Publication details

Home Publications Publication details

Data Gathering for Insider Misuse Monitoring
Phyo AH, Furnell SM
Proceedings of the 2nd European Conference on Information Warfare and
Security, Reading, UK, 30 June - 1 July, pp247-254, 2003
Download links:  Download PDF

The impact of insider IT abuse can be devastating compared to most outsider attacks. In principle some of the techniques used in Intrusion Detection Systems (IDS) are transferable to Insider Misuse detection. The difference between a traditional IDS and an Insider Misuse Monitoring system is the type of data collected and analysed. This paper discusses the types of data needed to monitor Insider Misuse and the different methods by which it may be collected, and then explains why application level detection has more potential over the others.

Phyo AH, Furnell SM