An Internal/Insider Threat Score for Data Loss Prevention and Detection
| Title | An Internal/Insider Threat Score for Data Loss Prevention and Detection |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Kongsg$\backslash$a ard, Kyrre W., Nordbotten, Nils A., Mancini, Federico, Engelstad, Paal E. |
| Conference Name | Proceedings of the 3rd ACM on International Workshop on Security And Privacy Analytics |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4909-3 |
| Keywords | composability, cyber physical systems, data leak prevention, DLP, False Data Detection, Human Behavior, machine learning, pubcrawl, resilience, Resiliency, security |
| Abstract | During the recent years there has been an increased focus on preventing and detecting insider attacks and data thefts. A promising approach has been the construction of data loss prevention systems (DLP) that scan outgoing traffic for sensitive data. However, these automated systems are plagued with a high false positive rate. In this paper we introduce the concept of a meta-score that uses the aggregated output from DLP systems to detect and flag behavior indicative of data leakage. The proposed internal/insider threat score is built on the idea of detecting discrepancies between the userassigned sensitivity level and the sensitivity level inferred by the DLP system, and captures the likelihood that a given entity is leaking data. The practical usefulness of the proposed score is demonstrated on the task of identifying likely internal threats. |
| URL | https://dl.acm.org/citation.cfm?doid=3041008.3041011 |
| DOI | 10.1145/3041008.3041011 |
| Citation Key | kongsga_ard_internal/insider_2017 |