Summaries - Office of Research & Innovation
Research Summaries
Back Detecting Threatening Insiders with Lightweight Media Forensics
Fiscal Year | 2012 |
Division | Graduate School of Operational & Information Sciences |
Department | Computer Science |
Investigator(s) |
Garfinkel, Simson L.
Young, Joel D. |
Sponsor | Department of Homeland Security (DHS) |
Summary | Experience has shown that insiders will frequently collect secret and sensitive information on their personal-use workstations prior to exfiltration. As such, the collection of information on these workstations diverges significantly from historical norms and morns within the organization. This project would use that divergence as a way of detecting potentially hostile insiders. A lightweight forensics agent is run on each workstation within an organization, and the results from each forensic analysis are tabulated centrally. Datamining approaches are used to find outliers, which are then identified and brought to the attention of security personnel. This approach has the advantage of not only identifying which workstations are outliers, but identifying why they are outliers. |
Keywords | Lightweight Media Forensics Outlier Analysis Insider Threat |
Publications | Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal |
Data | Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal |