Journal article Open Access
M Rama Bai; Maaz Bin Saad Quraishi
A growing number of public and private sector organizations are recognizing insider threats as a critical area. In response, many steps are taken to defend assets against risks posed by employees and third-party trust. Insiders pose unique challenges for defenders. Traditional security tools are unlikely to audit insiders, let alone privileged users who have a potentially malicious intent. Although a high-risk activity, it is common to see users sharing passwords between colleagues or subordinates, defeating the purpose of authentication. This increases chances of Insider Attacks (IA), as it is hard to identify malicious insiders, given an attacker is entrusted with highly privileged access to read and write operations. Information Technology Organizations employ many workers with varying level of access, and every user is authenticated with unique login credenti¬als. Controls need to be put in place in order to secure the systems, since it can hamper login patterns. Research indicates that by analysis of system calls (SCs) that are generated upon user login can detect intrusions and read such patterns that are against the normal operations of the system. Information Technology Organizations employ many workers with varying level of access, and no two users have same login behavior. Given every user has a unique login pattern, this work proposes a system called Privacy Protection Against Insider Attacks (PPIA) which learns the login pattern of each user that is authenticated and employs data mining concepts to read user behavior and endeavors to detect insider attacks .Experimental results indicate that the approach is very effective and accurate.