Information behaving badly

Julie Boxwell Ard, Matt Bishop, Carrie Gates, Michael Xin Sun
2013 Proceedings of the 2013 workshop on New security paradigms workshop - NSPW '13  
Traditionally, insider threat detection has focused on observing human actors -or, more precisely, computer accounts and processes acting on behalf of those actors -to model their "normal" behavior, then determine if they have performed some anomalous action and, further, if that action is malicious. In this paper, we shift the paradigm from observing human behavior to observing information behavior by modeling how documents flow through an organization. We hypothesize that similar types of
more » ... ments will exhibit similar workflows, and that a document deviating from its expected workflow indicates potential data leakage.
doi:10.1145/2535813.2535825 dblp:conf/nspw/ArdBGS13 fatcat:b7jvrsacarhp3fb7td3vf2c2qq