Gazi Üniversitesi Fen Bilimleri Dergisi (Sep 2018)
Server Monitoring Application for Insider Attack Detection and Prevention
Abstract
Although insider attacks have increased rapidly in recent years and cause enormous damages, there are very few academic studies that have investigated this problem and proposed a solution. Many of these attacks are kept private for reasons such as loss of prestige and advantage of competing companies. The main difference between insider attacks and external attacks is that in the former case, attackers are authorized users in the organization. This causes countermeasures against external attacks to be useless and facilitates the exploitation of weaknesses. In the detection of insider attacks, all unusual events need to be scrutinized. Therefore, risk assessment should be done first to determine vulnerabilities against insider attacks and necessary precautions should be taken in this direction. In this study, general insider attack features and past attacks were investigated, and a server monitoring application was developed to detect suspicious activities. Organizations using this system will be informed about their level of risk, and improve their level of preparation and ability to identify potential attackers by analyzing the collected data.
Keywords
