Information behaving badly

Authors:
Julie Boxwell Ard;Matt Bishop;Carrie Gates;Michael Xin Sun
Affiliations:
University of California at Davis, Davis, CA, USA;University of California at Davis, Davis, CA, USA;CA Labs, New York, NY, USA;University of California at Davis, Davis, CA, USA
Venue:
Proceedings of the 2013 workshop on New security paradigms workshop
Year:
2013

Citing 17
Cited 0

Why and Where: A Characterization of Data Provenance

ICDT '01 Proceedings of the 8th International Conference on Database Theory
Role mining - revealing business roles for security administration using data mining technology

Proceedings of the eighth ACM symposium on Access control models and technologies
Workflow mining: a survey of issues and approaches

Data & Knowledge Engineering
Role mining with ORCA

Proceedings of the tenth ACM symposium on Access control models and technologies
Comprehensive workflow mining

Proceedings of the 44th annual Southeast regional conference
Business process mining: An industrial application

Information Systems
Challenging the anomaly detection paradigm: a provocative discussion

NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Topic and role discovery in social networks with experiments on enron and academic email

Journal of Artificial Intelligence Research
Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance

Electronic Notes in Theoretical Computer Science (ENTCS)
Intelligent email: aiding users with ai

Intelligent email: aiding users with ai
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
On information flow for intrusion detection: what if accurate full-system dynamic information flow tracking was possible?

Proceedings of the 2010 workshop on New security paradigms
Process Mining: Discovery, Conformance and Enhancement of Business Processes

Process Mining: Discovery, Conformance and Enhancement of Business Processes
A Survey of Data Leakage Detection and Prevention Solutions

A Survey of Data Leakage Detection and Prevention Solutions
On the exploitation of process mining for security audits: the conformance checking case

Proceedings of the 27th Annual ACM Symposium on Applied Computing
A comprehensive gold standard for the Enron organizational hierarchy

ACL '12 Proceedings of the 50th Annual Meeting of the Association for Computational Linguistics: Short Papers - Volume 2
Role Mining with Probabilistic Models

ACM Transactions on Information and System Security (TISSEC)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Traditionally, insider threat detection has focused on observing human actors -- or, more precisely, computer accounts and processes acting on behalf of those actors -- to model their "normal" behavior, then determine if they have performed some anomalous action and, further, if that action is malicious. In this paper, we shift the paradigm from observing human behavior to observing information behavior by modeling how documents flow through an organization. We hypothesize that similar types of documents will exhibit similar workflows, and that a document deviating from its expected workflow indicates potential data leakage.