Title :
Insider threat discovery using automatic detection of mission critical data based on content
Author :
White, Jonathan ; Panda, Brajendra
Author_Institution :
Univ. of Arkansas, Fayetteville, AR, USA
Abstract :
In this work, we design a system that can automatically detect what is critical in data systems based upon the content and context of the information. After this process has been performed, the information it provides can be used for insider threat detection. If a DBMS is used for data access, historical logs are generally kept and our method uses these logs to detect the typical level of criticality of data that each user uses during normal work conditions. If a user suddenly attempts to access data that is much more critical than was typically accessed in the past, this is a potential sign that the insider is acting maliciously. Few attempts at locating critical data exist in the computer security literature and we argue in this work that our novel design fulfills this need in a manner that is extensible and applicable to a wide range of problems. Our results show that our design requires limited computing resources, and with proper training can be very effective at locating critical data and aiding in mitigating insider threats.
Keywords :
computer network security; computer viruses; database management systems; information retrieval; DBMS; automatic detection; computer security; critical data; data access; data systems; historical logs; insider threat detection; malicious; Databases; Information filters; Security; Support vector machine classification; Training; Critical Data; Databases; Insider Threats;
Conference_Titel :
Information Assurance and Security (IAS), 2010 Sixth International Conference on
Conference_Location :
Atlanta, GA
Print_ISBN :
978-1-4244-7407-3
DOI :
10.1109/ISIAS.2010.5604187
