills, exacerbate these risks, as insiders may unknowingly or maliciously facilitate cyber attacks, posing ongoing challenges for university IT teams. This study recommends that universities leverage these insights, along with other available data, to refine their cyber security strategies. Developing targeted policies, strengthening training, and implementing international standards will allow universities to enhance their security posture and mitigate the complex and evolving threats they face.
27
Deep, Gaurav, Rajni Mohana, Anand Nayyar, P. Sanjeevikumar, and Eklas Hossain. "Authentication Protocol for Cloud Databases Using Blockchain Mechanism." Sensors 19, no. 20 (2019): 4444. http://dx.doi.org/10.3390/s19204444.
Full textAbstract:
Cloud computing has made the software development process fast and flexible but on the other hand it has contributed to increasing security attacks. Employees who manage the data in cloud companies may face insider attack, affecting their reputation. They have the advantage of accessing the user data by interacting with the authentication mechanism. The primary aim of this research paper is to provide a novel secure authentication mechanism by using Blockchain technology for cloud databases. Blockchain makes it difficult to change user login credentials details in the user authentication process by an insider. The insider is not able to access the user authentication data due to the distributed ledger-based authentication scheme. Activity of insider can be traced and cannot be changed. Both insider and outsider user’s are authenticated using individual IDs and signatures. Furthermore, the user access control on the cloud database is also authenticated. The algorithm and theorem of the proposed mechanism have been given to demonstrate the applicability and correctness.The proposed mechanism is tested on the Scyther formal system tool against denial of service, impersonation, offline guessing, and no replay attacks. Scyther results show that the proposed methodology is secure cum robust.
28
Vitalii Savchenko, Vitalii Savchenko, V. Savchenko, T. Dzyuba, et al. "Time Aspect of Insider Threat Mitigation." Advances in Military Technology 19, no. 1 (2024): 149–64. http://dx.doi.org/10.3849/aimt.01830.
Full textAbstract:
The article reveals the problem of mitigating an insider threat by creating a time-balanced security system in an organization. Based on Markov chain, the authors propose a basic model of interaction in an “organization – insider” system. The article analytically defines a ratio between the time of an insider attack and the time during which the organization’s security system can neutralize it. The authors propose a concept of a multi-level system of organization protection, which takes into account the involved resources and practical skills of employees, as well as security services. At the end of the article, it is concluded that the proposed concept of the organization’s protection system will be effective against potential insider attacks.
29
Nam, Junghyun, Kim-Kwang Raymond Choo, Junghwan Kim, et al. "Password-Only Authenticated Three-Party Key Exchange with Provable Security in the Standard Model." Scientific World Journal 2014 (2014): 1–11. http://dx.doi.org/10.1155/2014/825072.
Full textAbstract:
Protocols for password-only authenticated key exchange (PAKE) in the three-party setting allow two clients registered with the same authentication server to derive a common secret key from their individual password shared with the server. Existing three-party PAKE protocols were proven secure under the assumption of the existence of random oracles or in a model that does not consider insider attacks. Therefore, these protocols may turn out to be insecure when the random oracle is instantiated with a particular hash function or an insider attack is mounted against the partner client. The contribution of this paper is to present the first three-party PAKE protocol whose security is proven without any idealized assumptions in a model that captures insider attacks. The proof model we use is a variant of the indistinguishability-based model of Bellare, Pointcheval, and Rogaway (2000), which is one of the most widely accepted models for security analysis of password-based key exchange protocols. We demonstrated that our protocol achieves not only the typical indistinguishability-based security of session keys but also the password security against undetectable online dictionary attacks.
30
Saranjame, Rahul, and Manik Lal Das. "Securing Digital Image from Malicious Insider Attacks." International Journal of Computer Vision and Image Processing 8, no. 2 (2018): 49–58. http://dx.doi.org/10.4018/ijcvip.2018040103.
