The workshop agenda is now available here

Slides from some of the workshop presentations are available here:

  • Keynote Address, Stephanie Jaros
  • SOFIT: Sociotechnical and Organizational Factors for Insider Threat. Greitzer, et. al
  • Detection of Masqueraders Based on Graph Partitioning of File System Access. Toffalini, et. al
  • Simulated User Bots Real Time Testing of Insider Threat Detection Systems. Dutta, et. al
  • Balancing Organizational Incentives to Counter Insider Threat. Moore, et. al

    Welcome to the webpages of the Workshop on Research for Insider Threats, which is held on May 24, 2018, as part of the 39th IEEE Symposium on Security and Privacy.

    The threat of malicious insiders to organizational security has historically been one of the most difficult challenges to address. Insiders often attack using authorized access and with behavior very difficult to distinguish from normal activities. Today, insider attacks are further enabled by immense data storage capabilities, advanced searching algorithms, and the difficulty of comprehensive monitoring of networked systems. Because the actions that occur during insider attacks look much like normal user activities, this exacerbates the technical challenges of proposed solutions to reduce the high incidence of false positives. Furthermore, several recent high-profile attacks have been enabled by non-malicious, or unintentional, insiders fooled by exploits from external attackers.

    The insider threat problem continues to receive attention from government agencies. Executive Order 13587 requires all US Government agencies handling classified information to implement insider threat programs to protect sensitive information, leading to a greatly increased interest among US Government agencies in advances in detection of insider threats. Additionally, upcoming changes to the NISP Operating Manual (NISPOM, DoD 5220.22-M) will require insider threat programs for potentially tens of thousands of defense contractors. In recent years, DARPA sponsored two programs (CINDER and ADAMS) aimed at Insider Threat challenges, and there is currently an insider threat program sponsored by IARPA, called Scientific advances to Continuous Insider Threat Evaluation (SCITE), supporting new research using active indicators to identify malicious insiders and development of inference enterprise modeling solutions to support insider threat assessment. Technical solutions are emerging, but there are still significant challenges:

    WRIT will focus on research that proposes solutions to the above challenges from diverse viewpoints, such as innovative approaches that integrate concepts from information technology, behavioral sciences, or criminology, as well as research that advances the state of art and practice in experimental methods for collecting data that addresses key challenges in evaluating and validating proposed models and solutions. The workshop will therefore be accessible to both non-experts interested in learning about this area and experts interesting in hearing about approaches being taken by others.

    Topics (top)

    In general, topics of interest include but are not limited to:

    Steering Committee (top)

    Program Committee (top)

  • News

    Previous Venues