Welcome to the webpages of the 2016 Workshop on Research for Insider Threats, which is held on May 26, 2016, as part of the 37th IEEE Symposium on Security and Privacy.

The threat of malicious insiders to organizational security has historically been one of the most difficult challenges to address. Insiders often attack using authorized access and with behavior very difficult to distinguish from normal activities. Today, insider attacks are further enabled by immense data storage capabilities, advanced searching algorithms, and the difficulty of comprehensive monitoring of networked systems. Because the actions that occur during insider attacks look much like normal user activities, this exacerbates the technical challenges of proposed solutions to reduce the high incidence of false positives. Furthermore, several recent high-profile attacks have been enabled by non-malicious, or unintentional, insiders fooled by exploits from external attackers.

The insider threat problem continues to receive attention from government agencies. Executive Order 13587 requires all US Government agencies handling classified information to implement insider threat programs to protect sensitive information, leading to a greatly increased interest among US Government agencies in advances in detection of insider threats. Additionally, upcoming changes to the NISP Operating Manual (NISPOM, DoD 5220.22-M) will require insider threat programs for potentially tens of thousands of defense contractors. In recent years, DARPA sponsored two programs (CINDER and ADAMS) aimed at Insider Threat challenges, and there is currently a planned insider threat program sponsored by IARPA, called Scientific advances to Continuous Insider Threat Evaluation (SCITE), that focuses on new research aimed at identifying malicious insiders using active indicators. Technical solutions are emerging, but there are still significant challenges, for example, in the areas of reliable data on insider attacks, understanding the fundamentals of insider threats, and security and privacy aspects of surveillance data caused by advanced insider threat detection programs.

Program (top)

Time Topic
7:30am Breakfast
8:45am Welcome and opening remarks
9:00am KEYNOTE: Future of Insider Threat Research.
Rand Waltzman, SEI CERT.
9:45am Validating an insider threat detection system: real scenario perspective.
Ioannis Agrafiotis, Arnau Erola, Jassim Happa, Michael Goldsmith and Sadie Creese, Department of Computer Science, University of Oxford.
10:15am Coffee Break
10:45am PRI: Privacy Preserving Inspection of Encrypted Network Traffic.
Liron Schiff, Tel Aviv University, and Stefan Schmid, Aalborg University.
11:15am Investigating airplane safety and security against insider threats using logical modeling.
Florian Kammueller, Middlesex University London, and Manfred Kerber, University of Birmingham.
11:45am Invited talk: Insider Threats to Nuclear Security.
Christine Noonan, PNNL.
12:30pm Lunch
1:30pm SCITE Introduction.
Shannon Roberts, MIT Lincoln Lab.
1:40pm Model-based approach to predicting performance of insider threat detection systems.
Shannon Roberts and John Holodnak, MIT Lincoln Lab, SCITE Inference Enterprise Model Thrust.
2:10pm Invited talk: Scientific advances to Continuous Insider Threat Evaluation (SCITE): Active Indicators Research Thrust.
Shannon Wasko, Johns Hopkins Applied Physics Lab.
3pm Coffee Break
3:45pm Hybrid framework for data loss prevention and detection.
Elisa Costante, SecurityMatters, and Davide Fauri, Sandro Etalle, Jerry Den Hartog and Nicola Zannone, Eindhoven University of Technology.
4:15pm Activity Pattern Discovery from Network Captures.
Alan Lin and Gilbert Peterson, Air Force Institute of Technology.
4:45pm Wrap Up

Topics (top)

Topics of interest include but are not limited to:

Submission (top)

We invite submissions of original work; the submitter must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Failure to point out and explain overlap will be grounds for rejection. Simultaneous submission of the same paper to another venue with proceedings or a journal is not allowed and will be grounds for automatic rejection. Contact the program chairs if you have questions about this policy.

Papers must not exceed 10 US letter pages total (including the references and appendices). We recommend to use the IEEE conference proceeding templates to ensure the right formatting. If the templates are not used, the text must be formatted in a two-column layout, with columns no more than 9.25 in. high and 3.5 in. wide. The text must be in Times font, 10-point or larger, with 11-point or larger line spacing. Failure to adhere to the page limit and formatting requirements will be grounds for rejection.

Important Dates (top)

Paper Submission Due:January 22, 2016 (firm deadline)
Paper Submission Due:January 11, 2016
Acceptance Notification:February 15, 2016
Camera Ready Version Due:March 5, 2016
Workshop:May 26, 2016

Program Committee (top)

Programm Chairs: Frank Greitzer, PsyberAnalytix, and Christian W Probst, Technical University of Denmark

Program Committee (to be extended):

Venue (top)

The 37th IEEE Symposium on Security and Privacy is held at The Fairmont Hotel, 170 South Market Street, San Jose, California, 95113. Please see the symposium pages for more information.