This paper summarizes a collaborative, six month ARDA NRRC1 challenge workshop to characterize and create analysis methods to counter sophisticated malicious insiders in the United States Intelligence Community.
Analysis and Detection of Malicious Insiders
Download Resources
PDF Accessibility
One or more of the PDF files on this page fall under E202.2 Legacy Exceptions and may not be completely accessible. You may request an accessible version of a PDF using the form on the Contact Us page.
This paper summarizes a collaborative, six month ARDA NRRC1 challenge workshop to characterize and create analysis methods to counter sophisticated malicious insiders in the United States Intelligence Community. Based upon a careful study of past and projected cases, we report a generic model of malicious insider behaviors, distinguishing motives, (cyber and organizaphysical) actions, and associated observables. The paper outlines several prototype techniques developed to provide early warning of insider activity, including novel algorithms for structured analysis and data fusion. We report the assessment of their performance in an operational network against three distinct classes of human insiders (an analyst, application administrator, and system administrator), measuring timeliness and accuracy of detection.