Towards Flexible and Realistic Insider Mission Simulation
Open Access
- Author:
- Zhang, Tao
- Graduate Program:
- Information Sciences and Technology
- Degree:
- Master of Science
- Document Type:
- Master Thesis
- Date of Defense:
- May 16, 2018
- Committee Members:
- Peng Liu, Thesis Advisor/Co-Advisor
Sencun Zhu, Committee Member
Anna Cinzia Squicciarini, Committee Member - Keywords:
- Insider threat
Insider mission
Mission dimension
Business process
Insider mission simulation - Abstract:
- ABSTRACT With the widespread application of information technology, organizations rely more and more on networked information system to manage their daily affairs. As a result, modern organizations are increasingly vulnerable to insider threat. Insider incidences happen more and more frequently and cause significant losses. Consequently, insider attacks have become a growing concern in security area. Lacking real world insider threat data, researches in insider threat have been seriously constrained. In this paper, we are going to introduce a simulation framework to help simulate organizational behavior with insider mission performed internally. With simulated insider mission, we are able to generate insider threat data based on the event logs of our simulator. In addition to event log, we can provide all the ground truth information regarding the malicious insider, intranet system and organization. In the paper, we will also present and discuss the measures taken to achieve high-fidelity insider threat data. In addition, we construct insider mission simulator to be flexible, offering various insider mission scenarios and attacking strategies. Moreover, we are going to incorporate varieties of obfuscation techniques into insider mission simulation. In this way, we can easily generate diverse insider data sets to support test and validation for intrusion detection systems.