EAGER: Human-Centered Mitigation of the Insider Threat

EAGER：以人为本的内部威胁缓解

• 批准号: 1250367
• 负责人: Linda Camp
• 金额: $ 10万
• 依托单位: Indiana University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2013-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1250367&HistoricalAwards=false
• 关键词: EAGER; Human; Centered; Mitigation; Insider

The research provides a method to detect and mitigate the insider threat. Currently insider threat detection is focused only on the malicious person attempting to harm the organization. Most employees seek to assist their employers. Very few people want to hurt the business providing their livelihood. However, many employees take risks (sometimes very serious risks) on the network. We simultaneous help the benevolent employee and detect the malicious one.Our system helps employees by showing them network risks, and helping them decrease the risk. Sometimes risk-taking is worth it; for example, emailing a document to a superior in dire straights using gmail. Sending documents over gmail is risky. Our system helps the employee mitigate the risks they are taking. In the gmail example, our system automatically changes the settings to encrypt the email. Rather than walking through changing setting (which can be intimidating) or just popping up a confusing and technical dialogue box, we just encrypt the email for the employee. Also, in this case our system shows the employee that choosing not to encrypt the email will be very risky. The document (if it is not encrypted) can be seen by anyone on the Internet.An important part of our system is that it treats employees as partners to the organization. At the same time our system detects insiders by watching across the organization for the person taking both large one-time risks and small cumulative risks. This proposal is innovative, and a very different approach than industry uses today.

该研究为检测和缓解内部威胁提供了一种方法。目前，内部威胁检测仅针对试图危害组织的恶意人员。大多数员工都寻求帮助他们的雇主。很少有人愿意损害为他们提供生计的企业。然而，许多员工在网络上承担风险(有时非常严重)。我们同时帮助善良的员工和检测恶意的员工。我们的系统通过向员工展示网络风险，帮助他们降低风险。有时冒险是值得的；例如，使用Gmail直接通过电子邮件将文件发送给上级。通过Gmail发送文档是有风险的。我们的系统帮助员工降低他们所承担的风险。在Gmail示例中，我们的系统会自动更改设置以加密电子邮件。我们不需要经历更改设置(这可能很吓人)，也不需要弹出一个令人困惑的技术性对话框，我们只需为员工加密电子邮件。此外，在这种情况下，我们的系统向员工显示，选择不加密电子邮件将是非常危险的。互联网上的任何人都可以看到文档(如果它没有加密)。我们系统的一个重要部分是它将员工视为组织的合作伙伴。与此同时，我们的系统通过在整个组织内监视承担大的一次性风险和小的累积风险的人来检测内部人员。这一提议是创新的，而且是一种与当今行业使用的非常不同的方法。