A Scalable Architecture for Countering Network-Centric Insider Threats
Dealing with the insider threat in networked environments poses many challenges. Privileged users have great power over the systems they own in organizations. To mitigate the potential threat posed by insiders, the authors introduced in previous work a preliminary architecture for the Autonomic Violation Prevention System (AVPS), which is designed to self-protect applications from disgruntled privileged users via the network. This paper extends the architecture of the AVPS so that it can provide scalable protection in production environments. They conducted a series of experiments to asses the performance of the AVPS system on three different application environments: FTP, database, and Web servers.