Using PLSI-U to Detect Insider Threats by Datamining Email

Despite a technology bias that focuses on external electronic threats, insiders pose the greatest threat to an organisation. This paper discusses an approach to assist investigators in identifying potential insider threats. We discern employees\u27 interests from e-mail using an extended version of PLSI. These interests are transformed into implicit and explicit social network graphs, which are used to locate potential insiders by identifying individuals who feel alienated from the organisation or have a hidden interest in a sensitive topic. By applying this technique to the Enron e-mail corpus, a small number of employees appear as potential insider threats

IEEE 802.11 user fingerprinting and its applications for intrusion detection

AbstractEasy associations with wireless access points (APs) give users temporal and quick access to the Internet. It needs only a few seconds to take their machines to hotspots and do a little configuration in order to have Internet access. However, this portability becomes a double-edged sword for ignorant network users. Network protocol analyzers are typically developed for network performance analysis. Nonetheless, they can also be used to reveal user’s privacy by classifying network traffic. Some characteristics in IEEE 802.11 traffic particularly help identify users. Like actual human fingerprints, there are also unique traffic characteristics for each network user. They are called network user fingerprints, by tracking which more than half of network users can be connected to their traffic even with medium access control (MAC) layer pseudonyms. On the other hand, the concept of network user fingerprint is likely to be a powerful tool for intrusion detection and computer/digital forensics. As with actual criminal investigations, comparison of sampling data to training data may increase confidence in criminal specification. This article focuses on a survey on a user fingerprinting technique of IEEE 802.11 wireless LAN traffic. We also summarize some of the researches on IEEE 802.11 network characteristic analysis to figure out rogue APs and MAC protocol misbehaviors

Virtue Ethics: Examining Influences on the Ethical Commitment of Information System Workers in Trusted Positions

Despite an abundance of research on the problem of insider threats, only limited success has been achieved in preventing trusted insiders from committing security violations. Virtue ethics may be an approach that can be utilized to address this issue. Human factors such as moral considerations impact Information System (IS) design, use, and security; consequently they affect the security posture and culture of an organization. Virtue ethics based concepts have the potential to influence and align the moral values and behavior of information systems workers with those of an organization in order to provide increased protection of IS assets. An individual’s character strengths have been linked to positive personal development, but there has been very little research into how the positive characteristics of virtue ethics, exhibited through the character development of information systems workers, can contribute to improving system security. This research aimed to address this gap by examining factors that affect and shape the ethical perspectives of individuals entrusted with privileged access to information. This study builds upon prior research and theoretical frameworks on institutionalizing ethics into organizations and Information Ethics to propose a new theoretical model which demonstrates the influences on Information Systems Security (ISS) trusted worker ethical behavior within an organization. Components of the research model include ISS virtue ethics based constructs, organizational based internal influences, societal based external influences, and trusted worker ethical behavior. This study used data collected from 395 professionals in an ISS organization to empirically assess the model. Partial Least Squares Structural Equation Modeling was employed to analyze the indicators, constructs, and path relationships. Various statistical tests determined validity and reliability, with mixed but adequate results. All of the relationships between constructs were positive, although some were stronger and more significant. The expectation of the researcher in this study was to better understand the character of individuals who pose an insider threat by validating the proposed model, thereby providing a conceptual analysis of the character traits which influence the ethical behavior of trusted workers and ultimately information system security