Biblio

Filters: Author is Kongsg$\backslash$a ard, Kyrre W.  [Clear All Filters]
2018-11-28
Kongsg$\backslash$a ard, Kyrre W., Nordbotten, Nils A., Mancini, Federico, Engelstad, Paal E..  2017.  An Internal/Insider Threat Score for Data Loss Prevention and Detection. Proceedings of the 3rd ACM on International Workshop on Security And Privacy Analytics. :11–16.

During the recent years there has been an increased focus on preventing and detecting insider attacks and data thefts. A promising approach has been the construction of data loss prevention systems (DLP) that scan outgoing traffic for sensitive data. However, these automated systems are plagued with a high false positive rate. In this paper we introduce the concept of a meta-score that uses the aggregated output from DLP systems to detect and flag behavior indicative of data leakage. The proposed internal/insider threat score is built on the idea of detecting discrepancies between the userassigned sensitivity level and the sensitivity level inferred by the DLP system, and captures the likelihood that a given entity is leaking data. The practical usefulness of the proposed score is demonstrated on the task of identifying likely internal threats.