Indicator-based Behavior Ontology for Detecting Insider Threats in Network Systems |
Kauh, Janghyuk
(The 2nd Institute 3rd Directorate, Agency for Defense Development (ADD))
Lim, Wongi (The 2nd Institute 3rd Directorate, Agency for Defense Development (ADD)) Kwon, Koohyung (The 2nd Institute 3rd Directorate, Agency for Defense Development (ADD)) Lee, Jong-Eon (Tactical Communication Team, Hanwha Systems) Kim, Jung-Jae (Dept. of Computer Science, Kwangwoon University) Ryu, Minwoo (Korea Telecom R&D Center, Korea Telecom (KT)) Cha, Si-Ho (Dept. of Multimedia Science, Chungwoon University) |
1 | Protege 5.0, Available online: http://protege.stanford.edu (accessed on 21 November 2016) |
2 | Horrocks, I., Patel-Schneider, P.F., Boley, H., Tabet, S., Grosof, B., Dean, M., "SWRL: A semantic web rule language combining OWL and RuleML." Available online: http://www.w3.org/Submission/2004/SUBM-SWRL-20040521/ (accessed on 21 November 2016). |
3 | van Heerden, R. P., Irwin, B., Burke, I., "Classifying network attack scenarios using an Ontology," in Proc. of of the 7th International Conference on Information-Warfare & Security (ICIW 2012), pp. 311-324, January 2012. |
4 | Aleman-Meza, B., Burns, P., Eavenson, M., Palaniswami, D., Sheth, A. P., "An Ontological Approach to the Document Access Problem of Insider Threat," in Proc. of IEEE Intl. In Conference on Intelligence and Security Informatics (ISI-2005), 2005. |
5 | Symonenko, S., Liddy, E. D., Yilmazel, O., Del Zoppo, R., Brown, E., Downey, M., "Semantic analysis for monitoring insider threats," in Proc. of International Conference on Intelligence and Security Informatics, Springer Berlin Heidelberg, pp. 492-500, June 2004. |
6 | Greitzer, F. L., Hohimer, R. E., "Modeling human behavior to anticipate insider attacks," Journal of Strategic Security, vol. 4, no. 2, pp. 25-48, 2001. DOI |
7 | Raskin, V., Taylor, J. M., Hempelmann, C. F., "Ontological semantic technology for detecting insider threat and social engineering," in Proc. of the 2010 workshop on New security paradigms ACM, pp. 115-128, September 2010. |
8 | Nirenburg, S., Raskin, V., "Ontological Semantics," MIT Press, 2004 |
9 | Advanced Research and Development Activity (ARDA), Available online: http://www.ic-arda.org/ (accessed on 21 November 2016) |
10 | Karande, M. H. A., Kulkarni, M. P. A., Gupta, S. S., Gupta, D., "Security against Web Application Attacks Using Ontology Based Intrusion Detection System," in Proc. of 2015 International Conference on Communication Networks (ICCN), Gwalior, India, November 2015. |
11 | CERT, http://www.cert.org/insider-threat/tools/index.cfm (accessed on 21 November 2016) |
12 | Wang, H., Wang, S., "Cyber warfare: steganography vs. steganalysis," Communications of the ACM, vol 47, no. 10, pp. 76-82, 2004. DOI |
13 | Stephens, G. D., Maloof, M. A., "U.S. Patent No. 8,707,431," Washington, DC: U.S. Patent and Trademark Office, 2014 |
14 | Coalition, D. S., "DAML-S: Semantic markup for Web services," in Proc. of the International Semantic Web Workshop (SWWS-01), 2001. |
15 | Apache Jena, "TDB Architecture," Available online: https://jena.apache.org/documentation/tdb/architecture.html (accessed on 21 November 2016). |
16 | I. Agrafiotis, J. R. C. Nurse, O. Buckley, P. A. Legg, M. Goldsmith, S. Creese, "Insider Threat Attack steps," Corporate Insider Threat Detection (CITD), Available online: https://www.cs.ox.ac.uk/files/7011/Attack%20steps.pdf (accessed on 21 November 2016). |
17 | Klyne, G., & Carroll, J. J., "Resource description framework (RDF): Concepts and abstract syntax," W3C Recommendation, 2006. |
18 | Apache Jena, "Reasoners and rule engines: Jena inference support." Available online: https://jena.apache.org/documentation/inference/ (accessed on 21 November 2016). |
19 | Kroll and Economist Intelligence Unit, "Annual Global Fraud Report. 2015/2016," 2016. |
20 | PricewaterhouseCoopers LLP, "Cybercrime: Protecting against the growing threat-Events and Trends," 2012. |
21 | Obrst, L., Chase, P., Markeloff, R., "Developing an Ontology of the Cyber Security Domain," in Proc. of CEUE Workshop on STIDS, pp. 49-56, October 2012. |
22 | Spitzner, L., "Honeypots: Catching the insider threat," in Proc. of 19th Annual IEEE Computer Security Applications Conference, 2003, pp. 170-179, 2003. |
23 | CERT Insider Threat Center, "2014 U.S. State of Cybercrime Survey," 2014, Available online: http://resources.sei.cmu.edu/asset_files/Presentation/2014_017_001_298322.pdf (accessed on 21 November 2016). |
24 | IBM, "IBM 2015 Cyber Security Intelligence Index," 2015, Available online: http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=ST&infotype=SA&htmlfid=SEJ03278USEN&attachment=SEJ03278USEN.PDF&ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US (accessed on 21 November 2016) |
25 | F. L. Greitzer, A. P. Moore, D. M. Cappelli, D. H. Andrews, L. A. Carroll, and T. D. Hull, "Combating the Insider Cyber Threat," IEEE Security & Privacy, pp. 61-64, 2007. |
26 | Robert N. Rose, "The Future Of Insider Threats," 2016, Available online: http://www.forbes.com/sites/realspin/2016/08/30/the-future-of-insider-threats/2/#3240ea4e3381 (accessed on 21 November 2016) |
27 | Berners-Lee, T., Hendler, J., Lasslia, O., "The semantic web," Scientific American, pp. 28-37, 2001. |
28 | R. Anderson, T. Bozek, T. Longstaff, W. Meitzler, M. Skroch, K. Van Wyk, "Research on Mitigating the Insider Treat to Information Systems," in Proc. of the Insider Workshop, August 2000. |
29 | Costa, D. L., Collins, M. L., Perl, S. J., Albrethsen, M. J., Silowash, G. J., Spooner, D. L., "An Ontology for Insider Threat Indicators," in Proc. of 10th International Conference on Semantic Technology for Intelligence, Defense, and Security (STIDS), 2015. |