Kurt Wallnau, Brian Lindauer, and Michael Theis, Carnegie Mellon University; Robert Durst, Terrance Champion, Eric Renouf, and Christian Petersen, Skaion Corp.
Abstract:
Our task is to produce test data for a research program developing a new generation of insider threat detection technologies. Test data is created by injecting fictional malicious activity into a background of real user activity. We rely on fictional narratives to specify threats that simulate realistic social complexity, with “drama as data” as a central organizing metaphor. Test cases are scripted as episodes of a fictional crime series, and compiled into time-series data of fictional characters. Users are selected from background to perform the role of fictional characters that best match their real-world roles and activities. Fictional activity is blended into the activity of real users in the cast. The cast and unmodified background users perform dramas in test windows: performances are test cases. Performances by different casts of users, or by the same cast of users in different test windows, constitute distinct test cases.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {184853,
author = {Kurt Wallnau and Brian Lindauer and Michael Theis and Robert Durst and Terrance Champion and Eric Renouf and Christian Petersen},
title = {Simulating Malicious Insiders in Real {Host-Monitored} User Data},
booktitle = {7th Workshop on Cyber Security Experimentation and Test (CSET 14)},
year = {2014},
address = {San Diego, CA},
url = {https://www.usenix.org/conference/cset14/workshop-program/presentation/lindauer},
publisher = {USENIX Association},
month = aug
}
Twitter
Facebook
LinkedIn
Google+
YouTube
connect with us