Implementation of Insider Threat Detection System Using Honeypot Based Sensors and Threat Analytics
Journal article, Peer reviewed
Accepted version
View/ Open
Date
2019Metadata
Show full item recordCollections
Original version
10.1007/978-3-030-12385-7_56Abstract
An organization is a combination of vision, technology and employees. The well being of organization is directly associated with the honesty of its workers. However, an organization is also threatened by misuse of information from its agents like former employees, current employees, vendors or business associates. These kinds of threats which are posed from within the organization are known as Insider Threats. Many approaches have been employed to detect the Insider Threats in organizations. One of such approaches is to monitor the system functions to detect possible insiders. These approaches raise unnecessary amount of false positive alarm which is then taken care of with the use of evolutionary algorithms. The solution to this Insider Threat detection requires a lot of configuration before implementation in real world scenarios due to different threshold values in different organizations. Insider Threat detection can be done by means of honeypots sensors in a limited and in satisfactory way. The present research proposes a new technique for detecting insiders using encrypted honeypots. This technique complements the existing insider detection systems and improves its performance in terms of decreasing false positive results.