The Westin Hotel
San Francisco, CA USA
Friday May 25, 2012

The Insider Threat (IT) problem has recently received increased attention in the academic, commercial and government research communities. Three reasons for this include: a) the IT problem typically involves attacks by trusted, as opposed to untrusted, individuals and hence remains outside the domain of many existing technical solutions; b) as technical security against remote attacks improve, access to valuable information systems by compromised insiders becomes a more attractive alternative; and, c) losses due to insider attacks in the financial and government sectors in particular have recently been significant and highly damaging.

The Workshop on Research for Insider Threat (WRIT) will highlight challenges specific to the IT problem, review existing promising approaches, and explore experimentation possibilities for evaluation of solution approaches. The workshop will be accessible to both non-experts interested in learning about this area and experts interesting in hearing about new research and approaches. A moderated panel discussion will review and comment on the workshop presentations to provide a capstone activity.

The workshop is organized around the following structure:

Opening Remarks – 15 minutes
Part 1: Unique Aspects of the Insider Threat (IT) Problem
Part 2: Technical Approaches to IT Prevention, Detection and Mitigation

Lunch
Part 2: Continued
Part 3: Experiments, Evaluation, and Datasets

Panel discussion and workshop summary

Topics of interest include but are not limited to:

- Insider Threat case studies and forensics in all relevant domains
- Unique aspects of the insider threat problem
- Techniques and technologies for preventing insider attacks
- Techniques and technologies for detecting insider attacks
- Techniques and technologies for responding to and mitigating insider attacks
- Anomaly analysis for insider threat detection
- Insider attacker behavioral models and analysis
- Adversarial and game theoretic models of insider threats and attacks
- Evaluation, experimentation and risk assessment of insider threat detection approaches

Authors are invited to submit Regular Papers (maximum 8 pages) or Short Papers (maximum 4 pages). Papers accepted by the workshop will be published in the Conference Proceedings published by IEEE Computer Society Press.

SCHEDULE

The Westin Hotel, San Francisco, CA USA
Friday May 25, 2012
08:30	Opening Remarks and Introductions
09:00	Unique Aspects of the Insider Threat (IT) Problem Presentation and Discussion led by organizers (Cybenko and Moore)
09:30	Using Consensus Clustering for Multi-view Anomaly Detection Alexander Liu and Dung Lam
10:00	Break
10:30	Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud Sal Stolfo, Malek Ben Salem and Angelos Keormytis Lost in Translation: Improving Decoy Documents via Automated Translation Jonathan Voris, Nathaniel Boggs and Salvatore Stolfo Insider Threats against Trust Mechanism with Watchdog and Defending Approaches in Wireless Sensor Networks Youngho Cho and Gang Qu
12:00	Lunch
13:00	Proactive Insider Threat Detection through Graph Learning a Psychological Context Oliver Brdiczka, Juan Liu, Bob Price, Jianqiang Shen, Akshay Patil, Richard Chow, Eugene Bart and Nicolas Ducheneaut
13:30	Forensic Methods for Detecting Insider Turning Behaviors Fred Cohen
14:00	Decision Support Procedure in the Insider Threat Domain John Murphy, Vincent Berk and Ian Gregorio-De Souza
14:30	Discussion and carry over time
15:00	Break
15:30	Panel discussion
16:30	Workshop summary
17:00	Adjourn

February 15, 2012: Regular & Short Paper Submission
March 1, 2012: Notification Date
April 1, 2012: Camera-Ready & Registration

George Cybenko, Dartmouth, gvc@dartmouth.edu
Kendra Moore, Boston Fusion, kendra.moore@bostonfusion.com

George Cybenko, Dartmouth, gvc@dartmouth.edu
Kendra Moore, Boston Fusion, kendra.moore@bostonfusion.com