The Commercial Information Leak Detection Technology Based on the Analysis of Professional Discussions on Social Networks

Oksana Pomorova

Abstract


The paper presents a new technology for commercial information leak detection. The technology based on an analysis of knowledge and skills that demonstrate the company's employees in the professional consultations and discussions in social networks. The company's subject domain and activities are modeled using ontologies.

Keywords


information leakage; leak detection; social networks; ontology

Full Text:

PDF

References


Cost of cybercrime study. Available at https://www.accenture.com/t20170926T 072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyber CrimeStudy.pdf (Accessed January 20, 2018).

What the Swedish government's data leak disaster can teach companies about third-party security. Available at: https://www.techrepublic.com/article/what-the-swedish-governments-data-leak-disaster-can-teach-companies-about-third-party-security/ (Accessed January 20, 2018).

Cost of Data Breach Study: Global Overview. 2018. Available at https://www-01.ibm.com /common/ssi/cgi-bin/ssialias?htmlfid=SEL03130WWEN (Accessed January 20, 2018).

Cybercrime will cost businesses over $2 trillion by 2019. 2017. Available at: https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion (Accessed January 20, 2018).

Data exfiltration study: Actors, tactics, and detection. 2017. Available at: https://www.mcafee. com /resources/reports/rp-data-exfiltration.pdf (Accessed January 20, 2018).

Shpunt Y.: Leaks are different (in Russian). Available at: https://www.iemag.ru/ columns/detail.php?ID=39435 (Accessed January 20, 2018).

Data Leakage Worldwide: The High Cost of Insider Threats. Available at: https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/data-loss-prevention/white_paper_c11-506224.pdf (Accessed January 20, 2018).

Bertino E., Terzi E., Kamra A., Vakali A.: Intrusion detection in RBAC-administered databases. 21st Annual Computer Security Applications Conference (ACSAC’05), 2005, p. 1÷10.

Kamra A., Terzi E., Bertino E.: Detecting anomalous access patterns in relational databases. VLDB J2008, 17, 2008, p.1063÷1077.

Costante E., Fauri D., Etalle S., Hartog J.D., Zannone N.: A hybrid framework for data loss prevention and detection. 2016 I.E. Security and Privacy Workshops (SPW), San Jose, USA 2016, p. 324÷333.

Mathew S., Petropoulos M., Ngo H.Q., Upadhyaya S.: A data-centric approach to insider attack detection in database systems. Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection, RAID’10, Ottawa, Ontario, Canada, Springer-Verlag, Heidelberg, Berlin 2010, p. 382÷401.

Jang Y., Chung S.P., Payne B.D., Lee W.: Gyrus: a framework for user-intent monitoring of text-based networked applications. 21st Annual Network and Distributed System Security Symposium (NDSS), Internet Society, VA 2014.

Senator T.E., Goldberg H.G., Memory A., Young W.T., Rees B., Pierce R., Huang D., Reardon M., Bader D.A., Chow E. et al.: Detecting insider threats in a real corporate database of computer usage activity. 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Chicago, Illinois, USA, ACM, New York 2013, pp. 1393÷1401.

https://stackoverflow.com/ Stackoverflow (Accessed January 20, 2018).

https://web.facebook.com Facebook (Accessed January 20, 2018).

https://twitter.com/ Twitter (Accessed January 20, 2018).

Salem M.B., Hershkop S., Stolfo S.J.: A Survey of Insider Attack Detection Research. Insider Attack and Cyber Security: Beyond the Hacker. Boston 2008, pp. 69÷90.

Phyo A.H., Furnell S.M.: A detection-oriented classification of insider it misuse. Third Security Conference, 2004.

Cheng L., Liu F., Yao D.: Enterprise Data Breach: Causes, Challenges, Prevention, and Future Directions. WIREs Data Mining and Knowledge Discovery. May 2017.

Shapira Y., Shapira B., Shabtai A.: Content-based data leakage detection using extended fingerprinting. arXiv preprint arXiv:1302.2028, 2013.

Matthews G., Deary I., Whiteman M.: Personality Traits (2nd ed.). Cambridge University Press, 2003.

Füller J., Hutter K., Hautz J., Matzler K.: User roles and contributions in innovation-contest communities. Journal of Management Information Systems, Vol. 31(1), 2014, pp. 273÷308.

Fisher D., Smith M., Welser H.T.: You are who you talk to: Detecting roles in usenet newsgroups. System Sciences, HICSS'06. Proceedings of the 39th Annual Hawaii International Conference on IEEE, Vol. 3, 2006, pp. 56b÷59b.

Gabriel R., Marra A.: Santos Benedito Rodrigues; Faleiros Vicente de Paula: Opacity of the boundaries between real and virtual worlds from the perspective of Facebook users. Psicol. USP, São Paulo, Vol. 27, No. 2, 2016, pp. 263÷272. Available at (Accessed January 20, 2018).

Uzzi B.: Teaming Up to Drive Scientific Discovery. Available at (Accessed January 20, 2018).

McAuley J., Leskovec J.: Discovering social circles in ego networks. ACM Trans. Knowl. Discov. Data 8, 1, Article 4, 2014.

Vosecky J., Hong D., Shen V.Y.: User identification across multiple social networks. 1st International Conference on Networked Digital Technologies. NDT’09, 2009, pp. 360÷365.

Zang H., Bolot J.: Anonymization of location data does not work: a largescale measurement study. 17th Annual International Conference on Mobile Computing and Networking, MobiCom ’11, USA 2011, pp. 145÷156.

Zheleva E., Getoor L.: To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. 18th International Conference on World Wide Web, WWW ’09, 2009, pp. 531÷540.

Ieng-Fat Lam, Kuan-Ta Chen, Ling-Jyh Chen: Involuntary Information Leakage in Social Network Services. Proceedings of IWSEC, 2008.

Guizzardi G., Halpin T.: Ontological foundations for conceptual modelling. Appl. Ontol. 3, No.1-2, 2008, pp. 1÷12.




DOI: http://dx.doi.org/10.21936/si2018_v39.n1.837