Insider Threat Detection

Students: Ting Xie, Gökhan Kul, Duc Thanh Luong

One of the greatest threats to a the security of a database system comes from within: Users who have been granted access to data using it in a malicious or illegitimate way. Often this is simply a matter of practicality; It is rarely feasible to establish an access control policy that is sufficiently permissive to be usable, while still being sufficiently restrictive to preclude malicious use. Our goal is to develop new types of statistical signatures for a user or role's behavior as they access a database. Using these signatures, we can identify non-standard behvaior that could be evidence of malicious activity.

(Insider Threats is supported by NSF Grant #69110 and is in collaboration with Shambhu Upadhyaya, Varun Chandola, and Long Nguyen)