Full textAbstract:
Protection of digital images from malicious (and dishonest) insider entities is an important concern in modern digital space. A malicious entity can alter some important features of an image to mislead the target recipient of the image, which can cause harm in applications such as healthcare, insurance, product description and so on. In order to protect digital images, cryptographic primitives such as pseudo-random function and digital signature have been used in practice for image protection. In this article, the authors present a method of image protection from malicious image manipulation. The authors use the concept of secret sharing and public key primitives in the proposed method. This article discusses on attacks involving generation of fake shares to cheat honest user(s) and a demonstration of the proposed system employing a centralized server to generate shares and authenticate them on the basis of requests is made as a counter to the described attack.
31
Oberoi, Priya, Sumit Mittal, and Rajneesh Kumar Gujral. "ADRCN: A Framework to Detect and Mitigate Malicious Insider Attacks in Cloud-Based Environment on IaaS." International Journal of Mathematical, Engineering and Management Sciences 4, no. 3 (2019): 654–70. http://dx.doi.org/10.33889//ijmems.2019.4.3-052.
Full textAbstract:
Security is a critical factor for any of the computing platforms. Cloud computing is a new computing environment but still, its basic technology is the Internet. Thus, Cloud computing environment not only has the threats of its own but it is also prone to security issues of its underlying technology i.e. Internet. In this paper, the authors are proposing a secure routing framework viz. Authenticated Dynamic Routing in Cloud Networks (ADRCN) to mitigate the malicious insider attacks while maintaining the path integrity in the Clouds. Symmetric cryptography with hashing is used to maintain the integrity of the path between the source and destination. The purpose of ADRCN is to maintain the integrity of the path between the client and data center. If malicious insider tries to perform an attack between the client and the data center then it will be detected. This work aims to give a solution for detection and prevention of malicious insider attacks in Cloud-based environments.
32
Althebyan, Qutaibah. "Mitigating Insider Threats on the Edge: A Knowledgebase Approach." International Arab Journal of Information Technology 17, no. 4A (2020): 621–28. http://dx.doi.org/10.34028/iajit/17/4a/6.
Full textAbstract:
Insider Threats, who are cloud internal users, cause very serious problems, which in terns, leads to devastating attacks for both individuals and organizations. Although, most of the attentions, in the real world, is for the outsider attacks, however, the most damaging attacks come from the Insiders. In cloud computing, the problem becomes worst in which the number of insiders are maximized and hence, the amount of data that can be breached and disclosed is also maximized. Consequently, insiders' threats in the cloud ought to be one of the top most issues that should be handled and settled. Classical solutions to defend against insiders’ threats might fail short as it is not easy to track both activities of the insiders as well as the amount of knowledge an insider can accumulate through his/her privileged accesses. Such accumulated knowledge can be used to disclose critical information –which the insider is not privileged to- through expected dependencies that exist among different data items that reside in one or more nodes of the cloud. This paper provides a solution that suits well the specialized nature of the above mentioned problem. This solution takes advantage of knowledge bases by tracking accumulated knowledge of insiders through building Knowledge Graphs (KGs) for each insider. It also takes advantage of Mobile Edge Computing (MEC) by building a fog layer where a mitigation unit -resides on the edge- takes care of the insiders threats in a place that is as close as possible to the place where insiders reside. As a consequence, this gives continuous reactions to the insiders’ threats in real-time, and at the same time, lessens the overhead in the cloud. The MEC model to be presented in this paper utilizes a knowledgebase approach where insiders’ knowledge is tracked and modeled. In case an insider knowledge accumulates to a level that is expected to cause some potential disclosure of private data, an alarm will be raised so that expected actions should be taken to mitigate this risk. The knowledgebase approach involves generating Knowledge Graphs (KGs), Dependency Graphs (DGs) where a Threat Prediction Value (TPV) is evaluated to estimate the risk upon which alarms for potential disclosure are raised. Experimental analysis has been conducted using CloudExp simulator where the results have shown the ability of the proposed model to raise alarms for potential risks from insiders in a real time fashion with accurate precision
33
Chowdhury, Morshed, Biplob Ray, Sujan Chowdhury, and Sutharshan Rajasegarar. "A Novel Insider Attack and Machine Learning Based Detection for the Internet of Things." ACM Transactions on Internet of Things 2, no. 4 (2021): 1–23. http://dx.doi.org/10.1145/3466721.
