Prototype software sniffs out insider threats

Researchers have developed software that can spot insider threats using an extended version of automated document indexing

Researchers are developing technology they say will use data mining and social networking techniques to spot and stop insider security threats and industrial espionage.

Air Force Institute of Technology researchers have developed software that can spot insider threats using an extended version of automated document indexing known as Probabilistic Latent Semantic Indexing (PLSI). This technology can discern employees' interests from e-mail and create a social network graph showing their various interactions, researchers said.

The technology could help any organization sniff out insider threats by analyzing email activity or find individuals among potentially tens of thousands of employees with latent interests in sensitive topics. The same technology might also be used to spot individuals who feel alienated within the organization as well as unraveling any worrying changes in their social network interactions.The researchers explain that individuals who have shown an interest in a sensitive topic but who have never communicated to others within the organization on this subject are often the most likely to be an insider threat.

The software can reveal those people either with a secret interest in that topic or who may feel alienated from the organization and so communicate their interest in it only to those outside the organization, researchers said. Another important signal of alienation or a potential problem is a shift in the connections between an individual and others within the organization. If an individual suddenly stops communicating or socializing with others with whom they have previously had frequent contact, then the technology could alert investigators to such changes.

The research team tested their approach on the archived body of messages from the liquidated Enron company e-mail system. Their PLSI results unearthed several individuals who represented potential insider threats. However, it should be noted that the individuals under indictment are the bosses of the organization. It was the core of the organization that is responsible for the illegal behavior, researchers said.

The research team points out that while Internet activity was not available for Enron, it is generally available from the same sources that supply e-mail history logs and so could be used to search more widely for insider threats. He adds that by turning the domain 'on its ear' in effect, the identity of the whistleblower could be revealed.

According to the 2007 e-Crime Watch survey, companies said that while hackers and outside threats represented the greatest threat (26 per cent) to networked resources, current employees inside the organization were not far behind (19 per cent). Foreign entities and ex-employees were the next greatest threats, the survey said.

A small percentage of data that leaks from corporate networks (0.5 per cent) is stolen by professionals whose efforts will evade detection by security products touted as data-leakage prevention tools, said Nick Selby, an analyst with 451 Group who spoke at the Security Standard event last year. The products do catch data leaks, 98 per cent of which are linked to an accident or stupidity and 1.5 per cent that are caused by vengeful employees clumsily attempting to steal data, he says.

"Data leakage is an antistupidity issue as much as it is a technology issue," Selby said. "Most data-leakage products can't discover activity by skilled insiders looking to steal."

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Network World staff

Network World

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?