AFSecurity Seminar: The Insider Threat
Date: Wednesday 16 Mai 2012.
Location: Meeting room Awk (3118), Ole-Johan Dahls hus (IfI).
14:00h Welcome at IfI
14:15h Invited talk
SPEAKER: George Magklaras, CSCAN, School of Computing and Mathematics, University of Plymouth, UK.
TITLE: Insider Threat Specification and Prediction
Presentation slides: Media:AFSec20120516-Magklaras-Plymouth.pdf
ABSTRACT: The talk will introduce the concept of Insider Threat Specification as a threat mitigation technique. After a short introduction of the multi-factorial problem of Insider IT misuse, the focus will be placed on what can be detected and predicted at system level. Insider Threat Specification will be introduced in terms of three essential and coordinated steps: System logging for insider misuse, examining how and what data to collect with a prototype log engine (LUARM). The talk will shift to presenting threat metrics for predicting insider actions. Finally, a way to express misuse detection and threats by means of a suitably crafted Domain Specific Language (ITPSL) will be explained. The talk will conclude with a presentation of the tools and future challenges of the insider IT misuse domain.
SPEAKER BIO: Dr. George Magklaras is an affiliate researcher on the domain of Intrusion Detection Systems, Insider IT misuse and forensics, with the Centre for Security, Communications and Networks Research at the University of Plymouth, UK (http://www.cscan.org). He currently serves as Head of IT at the Biotechnology Centre of Oslo (Univ. of Oslo) and Chair of the Technical Management Committee of the Life Science Computing group EMBnet (http://www.embnet.org). Prior to his current posts, he had served as system administrator and data security consultant at a variety of companies, including BT, IBM and Redhat. He has obtained his Doctoral, Masters and Bachelor degrees from the School of Computing and Mathematics, University of Plymouth, UK. He holds an RHCE certification and he is an IEEE and USENIX association member.