Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats
The insider threats have always been one of the most severe challenges to cybersecurity. It can lead to the destruction of the organisation’s internal network system and information leakage, which seriously threaten the confidentiality, integrity and availability of data. To make matters worse, sinc...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2020-09-01
|
| Series: | Sensors |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1424-8220/20/18/5297 |
| _version_ | 1827706145141161984 |
|---|---|
| author | Teng Hu Bangzhou Xin Xiaolei Liu Ting Chen Kangyi Ding Xiaosong Zhang |
| author_facet | Teng Hu Bangzhou Xin Xiaolei Liu Ting Chen Kangyi Ding Xiaosong Zhang |
| author_sort | Teng Hu |
| collection | DOAJ |
| description | The insider threats have always been one of the most severe challenges to cybersecurity. It can lead to the destruction of the organisation’s internal network system and information leakage, which seriously threaten the confidentiality, integrity and availability of data. To make matters worse, since the attacker has authorized access to the internal network, they can launch the attack from the inside and erase their attack trace, which makes it challenging to track and forensics. A blockchain traceability system for insider threats is proposed in this paper to mitigate the issue. First, this paper constructs an insider threat model of the internal network from a different perspective: insider attack forensics and prevent insider attacker from escaping. Then, we analyze why it is difficult to track attackers and obtain evidence when an insider threat has occurred. After that, the blockchain traceability system is designed in terms of data structure, transaction structure, block structure, consensus algorithm, data storage algorithm, and query algorithm, while using differential privacy to protect user privacy. We deployed this blockchain traceability system and conducted experiments, and the results show that it can achieve the goal of mitigating insider threats. |
| first_indexed | 2024-03-10T16:17:30Z |
| format | Article |
| id | doaj.art-51dcd29162d244db935b862fe8ed97ee |
| institution | Directory Open Access Journal |
| issn | 1424-8220 |
| language | English |
| last_indexed | 2024-03-10T16:17:30Z |
| publishDate | 2020-09-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Sensors |
| spelling | doaj.art-51dcd29162d244db935b862fe8ed97ee2023-11-20T13:55:34ZengMDPI AGSensors1424-82202020-09-012018529710.3390/s20185297Tracking the Insider Attacker: A Blockchain Traceability System for Insider ThreatsTeng Hu0Bangzhou Xin1Xiaolei Liu2Ting Chen3Kangyi Ding4Xiaosong Zhang5Institute for Cyber Security, School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 611731, ChinaInstitute of Computer Application, China Academy of Engineering Physics, Mianyang 621900, ChinaInstitute of Computer Application, China Academy of Engineering Physics, Mianyang 621900, ChinaInstitute for Cyber Security, School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 611731, ChinaInstitute for Cyber Security, School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 611731, ChinaInstitute for Cyber Security, School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 611731, ChinaThe insider threats have always been one of the most severe challenges to cybersecurity. It can lead to the destruction of the organisation’s internal network system and information leakage, which seriously threaten the confidentiality, integrity and availability of data. To make matters worse, since the attacker has authorized access to the internal network, they can launch the attack from the inside and erase their attack trace, which makes it challenging to track and forensics. A blockchain traceability system for insider threats is proposed in this paper to mitigate the issue. First, this paper constructs an insider threat model of the internal network from a different perspective: insider attack forensics and prevent insider attacker from escaping. Then, we analyze why it is difficult to track attackers and obtain evidence when an insider threat has occurred. After that, the blockchain traceability system is designed in terms of data structure, transaction structure, block structure, consensus algorithm, data storage algorithm, and query algorithm, while using differential privacy to protect user privacy. We deployed this blockchain traceability system and conducted experiments, and the results show that it can achieve the goal of mitigating insider threats.https://www.mdpi.com/1424-8220/20/18/5297blockchaininsider threattraceability systemdifferential privacy |
| spellingShingle | Teng Hu Bangzhou Xin Xiaolei Liu Ting Chen Kangyi Ding Xiaosong Zhang Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats Sensors blockchain insider threat traceability system differential privacy |
| title | Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats |
| title_full | Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats |
| title_fullStr | Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats |
| title_full_unstemmed | Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats |
| title_short | Tracking the Insider Attacker: A Blockchain Traceability System for Insider Threats |
| title_sort | tracking the insider attacker a blockchain traceability system for insider threats |
| topic | blockchain insider threat traceability system differential privacy |
| url | https://www.mdpi.com/1424-8220/20/18/5297 |
| work_keys_str_mv | AT tenghu trackingtheinsiderattackerablockchaintraceabilitysystemforinsiderthreats AT bangzhouxin trackingtheinsiderattackerablockchaintraceabilitysystemforinsiderthreats AT xiaoleiliu trackingtheinsiderattackerablockchaintraceabilitysystemforinsiderthreats AT tingchen trackingtheinsiderattackerablockchaintraceabilitysystemforinsiderthreats AT kangyiding trackingtheinsiderattackerablockchaintraceabilitysystemforinsiderthreats AT xiaosongzhang trackingtheinsiderattackerablockchaintraceabilitysystemforinsiderthreats |