TU Darmstadt / ULB / TUbiblio

Catching Inside Attackers: Balancing Forensic Detectability and Privacy of Employees

Zimmer, Ephraim ; Lindemann, Jens ; Herrmann, Dominik ; Federrath, Hannes
Camenisch, Jan ; Kesdogan, Dogan (eds.) (2016):
Catching Inside Attackers: Balancing Forensic Detectability and Privacy of Employees.
In: Open Problems in Network Security : IFIP WG 11.4 International Workshop, iNetSec 2015, pp. 43-55,
Springer, International Workshop on Open Problems in Network Security (iNetSec 2015), Zurich, Switzerland, 29.10.2015, ISBN 978-3-319-39027-7,
DOI: 10.1007/978-3-319-39028-4_4,
[Conference or Workshop Item]

Abstract

IT departments of organisations go to great lengths to protect their IT infrastructure from external attackers. However, internal attacks also pose a large threat to organisations. Despite detection and prevention of insider attacks being an active field of research, so far such techniques are rarely being deployed in practice. This paper outlines the state of the art in the field and identifies open research problems in the area. The lack of unified definitions and publicly available datasets for evaluation is detrimental to the comparability of published results in the field and hinders the continual improvement of technology. Another important problem is that of data protection: On the one hand, the data captured for insider attack detection could also be used for surveillance of employees, so it should be anonymised. On the other hand, anonymisation may make some attacks undetectable, leading to a trade-off between detectability of attacks and privacy.

Item Type: Conference or Workshop Item
Erschienen: 2016
Editors: Camenisch, Jan ; Kesdogan, Dogan
Creators: Zimmer, Ephraim ; Lindemann, Jens ; Herrmann, Dominik ; Federrath, Hannes
Title: Catching Inside Attackers: Balancing Forensic Detectability and Privacy of Employees
Language: English
Abstract:

IT departments of organisations go to great lengths to protect their IT infrastructure from external attackers. However, internal attacks also pose a large threat to organisations. Despite detection and prevention of insider attacks being an active field of research, so far such techniques are rarely being deployed in practice. This paper outlines the state of the art in the field and identifies open research problems in the area. The lack of unified definitions and publicly available datasets for evaluation is detrimental to the comparability of published results in the field and hinders the continual improvement of technology. Another important problem is that of data protection: On the one hand, the data captured for insider attack detection could also be used for surveillance of employees, so it should be anonymised. On the other hand, anonymisation may make some attacks undetectable, leading to a trade-off between detectability of attacks and privacy.

Title of Book: Open Problems in Network Security : IFIP WG 11.4 International Workshop, iNetSec 2015
Publisher: Springer
ISBN: 978-3-319-39027-7
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Telecooperation
Event Title: International Workshop on Open Problems in Network Security (iNetSec 2015)
Event Location: Zurich, Switzerland
Event Dates: 29.10.2015
Date Deposited: 04 Feb 2021 10:17
DOI: 10.1007/978-3-319-39028-4_4
Additional Information:

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9591)

Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details