Title - Insider Threat Detection
Speaker - Sven Dietrich (Professor of City University of New York)
Date - 2018.04.03(Tue) 17:00 ~ 18:00
Location - #601, Woojung CIC Building
Exfiltration and theft of proprietary information and intellectual property has become an increasing threat to organizations. A significant amount of data breaches is related to malicious insiders and caused by privilege misuse. Operating systems provide means to log security-related activities. However, indicators of compromise are often difficult to extract due to the complex nature of the logging environment. We present a quick overview of insider threat detection, as well as our software-as-a-service (SaaS) based solution to detect privilege misuse based on signature-free, content-based user activity models over operating system security audit logs to protect servers against privilege misuse. We provide a comparative analysis based on extensive cross-validation in which we investigate the effect of different feature types and similarity measures on the detection of privilege misuse using geometric outlier detection. We propose two novel content-based feature types (i.e. temporal token grams and attributed token grams) and compare their performance against conventional token gram features using One-Class Support Vector Machines on both synthetic data as well as real-world security audit log data.
Dr. Sven Dietrich is an associate professor in the mathematics and Computer Science department at the John Jay College of Criminal Justice and an associate professor in the Computer Science department at The Graduate Center, both at the City University of New York (CUNY) in New York City. He is affiliated with the CUNY John Jay Center for Cybercrime Studies.
Prior to joining John Jay in August 2014, he was an assistant professor in the computer science department at Stevens Institute of Technology. Prior to joining Stevens in 2007, he was a Senior Member of the Technical Staff at CERT Research at Carnegie Mellon University and also held an appointment at the Carnegie Mellon University CyLab, a university-wide cybersecurity research and education initiative. He taught cryptography in the Mathematics and Computer Science Department at Duquesne University in Spring 2007. From 1997 to 2001, he was a senior security architect at the NASA Goddard Space Flight Center, where he observed and analyzed the first distributed denial-of-service attacks against the University of Minnesota in 1999. He taught Mathematics and Computer Science as adjunct faculty at Adelphi University from 1991 to 1997.
Dr. Dietrich’s research interests include computer and network security, anonymity, cryptographic protocols, and cryptography. His previous work has included a formal analysis of the secure sockets layer protocol (SSL), intrusion detection, analysis of distributed denial-of-service tools, and the security of IP communications in space. His publications include the book Internet Denial of Service: Attack and Defense Mechanisms (Prentice Hall, 2004), as well as articles on secure whistleblowing, botnets and some on ethics in the context of computer security research and data sharing.
He is a senior member of the IEEE, member of the ACM, member of the 2018 IEEE Computer Society Board of Governors, as well as on the Steering Committee for the IEEE Cybersecurity Initiative. He is a former president of the International Financial Cryptography Association (IFCA), a former Chair of the IEEE Computer Society Technical Committee on Security and Privacy, and a former Chair of the Technical Activities Committee in the IEEE Computer Society. He is the recipient of the Outstanding Community Service Award from the IEEE Computer Society Technical Committee on Security and Privacy.
He was the Program Chair for the 11th conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2014) in London, United Kingdom, and the 20th anniversary co-chair for the Financial Cryptography and Data Security conference 2016. He was the co-organizer of the 2016 Dagstuhl workshop on the security of Software-Defined Networks.
Dr. Dietrich has a Bachelor of Science degree in Computer Science and Mathematics, a Master of Science degree in Mathematics, and a Doctor of Arts degree in Mathematics, all from Adelphi University in New York.