Research Summaries

Back Detecting Threatening Insiders with Lightweight Media Forensics

Fiscal Year 2012
Division Graduate School of Operational & Information Sciences
Department Computer Science
Investigator(s) Garfinkel, Simson L.
Young, Joel D.
Sponsor Department of Homeland Security (DHS)
Summary Experience has shown that insiders will frequently collect secret and sensitive information on their personal-use workstations prior to exfiltration. As such, the collection of information on these workstations diverges significantly from historical norms and morns within the organization. This project would use that divergence as a way of detecting potentially hostile insiders. A lightweight forensics agent is run on each workstation within an organization, and the results from each forensic analysis are tabulated centrally. Datamining approaches are used to find outliers, which are then identified and brought to the attention of security personnel. This approach has the advantage of not only identifying which workstations are outliers, but identifying why they are outliers.
Keywords Lightweight Media Forensics Outlier Analysis Insider Threat
Publications Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal
Data Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal