42 research outputs found
An Insider Misuse Threat Detection and Prediction Language
Numerous studies indicate that amongst the various types of security threats, the
problem of insider misuse of IT systems can have serious consequences for the health
of computing infrastructures. Although incidents of external origin are also dangerous,
the insider IT misuse problem is difficult to address for a number of reasons. A
fundamental reason that makes the problem mitigation difficult relates to the level of
trust legitimate users possess inside the organization. The trust factor makes it difficult
to detect threats originating from the actions and credentials of individual users. An
equally important difficulty in the process of mitigating insider IT threats is based on
the variability of the problem. The nature of Insider IT misuse varies amongst
organizations. Hence, the problem of expressing what constitutes a threat, as well as
the process of detecting and predicting it are non trivial tasks that add up to the multi-
factorial nature of insider IT misuse.
This thesis is concerned with the process of systematizing the specification of insider
threats, focusing on their system-level detection and prediction. The design of suitable
user audit mechanisms and semantics form a Domain Specific Language to detect and
predict insider misuse incidents. As a result, the thesis proposes in detail ways to
construct standardized descriptions (signatures) of insider threat incidents, as means
of aiding researchers and IT system experts mitigate the problem of insider IT misuse.
The produced audit engine (LUARM – Logging User Actions in Relational Mode) and
the Insider Threat Prediction and Specification Language (ITPSL) are two utilities that
can be added to the IT insider misuse mitigation arsenal. LUARM is a novel audit
engine designed specifically to address the needs of monitoring insider actions. These
needs cannot be met by traditional open source audit utilities. ITPSL is an XML based
markup that can standardize the description of incidents and threats and thus make use
of the LUARM audit data. Its novelty lies on the fact that it can be used to detect as
well as predict instances of threats, a task that has not been achieved to this date by a
domain specific language to address threats.
The research project evaluated the produced language using a cyber-misuse
experiment approach derived from real world misuse incident data. The results of the
experiment showed that the ITPSL and its associated audit engine LUARM
provide a good foundation for insider threat specification and prediction. Some
language deficiencies relate to the fact that the insider threat specification process
requires a good knowledge of the software applications used in a computer system. As
the language is easily expandable, future developments to improve the language
towards this direction are suggested
Superclusteroid: a Web tool dedicated to data processing of protein-protein interaction networks
The study of proteins and the interactions between them, known as Protein-Protein Interactions (PPI), is extremely important in interpreting all biological cellular functions. In this article, a new web tool called Superclusteroid is presented which can analyse PPI data, in order to detect protein complexes or characterise the functionality of unknown proteins. The tool is essentially an intuitive PPI data processing pipeline. It supports various input file formats and provides services such as clustering, PPI network visualisation and protein cluster function prediction. Each Superclusteroid service can be used in a sequential manner or on an individual basis. In order to assess the reliability of our tool to infer PPIs, the results of the tool were compared to already known MIPS database complexes and a case scenario is presented where a known protein complex is predicted and the functionality of some of its proteins is revealed
Πολιτικο-στρατιωτική συνεργασία στην αντιμετώπιση εκτάκτων αναγκών. Αξιολόγηση της ποιότητας παροχής υπηρεσιών των δομών που στελεχώθηκαν από το λόχο CIMIC στην προσφυγική κρίση της Ελλάδας, 2014 – 2016
Η προσφυγική κρίση, είναι πολυδιάστατο πρόβλημα και χρίζει διεπιστημονικής διερεύνησης. Στην εργασία αυτή, αξιολογούνται οι παρεμβάσεις τμημάτων των Ενόπλων Δυνάμεων, ειδικά εκπαιδευμένων στην πολιτικο-στρατιωτική συνεργασία (CIMIC), στην οργάνωση και διαχείριση προσφυγικών δομών. Μελετήθηκαν, μέσω συνεντεύξεων, δύο γειτνιάζουσες και διοικητικά παρόμοιες ανοιχτές δομές φιλοξενίας προσφύγων και μεταναστών στην περιοχή της Θεσσαλονίκης. Αξιολογήθηκαν ποιοτικά παράμετροι που σχετίζονται με την ποιότητα ζωής των προσφύγων και συσχετίσθηκαν με την εκπαίδευση ή όχι του προσωπικού που στελέχωνε τις δομές. Η ανάλυση των δεδομένων έδειξε ότι οι περισσότεροι παράμετροι σχετίζονταν θετικά με την κατάρτιση του προσωπικού σε θέματα CIMIC, ενώ ορισμένοι παράμετροι δεν μας επέτρεψαν την εξαγωγή στατιστικά σημαντικών συμπερασμάτων. Από το σύνολο των δεδομένων προκύπτει ότι η γνώση και εφαρμογή των πρακτικών των πρωτοκόλλων CIMIC, επηρεάζει θετικά την ποιότητα των παρεχόμενων υπηρεσιών αλλά και τη γενική διεύθυνση και ομαλή λειτουργία μιας ανοιχτής δομής φιλοξενίας.The refugee crisis is a multi-dimensional problem and requires cross-scientific research. In this study we evaluate the interventions of specially trained units of the Military, in civil-military cooperation (CIMIC), for the organization and the management of refugee camps. Through interviews, we studied two neighbouring and administratively similar camps for hosting refugees and immigrants, in the area of Thessaloniki. A qualitative evaluation was conducted on parameters connected to the quality of life of the refugees, which were then associated with the existence or not of prior training of the staff that manned the camps. Analysis of the data showed that most of the parameters where positively associated with the training of the staff on CIMIC, while certain parameters did not allow the derivation of scientifically significant conclusions. The ensemble of the data indicates that the knowledge and the application of practices according to the CIMIC protocol, affected positively the quality of the provided services, as well as the overall management and normal function of the camps
A preliminary model of end user sophistication for insider threat prediction in IT systems
Abstract The dangers that originate from acts of IT system misuse by legitimate users constitute a separate category of threats with well documented consequences for the integrity, privacy and availability of computer systems and networks. Amongst the various properties of malicious legitimate users one of the most notable ones is the level of his/her sophistication. Various studies indicate that user sophistication and the potential to misuse IT systems are properties that are strongly related. This paper presents a methodology that automates the process of gauging end user sophistication. The establishment of suitable metrics to characterize end user sophistication is discussed followed by an experimental verification of the metrics on a sample of 60 legitimate users, using the UNIX Operating System. The results indicate that a combination of application execution audits and computational resource utilization metrics could be used to characterize the level of IT sophistication of an end user. Although additional testing in a greater variety of computational environments is required in order to validate the derived preliminary scheme, it is considered that the derived methodology could serve as a component of experimental insider threat prediction processes, or any other model that requires a procedure to measure the level of IT knowledge of a legitimate user base.
