Rule-based system for data leak threat estimation

Vuković, Maja; Katušić, Damjan; Soic, Renato; Weber, Mario

doi:10.23919/softcom.2017.8115578

Cited by 1 publication

(4 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on the knowledge extracted from the DLP incident alerts, an organization can implement preventative measures by refining DLP security policies to avoid future occurrence of similar incidents. As the scope of data loss prevention is broad, a number of detection methods are commonly used by DLP systems such as context-based, content-based, and content tagging [18,16]. Context-based data inspection relies on analyzing contextual information such as source, destination, size, or recipient of data item in question, while content-based data inspection uses techniques such as pattern or regular expression matching, and text analysis.…”

Section: Data Loss Detection Methodsmentioning

confidence: 99%

“…Content tagging assigns tags to sensitive data items that form basis for this detection method. In this respect, there are two major approaches in developing model for the underlying DLP solution as outlined in [18,19] i.e. specification and learning based approaches.…”

Section: Data Loss Detection Methodsmentioning

confidence: 99%

“…Vukovic et al [18] presented another approach for data loss prevention based on a rule engine and threat estimation. The authors presented the pioneer effort focused at supporting an existing DLP system that is already in production environment.…”

Section: Related Workmentioning

confidence: 99%

“…Therefore, the time/data variable is transformed into qualitative variable. For example, 04/07/2018 transformed into [7,18].…”

Section: Feature Extraction and Engineeringmentioning

confidence: 99%

See 3 more Smart Citations

Predicting likelihood of legitimate data loss in email DLP

Faiz

Arshad

Alazab

et al. 2020

Future Generation Computer Systems

View full text Add to dashboard Cite

The volume and variety of data collected for modern organizations has increased significantly over the last decade necessitating the detection and prevention of disclosure of sensitive data. Data loss prevention is an embedded process used to protect against disclosure of sensitive data to external uncontrolled environments. A typical Data Loss Prevention (DLP) system uses custom policies to identify and prevent accidental and malicious data leakage producing large number of security alerts including significant volume of false positives. Consequently, identifying legitimate data loss can be very challenging as each incident comprises of different characteristics often requiring extensive intervention by a domain expert to review alerts individually. This limits the ability to detect data loss alerts in real-time making organisations vulnerable to financial and reputational damages. The aim of this research is to strengthen data loss detection capabilities of a DLP system by implementing a machine learning model to predict the likelihood of legitimate data loss. We conducted extensive experimentation using Decision Tree and Random Forest algorithms with historical email incident data collected by a globally established telecommunication enterprise. The final model produced with Random Forest algorithm was identified as the most effective as it was successfully able to predict approximately 95% data loss incidents accurately with an average true positive value of 90%. Furthermore, the proposed solution successfully enables identification of legitimate data loss in email DLP whilst facilitating prioritisation of real data loss through human-understandable explanation of the decision thereby improving the efficiency of the process.

show abstract

Section: Data Loss Detection Methodsmentioning

confidence: 99%

Section: Data Loss Detection Methodsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

“…Therefore, the time/data variable is transformed into qualitative variable. For example, 04/07/2018 transformed into [7,18].…”

Section: Feature Extraction and Engineeringmentioning

confidence: 99%

See 2 more Smart Citations