Abstract | ||
---|---|---|
During the recent years there has been an increased focus on preventing and detecting insider attacks and data thefts. A promising approach has been the construction of data loss prevention systems (DLP) that scan outgoing traffic for sensitive data. However, these automated systems are plagued with a high false positive rate. In this paper we introduce the concept of a meta-score that uses the aggregated output from DLP systems to detect and flag behavior indicative of data leakage. The proposed internal/insider threat score is built on the idea of detecting discrepancies between the userassigned sensitivity level and the sensitivity level inferred by the DLP system, and captures the likelihood that a given entity is leaking data. The practical usefulness of the proposed score is demonstrated on the task of identifying likely internal threats. |
Year | DOI | Venue |
---|---|---|
2017 | 10.1145/3041008.3041011 | IWSPA@CODASPY |
Field | DocType | Citations |
False positive rate,Data mining,Internet privacy,Data loss,Computer security,Computer science,Insider threat,Insider | Conference | 3 |
PageRank | References | Authors |
0.42 | 9 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Kyrre Wahl Kongsgård | 1 | 7 | 1.27 |
Nils Agne Nordbotten | 2 | 90 | 5.78 |
Federico Mancini | 3 | 78 | 9.79 |
Paal E. Engelstad | 4 | 280 | 34.38 |