A research team at RMIT University will use a $255,000 Australian Research Council Linkage Grant to develop methods of detecting internal threats to website security.

 

The focus will be on detecting malicious acts by employees against e-commerce, database and communications security.

 

The RMIT research team is collaborating with CA (Pacific) Pty Ltd, the Australian/New Zealand subsidiary of international software company CA Technologies.

 

Chief Investigator, Associate Professor Serdar Boztas of the School of Mathematical and Geospatial Sciences, said theft, sabotage and fraud to systems and databases by insiders (authorised users) was the least understood and most acute threat to profitability of business via loss of production and reputation.

 

"This threat is an increasingly crucial issue to manage as the move to outsource business via cloud computing gathers momentum," he said.

 

"The ability to predict insider threats will enable pre-emptive countermeasures to be developed.

 

"However, there are formidable mathematical and software engineering challenges that need to be addressed in order to counter these threats."

 

By combining the expertise of computer security researchers from RMIT and CA, the team aims to automatically detect the early warning signs of insider attacks in order to prevent them.

 

"We've seen a number of high-profile inside attacks reported in the news media recently which have caused immense damage," Dr Steve Versteeg, a CA Labs researcher based in Melbourne, said.

 

"We're building a huge database of enterprise logs that we're correlating and analysing to detect suspicious patterns of behaviour.

 

"This research will put Australia at the forefront of inside attack prevention and help secure Australia's critical IT infrastructure," Dr Versteeg, a Chief Investigator on the project, said.

 

Insider threats forms one of the  areas of research performed by the InfoSec-Informatics research group in the School of Mathematical and Geospatial Sciences at RMIT.