Full textAbstract:
Due to the widespread functional benefits, such as supporting internet connectivity, having high visibility and enabling easy connectivity between sensors, the Internet of Things (IoT) has become popular and used in many applications, such as for smart city, smart health, smart home, and smart vehicle realizations. These IoT-based systems contribute to both daily life and business, including sensitive and emergency situations. In general, the devices or sensors used in the IoT have very limited computational power, storage capacity, and communication capabilities, but they help to collect a large amount of data as well as maintain communication with the other devices in the network. Since most of the IoT devices have no physical security, and often are open to everyone via radio communication and via the internet, they are highly vulnerable to existing and emerging novel security attacks. Further, the IoT devices are usually integrated with the corporate networks; in this case, the impact of attacks will be much more significant than operating in isolation. Due to the constraints of the IoT devices, and the nature of their operation, existing security mechanisms are less effective for countering the attacks that are specific to the IoT-based systems. This article presents a new insider attack, named loophole attack , that exploits the vulnerabilities present in a widely used IPv6 routing protocol in IoT-based systems, called RPL (Routing over Low Power and Lossy Networks). To protect the IoT system from this insider attack, a machine learning based security mechanism is presented. The proposed attack has been implemented using a Contiki IoT operating system that runs on the Cooja simulator, and the impacts of the attack are analyzed. Evaluation on the collected network traffic data demonstrates that the machine learning based approaches, along with the proposed features, help to accurately detect the insider attack from the network traffic data.
34
R M, Punith, and Priya D. "DeepMIA: An Integrated and Accelerated approach for Malicious Insider Attack Detection in IOT using Deep Learning." International Journal for Research in Applied Science and Engineering Technology 10, no. 7 (2022): 1585–93. http://dx.doi.org/10.22214/ijraset.2022.45407.
Full textAbstract:
Abstract: The Internet of Things (IoT) are poised to transform our lives and are becoming increasingly popular in smart homes, smart industrial networks. IoT devices can be used for a variety of purposes, including healthcare. Always, IoT device security is an issue because they are in charge of creating and handling large amounts of sensitive data. A security breach has been found to have an influence on people and eventually, the entire planet. Artificial intelligence (AI) has a greater range of applications and is currently being investigated for use in IoT device security. A malicious insider attack is the most serious security concern associated with IoT devices. Although much IoT security research has focused on ways to prevent unauthorized and unlawful access to systems and information, the most severe malicious insider attacks, which are often the result of internal attack within an IoT network or environment, have gone unnoticed. Here we have proposed a model called ‘DeepMIA’, which uses Deep Learning to detect dangerous insider attacks in the IoT context. This in resource-constrained IoT contexts, the research proposes a lightweight technique for detecting insider assaults that can detect abnormalities arising from sensors data or device data that are connected in a IoT Environment. The DeepMIA model is evaluated with UNSW-NB15 Dataset and achieves a decent accuracy of 99% with deep learning models
35
Gayathri, R. G., Atul Sajjanhar, and Yong Xiang. "Image-Based Feature Representation for Insider Threat Classification." Applied Sciences 10, no. 14 (2020): 4945. http://dx.doi.org/10.3390/app10144945.
Full textAbstract:
Cybersecurity attacks can arise from internal and external sources. The attacks perpetrated by internal sources are also referred to as insider threats. These are a cause of serious concern to organizations because of the significant damage that can be inflicted by malicious insiders. In this paper, we propose an approach for insider threat classification which is motivated by the effectiveness of pre-trained deep convolutional neural networks (DCNNs) for image classification. In the proposed approach, we extract features from usage patterns of insiders and represent these features as images. Hence, images are used to represent the resource access patterns of the employees within an organization. After construction of images, we use pre-trained DCNNs for anomaly detection, with the aim to identify malicious insiders. Random under sampling is used for reducing the class imbalance issue. The proposed approach is evaluated using the MobileNetV2, VGG19, and ResNet50 pre-trained models, and a benchmark dataset. Experimental results show that the proposed method is effective and outperforms other state-of-the-art methods.