Improving the Information Security Model by using TFI
In the context of information systems and information technology, information security is a concept that is becoming widely used. The European Network of Excellence INTEROP classifies information security as a nonfunctional aspect of interoperability and as such it is an integral part of the design process for interoperable systems. In the last decade, academics and practitioners have shown their interest in information security, for example by developing security models for evaluating products and setting up security specifications in order to safeguard the confidentiality, integrity, availability and accountability of data. Earlier research has shown that measures to achieve information security in the administrative or organisational level are missing or inadequate. Therefore, there is a need to improve information security models by including vital elements of information security. In this paper, we introduce a holistic view of information security based on a Swedish model combined with a literature survey. Furthermore we suggest extending this model using concepts based on semiotic theory and adopting the view of an information system as constituted of the technical, formal and informal (TFI) parts. The aim is to increase the understanding of the information security domain in order to develop a well-founded theoretical framework, which can be used both in the analysis and the design phase of interoperable systems. Finally, we describe and apply the Information Security (InfoSec) model to the results of three different case studies in the healthcare domain. Limits of the model will be highlighted and an extension will be proposed.In the context of information systems and information technology, information security is a concept that is becoming widely used. The European Network of Excellence INTEROP classifies information security as a nonfunctional aspect of interoperability and as such it is an integral part of the design process for interoperable systems. In the last decade, academics and practitioners have shown their interest in information security, for example by developing security models for evaluating products and setting up security specifications in order to safeguard the confidentiality, integrity, availability and accountability of data. Earlier research has shown that measures to achieve information security in the administrative or organisational level are missing or inadequate. Therefore, there is a need to improve information security models by including vital elements of information security. In this paper, we introduce a holistic view of information security based on a Swedish model combined with a literature survey. Furthermore we suggest extending this model using concepts based on semiotic theory and adopting the view of an information system as constituted of the technical, formal and informal (TFI) parts. The aim is to increase the understanding of the information security domain in order to develop a well-founded theoretical framework, which can be used both in the analysis and the design phase of interoperable systems. Finally, we describe and apply the Information Security (InfoSec) model to the results of three different case studies in the healthcare domain. Limits of the model will be highlighted and an extension will be proposed.Monograph's chapter
Biometrically linking document leakage to the individuals responsible
Insider threats are a significant security issue. The last decade has witnessed countless instances of data loss and exposure in which data has become publicly available and easily accessible. Losing or disclosing sensitive data or confidential information may cause substantial financial and reputational damage to a company. Whilst more recent research has specifically focused on the insider misuse problem, it has tended to focus on the information itself – either through its protection or approaches to detect leakage. In contrast, this paper presents a proactive approach to the attribution of misuse via information leakage using biometrics and a locality-sensitive hashing scheme. The hash digest of the object (e.g. a document) is mapped with the given biometric information of the person who interacted with it and generates a digital imprint file that represents the correlation between the two parties. The proposed approach does not directly store or preserve any explicit biometric information nor document copy in a repository. It is only the established correlation (imprint) is kept for the purpose of reconstructing the mapped information once an incident occurred. Comprehensive experiments for the proposed approach have shown that it is highly possible to establish this correlation even when the original version has undergone significant file modification. In many scenarios, such as changing the file format r removing parts of the document, including words and sentences, it was possible to extract and reconstruct the correlated biometric information out of a modified document (e.g. 100 words were deleted) with an average success rate of 89.31%
Upper Crossed Syndrome
FyzioterapieFaculty of Physical Education and SportFakulta tělesné výchovy a sport
An Architecture for Insider Misuse Threat Prediction in IT Systems
The ever increasing computerization of business processes and mission critical applications,
combined with the rising number of Internet technologies, has created new security threats for
computer systems and networks. Numerous studies indicate that amongst the various types of
security threats, the ones that originate from legitimate user actions can have serious consequences
for the health of IT infrastructures. Although incidents of external origin are also dangerous, the
insider IT misuse problem is difficult to address for a number of different reasons.
This thesis is concerned with the systematic study of the nature of Insider IT misuse problems, as
well as the development of experimental insider IT misuse prediction techniques. The systematic
study of legitimate user misuse actions is necessary due to the composite and variable nature of
Insider IT misuse.
The thesis contains the results of a small scale survey that highlighted many important aspects of
insider misuse actions. The results formed the basis for a suitable Insider Misuse Threat Prediction
Factor Taxonomy, the end product of the systematic examination of the insider IT misuse
phenomenon. The taxonomy was then used to construct a systems architecture that facilitates
legitimate user threat prediction.
Although the proposed experimental architecture is far from the quality of a production-level utility,
it constitutes a novel Insider Threat Prediction Model, which at the time of writing is unique in terms
of its comprehensive design. It is considered that the predictive techniques could be taken forward
in future research, in order to enhance the capability of existing Intrusion Detection Systems and aid
IT professionals to mitigate Insider threats effectively. Various aspects of the proposed threat
prediction model, the Insider IT misuse survey, as well as the proposed Threat Prediction Taxonomy
have been published in conference proceedings and journals