Data Gathering for Insider Misuse Monitoring |
The impact of insider IT abuse can be devastating compared to most outsider attacks. In principle some of the techniques used in Intrusion Detection Systems (IDS) are transferable to Insider Misuse detection. The difference between a traditional IDS and an Insider Misuse Monitoring system is the type of data collected and analysed. This paper discusses the types of data needed to monitor Insider Misuse and the different methods by which it may be collected, and then explains why application level detection has more potential over the others.
Phyo AH, Furnell SM