36
Greitzer, Frank L., and Ryan E. Hohimer. "Modeling Human Behavior to Anticipate Insider Attacks." Journal of Strategic Security 4, no. 2 (2011): 25–48. http://dx.doi.org/10.5038/1944-0472.4.2.2.
Full text
37
Long, Austin. "‘Green on Blue’: Insider Attacks in Afghanistan." Survival 55, no. 3 (2013): 167–82. http://dx.doi.org/10.1080/00396338.2013.802860.
Full text
38
Furnell, Steven. "Enemies within: the problem of insider attacks." Computer Fraud & Security 2004, no. 7 (2004): 6–11. http://dx.doi.org/10.1016/s1361-3723(04)00087-9.
Full text
39
Triana, Yaya Sudarya, Mohd Azam Osman, Deris Stiawan, and Rahmat Budiarto. "User behavior analysis for insider attack detection using a combination of memory prediction model and recursive feature elimination algorithm." International Journal of Electrical and Computer Engineering (IJECE) 15, no. 2 (2025): 1793–804. https://doi.org/10.11591/ijece.v15i2.pp1793-1804.
Full textAbstract:
Existing defense tools against the insider attacks are rare, not in real time fashion and suffer from low detection accuracy as the attacks become more sophisticated. Thus, a detection tool with online learning ability and better accuracy is required urgently. This study proposes an insider attack detection model by leveraging entity behavior analysis technique based on a memory prediction model combined with the recursive feature elimination (RFE) feature selection algorithm. The memory-prediction model provides ability to perform online learning, while the RFE algorithm is deployed to reduce data dimensionality. Dataset for the experiment was created from a real network with 150 active users, and mixed with attacks data from publicly available dataset. The dataset is simulated on a testbed network environment consisting of a server configured to run 4 virtual servers and other two computers as traffic generator and detection tool. The experimental results show 94.01% of detection accuracy, 95.64% of precision, 99.28% of sensitivity, and 96.08% of F1-score. The proposed model is able to perform on-the-fly learning to address evolving nature of the attacks. Combining memory prediction models with the RFE for user behavior analysis is a promising approach, and achieving high accuracy is definitely a positive outcome.
40
Priya, P. Mohana, and Abhijit Ranganathan. "Cyber Awareness Learning Imitation Environment (CALIE): A Card Game to provide Cyber Security Awareness for Various Group of Practitioners." International Journal of Advanced Networking and Applications 14, no. 02 (2022): 5334–41. http://dx.doi.org/10.35444/ijana.2022.14203.
Full textAbstract:
Cyber attacks produced a massive impact for all online users, interrupted intended user’s internet services, financial losses, business interruptions for a large-scale industry. A proper cyber security education is must for the employees of an organization. The management prefers active based learning environment to train all non-IT and non-professionals working in an organization. This research work concentrates on development of gaming platform in both local host and in an online mode as a videogame for cyber security education. With this regard, Cyber Awareness Learning Imitation Environment – a card deck gaming environment is proposed where attackers can choose the attack cards to learn various cyber-attacks, defense cards are used for providing the suitable defense mechanism, Instruction card- to be used for learning about how to generate cyber-attacks and recent incident card used to train the players with recent incidents of various cyber-attacks discussed such as malware attack, phishing attack, password attack, Man-in-the-Middle attack, Structured Query Language injection attack, denial of service attack, insider threats, crypto jacking, zero-day exploit and watering hole attack. Questionnaire based feedback report is collected from the players to analyze their understanding about various cyber-attacks.
