Open Access  Subscription or Fee Access

The Insider Threat is minimally addressed by current information security practices, yet the insider poses the most serious threat to organization for various reasons. Forensic investigation of the malicious insider is a technique used to prove the presence of malicious insider with digital evidence. The first phase is the network monitoring and packet capturing. The information in a network are transferred using packets, these packets are monitored and captured and the important features are extracted. The administrator uses this network monitoring and packet investigation inorder to gather the needed information‘s. The Analyzation of the log files are performed inorder to extract the pattern from files. The extracted features from packets and the log files are compared and the patterns are extracted. The data pattern‘s are grouped into clusters to trace the anomaly, clusters are classified as legal and anomaly pattern with the help of clustering algorithm .If anomaly is traced the user‘s past activities are referred and a cross check is made with captured packets The computational intelligence algorithm is used to provide the digital evidence by cross checking log and packets, with this algorithm the presence of Malicious Insider in the critical networks are proved.

Insider Threat, Intelligence Analyses, Privacy, Data Mining, Network Forensics, Attack Pattern

Ying Zhu: Attack Pattern Discovery in Forensic Investigation of Network Attacks. IEEE Journal on Selected Areas in Communications 29(7): 1349-1357 (2011)

Intelligence Analyses and the Insider Threat.2012. Eugene Santos, Hien Nguyen , Fei Yu, Keum Joo Kim, Deqing Li, John Thomas Wilkinson, Adam Olson, Russell Jacob, Brittany Clark. IEEE Transactions on Systems, Man, and Cybernetics, Part A. 42(2): 331-347.

A. Liu, C. Martin, T. Hetherington, and S. Matzner, ―A comparison of system call feature representations for insider threat detection,‖ inIEEE SMC IAW, 2005, pp. 340–347.

R. M. et al., ―Implementing a generalized tool for network monitoring,‖in Proc. Eleventh Systems Administration Conference (LISA 1997), 1997,San Diego, CA

V. Paxson, ―Bro: a system for detecting network intruders in real-time,‖Computer Networks, no. 31, pp. 2435–2463, 1999.

M. Schonlau, W. DuMouchel, W.-H. Ju, and A. F. Karr, ―Computer intrusion: Detecting masquerades,‖ Stat. Sci., vol. 16, no. 1, pp. 58–74, Feb. 2001