Prototype software sniffs out insider threats

Researchers have developed software that can spot insider threats using an extended version of automated document indexing

Researchers are developing technology they say will use data mining and social networking techniques to spot and stop insider security threats and industrial espionage.

Air Force Institute of Technology researchers have developed software that can spot insider threats using an extended version of automated document indexing known as Probabilistic Latent Semantic Indexing (PLSI). This technology can discern employees' interests from e-mail and create a social network graph showing their various interactions, researchers said.

The technology could help any organization sniff out insider threats by analyzing email activity or find individuals among potentially tens of thousands of employees with latent interests in sensitive topics. The same technology might also be used to spot individuals who feel alienated within the organization as well as unraveling any worrying changes in their social network interactions.The researchers explain that individuals who have shown an interest in a sensitive topic but who have never communicated to others within the organization on this subject are often the most likely to be an insider threat.

The software can reveal those people either with a secret interest in that topic or who may feel alienated from the organization and so communicate their interest in it only to those outside the organization, researchers said. Another important signal of alienation or a potential problem is a shift in the connections between an individual and others within the organization. If an individual suddenly stops communicating or socializing with others with whom they have previously had frequent contact, then the technology could alert investigators to such changes.

The research team tested their approach on the archived body of messages from the liquidated Enron company e-mail system. Their PLSI results unearthed several individuals who represented potential insider threats. However, it should be noted that the individuals under indictment are the bosses of the organization. It was the core of the organization that is responsible for the illegal behavior, researchers said.

The research team points out that while Internet activity was not available for Enron, it is generally available from the same sources that supply e-mail history logs and so could be used to search more widely for insider threats. He adds that by turning the domain 'on its ear' in effect, the identity of the whistleblower could be revealed.

According to the 2007 e-Crime Watch survey, companies said that while hackers and outside threats represented the greatest threat (26 per cent) to networked resources, current employees inside the organization were not far behind (19 per cent). Foreign entities and ex-employees were the next greatest threats, the survey said.

A small percentage of data that leaks from corporate networks (0.5 per cent) is stolen by professionals whose efforts will evade detection by security products touted as data-leakage prevention tools, said Nick Selby, an analyst with 451 Group who spoke at the Security Standard event last year. The products do catch data leaks, 98 per cent of which are linked to an accident or stupidity and 1.5 per cent that are caused by vengeful employees clumsily attempting to steal data, he says.

"Data leakage is an antistupidity issue as much as it is a technology issue," Selby said. "Most data-leakage products can't discover activity by skilled insiders looking to steal."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Network World staff

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?