41
Claycomb, William, and Dongwan Shin. "A User Controlled Approach for Securing Sensitive Information in Directory Services." JUCS - Journal of Universal Computer Science 15, no. (15) (2009): 2999–3018. https://doi.org/10.3217/jucs-015-15-2999.
Full textAbstract:
Enterprise directory services are commonly used in enterprise systems to store object information relating to employees, computers, contacts, etc. These stores can act as information providers or sources for authentication and access control decisions, and could potentially contain sensitive information. An insider attack, particularly if carried out using administrative privileges, could compromise large amounts of directory information. We present two solutions for protecting directory services information from insider attacks. The first is a centralized approach utilizing a customized virtual directory server. The second is a distributed approach using existing key management infrastructure and a new component called a Personal Virtual Directory Service. We explain how these solutions interact with existing directory services and client applications. We also show how impact to existing users, client applications, and directory services are minimized, and how we prevent insider attacks from revealing protected data. We compare and contrast both solutions, including potential tradeoffs, administrative overhead, and enterprise systems impact. Additionally, our solution is supported by implementation results showing the impact to client performance and directory storage capacity.
42
Gayathri, R. G., Atul Sajjanhar, and Yong Xiang. "Adversarial Training for Mitigating Insider-Driven XAI-Based Backdoor Attacks." Future Internet 17, no. 5 (2025): 209. https://doi.org/10.3390/fi17050209.
Full textAbstract:
The study investigates how adversarial training techniques can be used to introduce backdoors into deep learning models by an insider with privileged access to training data. The research demonstrates an insider-driven poison-label backdoor approach in which triggers are introduced into the training dataset. These triggers misclassify poisoned inputs while maintaining standard classification on clean data. An adversary can improve the stealth and effectiveness of such attacks by utilizing XAI techniques, which makes the detection of such attacks more difficult. The study uses publicly available datasets to evaluate the robustness of the deep learning models in this situation. Our experiments show that adversarial training considerably reduces backdoor attacks. These results are verified using various performance metrics, revealing model vulnerabilities and possible countermeasures. The findings demonstrate the importance of robust training techniques and effective adversarial defenses to improve the security of deep learning models against insider-driven backdoor attacks.
43
Cho, Youngho, and Gang Qu. "A Hybrid Trust Model against Insider Packet Drop Attacks in Wireless Sensor Networks." Sensors 23, no. 9 (2023): 4407. http://dx.doi.org/10.3390/s23094407.
Full textAbstract:
Quick and accurate detection of inside packet drop attackers is of critical importance to reduce the damage they can have on the network. Trust mechanisms have been widely used in wireless sensor networks for this purpose. However, existing trust models are not effective because they cannot distinguish between packet drops caused by an attack and those caused by normal network failure. We observe that insider packet drop attacks will cause more consecutive packet drops than a network abnormality. Therefore, we propose the use of consecutive packet drops to speed up the detection of inside packet drop attackers. In this article, we describe a new trust model based on consecutive drops and develop a hybrid trust mechanism to seamlessly integrate the new trust model with existing trust models. We perform extensive OPNET (Optimized Network Engineering Tool) simulations using a geographic greedy routing protocol to validate the effectiveness of our new model. The simulation results show that our hybrid trust model outperforms existing trust models for all types of inside packet drop attacks, not only in terms of detection speed and accuracy as it is designed for, but also in terms of other important network performance metrics, such as packet delivery rate, routing reliability, and energy efficiency.
44
Kim, Park, Kim, Cho, and Kang. "Insider Threat Detection Based on User Behavior Modeling and Anomaly Detection Algorithms." Applied Sciences 9, no. 19 (2019): 4018. http://dx.doi.org/10.3390/app9194018.
