Plenary Lecture

An Agent based Framework to Avoid Insider Threat

Professor Ghulam Ali Mallah
Department of Computer Science
Shah Abdul Latif University
Khairpur Mirs Pakistan
E-mail: ghulam.ali@salu.edu.pk

Abstract: The profiling based agent system to avoid insider threat is solution to many problems inside an organization. Keeping in view the emerging area of software agents, a model has been designed that checks out whether user-activities are in accordance with organization’s policy or not? The major developments are: Monitoring behavior either suspicious or normal, Certifying user’s authenticity to use resources, Checking limitations of the users, Monitoring that user comes into view from the assigned location or not, Analyzing the level of the destruction caused by user, etc.
The ACENET, agent framework, scores every user of the organization and maintains a detailed profile of whether a legitimate user is doing any malicious activity. ACENET is adaptable to deploy in any organization where agents are designed as service on the top layers of the model. The threats have been categorized in various classes and for each category, agents have been designed. Communication among agents takes place by message passing at upper level whereas internally socket based communication is underway. Considering privacy as a major concern, a matrix or grid of the trust levels ‘trust grid’ is designed where diverse access privileges are assigned to different level of the users to resolve conflict between users and organizations. The professional issues regarding privacy and activities monitoring, were studied and it is proposed that the organization may announce in advance what can be monitored and what cannot be monitored though a user monitoring policy.
The framework, ACENET, is tested on real data, obtained from the organizations, and the performance has also been evaluated on the basis of specified parameters. Framework’s results were analyzed to match with the targeted objectives. Finally future directions for the extension of the framework have been presented.

Brief Biography of the Speaker: Dr Ghulam Ali Mallah is Full Professor and approved PhD Advisor in the area of Computer Science & Information Technology at Department of Computer Science, Shah Abdul Latif University, Khairpur, Pakistan. He has presented papers in more than 10 countries. He is dedicated Teaching & Research professional, having strong understanding of systems development issues related to intelligent applications, Multi-agent Systems, Insider Threat Models, Social Networks, etc. He has organized two international conferences in his university. He is member of many professional bodies. He has written more than 50 research articles in internationally indexed journals & conference proceedings.