• DocumentCode
    2210349
  • Title

    Profiling file repository access patterns for identifying data exfiltration activities

  • Author

    Hu, Yi ; Frank, Charles ; Walden, James ; Crawford, Emily ; Kasturiratna, Dhanuja

  • Author_Institution
    Comput. Sci. Dept., Northern Kentucky Univ., Highland Heights, KY, USA
  • fYear
    2011
  • fDate
    11-15 April 2011
  • Firstpage
    122
  • Lastpage
    128
  • Abstract
    Studies show that a significant number of employees steal data when changing jobs. Insider attackers who have the authorization to access the best-kept secrets of organizations pose a great challenge for organizational security. Although increasing efforts have been spent on identifying insider attacks, little research concentrates on detecting data exfiltration activities. This paper proposes a model for identifying data exfiltration activities by insiders. It uses statistical methods to profile legitimate uses of file repositories by authorized users. By analyzing legitimate file repository access logs, user access profiles are created and can be employed to detect a large set of data exfiltration activities. The effectiveness of the proposed model was tested with file access histories from the subversion logs of the popular open source project KDE.
  • Keywords
    authorisation; information retrieval; organisational aspects; KDE; authorization; data exfiltration activity detection; inside attacker; open source project; organizational security; profile legitimate; profiling file repository access; statistical methods; user access profiles; Data models; Estimation; History; Organizations; Software; Testing; Training; Data Exfiltration; Incident Response; Insider Attack;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computational Intelligence in Cyber Security (CICS), 2011 IEEE Symposium on
  • Conference_Location
    Paris
  • Print_ISBN
    978-1-4244-9905-2
  • Type

    conf

  • DOI
    10.1109/CICYBS.2011.5949404
  • Filename
    5949404