Full textAbstract:
Insider threats are malicious activities by authorized users, such as theft of intellectual property or security information, fraud, and sabotage. Although the number of insider threats is much lower than external network attacks, insider threats can cause extensive damage. As insiders are very familiar with an organization’s system, it is very difficult to detect their malicious behavior. Traditional insider-threat detection methods focus on rule-based approaches built by domain experts, but they are neither flexible nor robust. In this paper, we propose insider-threat detection methods based on user behavior modeling and anomaly detection algorithms. Based on user log data, we constructed three types of datasets: user’s daily activity summary, e-mail contents topic distribution, and user’s weekly e-mail communication history. Then, we applied four anomaly detection algorithms and their combinations to detect malicious activities. Experimental results indicate that the proposed framework can work well for imbalanced datasets in which there are only a few insider threats and where no domain experts’ knowledge is provided.
45
Buinevich, Mikhail, and Grigory Moiseenko. "Combining of Heterogeneous Destructive Impact on the Information System and Countering Attacks (on Example by Insider Activity and DDoS-Attack)." Telecom IT 11, no. 3 (2023): 27–36. http://dx.doi.org/10.31854/2307-1303-2023-11-3-27-36.
Full textAbstract:
Problem statement. By now, information security specialists have developed a sufficiently broad pool of mechanisms and means of countering cyberattacks for virtually all classes of destructive effects on information systems. Therefore, in order to break the relative parity "attack vs defense", attackers intensify their onslaught on information security systems by combining heterogeneous destructive influences, thus hampering the ability to counteract them. Despite a significant number of publications devoted to such information confrontation, there are no scientific studies devoted to analyzing this relatively new phenomenon in terms of identifying the limits of combinations, as well as the ability to counteract possible combinations in the public domain. The aim of the work is to study the phenomenon of combining heterogeneous destructive influences on the information system and counteracting such attacks. Methods used. The possibility of combining qualitatively heterogeneous attacks on the information system of the organization is studied. In order to classify and distinguish such attacks, categorical division apparatus is applied using the following pairs: Human vs Automaton, Inside vs Outside, Single vs Multiple. Result. The application of categorical division allowed to distinguish 8 classes of attacks from the position of their realization mechanism; the interpretation of each of the classes is given and an example is given. Novelty. The combination of two seemingly unrelated destructive influences – insider activity and DDoS-attack – is considered for the first time; their generalized scheme, stages of their implementation, as well as the complexity of counteraction to them are given.
46
Triana, Yaya Sudarya, Mohd Azam Osman, Deris Stiawan, and Rahmat Budiarto. "User behavior analysis for insider attack detection using a combination of memory prediction model and recursive feature elimination algorithm." International Journal of Electrical and Computer Engineering (IJECE) 15, no. 2 (2025): 1793. https://doi.org/10.11591/ijece.v15i2.pp1793-1804.
Full textAbstract:
Existing defense tools against the insider attacks are rare, not in real time fashion and suffer from low detection accuracy as the attacks become more sophisticated. Thus, a detection tool with online learning ability and better accuracy is required urgently. This study proposes an insider attack detection model by leveraging entity behavior analysis technique based on a memory prediction model combined with the recursive feature elimination (RFE) feature selection algorithm. The memory-prediction model provides ability to perform online learning, while the RFE algorithm is deployed to reduce data dimensionality. Dataset for the experiment was created from a real network with 150 active users, and mixed with attacks data from publicly available dataset. The dataset is simulated on a testbed network environment consisting of a server configured to run 4 virtual servers and other two computers as traffic generator and detection tool. The experimental results show 94.01% of detection accuracy, 95.64% of precision, 99.28% of sensitivity, and 96.08% of F1-score. The proposed model is able to perform on-the-fly learning to address evolving nature of the attacks. Combining memory prediction models with the RFE for user behavior analysis is a promising approach, and achieving high accuracy is definitely a positive outcome.
47
Al-Mhiqani, Mohammed Nasser, Rabiah Ahmad, Z. Zainal Abidin, et al. "A Review of Insider Threat Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations." Applied Sciences 10, no. 15 (2020): 5208. http://dx.doi.org/10.3390/app10155208.
