An Ontology for Insider Threat Indicators

Provided by: RWTH Aachen University
Topic: Security
Format: PDF
In this paper, the authors describe their ongoing development of insider threat indicator ontology. Their ontology is intended to serve as a standardized expression method for potential indicators of malicious insider activity, as well as a formalization of much of their team's research on insider threat detection, prevention and mitigation. This ontology bridges the gap between natural language descriptions of malicious insiders, malicious insider activity and machine-generated data that analysts and investigators use to detect behavioral and technical observables of insider activity.

Find By Topic