TY - GEN
T1 - Detecting masquerading users in a document management system
AU - Sankaranarayanan, Vidyaraman
AU - Pramanik, Suranjan
AU - Upadhyaya, Shambhu
PY - 2006
Y1 - 2006
N2 - A Document Management System (DMS) is a repository of digital documents that provides functionality for check-in, check-out and shared editing. In a DMS, security mechanisms like encryption of documents and enforcement of policies are implemented to protect from information leakage. These security schemes, essentially applications of Digital Rights Management technologies, while effective against external attacks, are ineffective against insider attacks. The typical insider in a DMS already has access to documents and hence, his capabilities for information leakage are much higher. In this work, we address an important, yet unexplored problem of masquerading users in a DMS, a threat for which the DMS inherently has no protection. We approach the problem by monitoring the pattern and mannerism of user actions on documents and building a profile of each user using the resulting logs. In order to illustrate our ideas, we built user profiles of 41 users working on Microsoft Word and applied two algorithms, viz., IPAM and Naïve Bayes to distinguish between them. When supplied with appropriately interpreted command sequences of a DMS, IPAM was able to distinguish between users effectively, while Naïve Bayes failed to produce any meaningful results. We recorded an average detection rate of 58% with a false positive of 14%.
AB - A Document Management System (DMS) is a repository of digital documents that provides functionality for check-in, check-out and shared editing. In a DMS, security mechanisms like encryption of documents and enforcement of policies are implemented to protect from information leakage. These security schemes, essentially applications of Digital Rights Management technologies, while effective against external attacks, are ineffective against insider attacks. The typical insider in a DMS already has access to documents and hence, his capabilities for information leakage are much higher. In this work, we address an important, yet unexplored problem of masquerading users in a DMS, a threat for which the DMS inherently has no protection. We approach the problem by monitoring the pattern and mannerism of user actions on documents and building a profile of each user using the resulting logs. In order to illustrate our ideas, we built user profiles of 41 users working on Microsoft Word and applied two algorithms, viz., IPAM and Naïve Bayes to distinguish between them. When supplied with appropriately interpreted command sequences of a DMS, IPAM was able to distinguish between users effectively, while Naïve Bayes failed to produce any meaningful results. We recorded an average detection rate of 58% with a false positive of 14%.
KW - Digital rights management
KW - Document management system
KW - Insider threat
KW - Intrusion detection
KW - Masquerading insiders
KW - User profiling
UR - https://www.scopus.com/pages/publications/42549154829
U2 - 10.1109/ICC.2006.255112
DO - 10.1109/ICC.2006.255112
M3 - Conference contribution
AN - SCOPUS:42549154829
SN - 1424403553
SN - 9781424403554
T3 - IEEE International Conference on Communications
SP - 2296
EP - 2301
BT - 2006 IEEE International Conference on Communications, ICC 2006
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2006 IEEE International Conference on Communications, ICC 2006
Y2 - 11 July 2006 through 15 July 2006
ER -