Abstract

In this paper, we proposed a framework of defense system by applying attack tree and misuse monitor for prevention of insider's malicious behaviors. Recently, a major interest of network security is the threat from insiders who execute their authorization legitimately to leak information on network system. If insider threats his/her system, he/she has caused a severe damage and loss to compromise information assets. Our proposed framework is consisted of 3 prevention modules. It prevents abnormal behaviors by monitoring all activities according to each prevention techniques. The main keys to prevention are attack tree and misuse monitor. An attack tree is conceptual diagrams of insider threats on systems and possible attacks to reach those goals. And a misuse monitor can prevent the misuse of resources by matching the actual running process pattern to the expected processing pattern in pre-defined current insider executed process profile.