A recent FBI survey reported that the average cost of a successful attack by a malicious insider is nearly 50 times greater than the cost of an external attack. Further, it is estimated that over 80% of information security incidents for the past four years are the result of insiders. Intrusion detection systems have traditionally targeted those who attack outside of trusted network boundaries. What is desperately needed are mechanisms that monitor insider activity and detect actions at the host level that may be malicious. This paper presents an overview of innovative approaches to detect malicious insiders who operate inside trusted network boundaries.
展开▼