Full textAbstract:
Insider threat has become a widely accepted issue and one of the major challenges in cybersecurity. This phenomenon indicates that threats require special detection systems, methods, and tools, which entail the ability to facilitate accurate and fast detection of a malicious insider. Several studies on insider threat detection and related areas in dealing with this issue have been proposed. Various studies aimed to deepen the conceptual understanding of insider threats. However, there are many limitations, such as a lack of real cases, biases in making conclusions, which are a major concern and remain unclear, and the lack of a study that surveys insider threats from many different perspectives and focuses on the theoretical, technical, and statistical aspects of insider threats. The survey aims to present a taxonomy of contemporary insider types, access, level, motivation, insider profiling, effect security property, and methods used by attackers to conduct attacks and a review of notable recent works on insider threat detection, which covers the analyzed behaviors, machine-learning techniques, dataset, detection methodology, and evaluation metrics. Several real cases of insider threats have been analyzed to provide statistical information about insiders. In addition, this survey highlights the challenges faced by other researchers and provides recommendations to minimize obstacles.
48
Nam, Junghyun, Kim-Kwang Raymond Choo, Juryon Paik, and Dongho Won. "Password-Only Authenticated Three-Party Key Exchange Proven Secure against Insider Dictionary Attacks." Scientific World Journal 2014 (2014): 1–15. http://dx.doi.org/10.1155/2014/802359.
Full textAbstract:
While a number of protocols for password-only authenticated key exchange (PAKE) in the 3-party setting have been proposed, it still remains a challenging task to prove the security of a 3-party PAKE protocol against insider dictionary attacks. To the best of our knowledge, there is no 3-party PAKE protocol that carries a formal proof, or even definition, of security against insider dictionary attacks. In this paper, we present the first 3-party PAKE protocol proven secure against both online and offline dictionary attacks as well as insider and outsider dictionary attacks. Our construct can be viewed as a protocol compiler that transforms any 2-party PAKE protocol into a 3-party PAKE protocol with 2 additional rounds of communication. We also present a simple and intuitive approach of formally modelling dictionary attacks in the password-only 3-party setting, which significantly reduces the complexity of proving the security of 3-party PAKE protocols against dictionary attacks. In addition, we investigate the security of the well-known 3-party PAKE protocol, called GPAKE, due to Abdalla et al. (2005, 2006), and demonstrate that the security of GPAKE against online dictionary attacks depends heavily on the composition of its two building blocks, namely a 2-party PAKE protocol and a 3-party key distribution protocol.
49
Egreira Ali Abuhamra, Eng Abdalgader. "Concept of Network security." International Journal of Advances in Engineering and Management 7, no. 3 (2025): 384–90. https://doi.org/10.35629/5252-0703384390.
Full textAbstract:
Network security incorporates various technologies, processes, and devices into a broad strategy that protects the integrity, confidentiality, and accessibility of computer networks. Organizations of all sizes, industries, or infrastructure types require network security to protect against an ever-evolving cyber threat landscape.The security is a most important part of every network design. Planning, building, and operating a network, it should understand the importance of a strong security rule. Network Security is a security rule that defines what people can and can't do with network components and resources. The fundamental purpose of a network security is to protect against attacks from the Internet. There are many different ways of attacking a network such as: Hacker attacks whereby a remote Internet user attempts to gain access to a network, usually with the intention to destroy or copy data. The major attacks to network security are passive attack, active attack, distributed attack, insider attack; close in attack, Phishing Attack, Hijack attack, Password attack etc. However a system must be able to limit damage and recover rapidly when attacks occur. So there are various solutions when any of above attacks occurs. Some of the common solutions of these attacks are firewalls, user account access controls and cryptography. The first major challenge for network security is the rapid evolution of the cyber threat landscape. Technologies evolve quickly, and attackers find new ways to infiltrate and exploit corporate networks, requiring businesses to implement new defenses to protect their networks.
50
Krauß, Christoph, Markus Schneider, and Claudia Eckert. "On handling insider attacks in wireless sensor networks." Information Security Technical Report 13, no. 3 (2008): 165–72. http://dx.doi.org/10.1016/j.istr.2008.10.011.
Full text