Combining host and network-based intrusion detection system to mitigate insider threat


Insider threat has been a serious problem to many companies whether they realize it or not. The threat can be posed by a legitimate user and/or someone that has relationship to the user. Insider threats can be prevented by following some steps, such as background checks. Technical solutions can also help in preventing the threat, such as regular monitoring of system activity and security training. However, prevention is not enough. As long as someone is working for the company, that company will always facing threats from insiders. Therefore, there is a need for an independent detection system to detect insider threats. In this paper we described a framework to combine host and network based activities for the development of a system to detect insider threats.

Document Type

Conference Proceeding

Publication Date


Journal Title

29th International Conference on Computer Applications in Industry and Engineering, CAINE 2016