Browse > Article
http://dx.doi.org/10.13089/JKIISC.2013.23.2.181

A system for detecting document leakage by insiders through continuous user authentication by using document reading behavior  

Cho, Sungyoung (Graduate School of Information Security, KAIST)
Kim, Minsu (Graduate School of Information Security, KAIST)
Won, Jongil (Graduate School of Information Security, KAIST)
Kwon, SangEun (Graduate School of Information Security, KAIST)
Lim, Chaeho (Graduate School of Information Security, KAIST)
Kang, Brent ByungHoon (Graduate School of Information Security, KAIST)
Kim, Sehun (Graduate School of Information Security, KAIST)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.23, no.2, 2013 , pp. 181-192 More about this Journal
Abstract
There have been various techniques to detect and control document leakage; however, most techniques concentrate on document leakage by outsiders. There are rare techniques to detect and monitor document leakage by insiders. In this study, we observe user's document reading behavior to detect and control document leakage by insiders. We make each user's document reading patterns from attributes gathered by a logger program running on Microsoft Word, and then we apply the proposed system to help determine whether a current user who is reading a document matches the true user. We expect that our system based on document reading behavior can effectively prevent document leakage.
Keywords
Document Reading; Continuous Authentication Insider Threat Detection;
Citations & Related Records
연도 인용수 순위
  • Reference
1 T. Ruggles, "Comparison of biometric techniques," tech. rep., California Welfare Fraud Prevention System, http://www.bio-tech-inc.com/bio.htm, 2002.
2 정연덕, "생체인식기술(Biometrics)의 효과적 활용과 문제점," 특허청 지색재산21, 통권 제86호, pp. 1-16, 2004년 7월.
3 A. Ahmed and I. Traore, "A new biometric technology based on mouse dynamics," IEEE Transactions on Dependable and Secure Computing, vol. 4, no. 3, pp. 165-179, Jul./Sep. 2007.   DOI   ScienceOn
4 H. Gamboa and A. Fred, "A behavioral biometric system based on human computer interaction," Proceedings of SPIE, vol. 54, pp. 4-36, 2004.
5 T. Lane and C.E.Brodly, "Temporal sequence learning and data reduction for anomaly detection," In DARPA Information Survivability Conference & Exposition II, vol. 2, no. 3, pp. 295-331, 1999.
6 I. Traore, I. Woungang, Y. Nakkabi, M.S. Obaidat, A.A.E. Ahmed, and B. Khalilian, "Dynamic sample size detection in learning command line sequence for continuous authentication," IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, vol. 42, no. 5, pp. 1343-1356, Oct. 2012.
7 S. Cho, C. Han, D.H. Han, and H.I. Kim, "Web-based keystroke dynamics identity verification using neural network," Journal of organizational computing and electronic commerce, vol. 10, no. 4, pp. 295-307, 2000.   DOI   ScienceOn
8 F. Bergadano, D. Gunetti, and C. Picardi, "User authentication through keystroke dynamics," ACM Transactions on Information and System Security, vol. 5, no, 4, pp. 367-397, Nov. 2002.   DOI
9 E. Yu and S. Cho, "Keystroke dynamics identity verification - its problems and practical solutions," Computers & Security, vol. 23, no. 5, pp. 428-440, July 2004.   DOI   ScienceOn
10 Z. Jorgensen and T. Yu, "On mouse dynamics as a behavioral biometric for authentication," In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 476-482, Mar. 2011.
11 VMWare vSphere. http://www.vmwar e.com/kr/products/datacenter-virtualiz ation/vsphe re/
12 매경이코노미, "5조원대 장레 비즈니스… 상주는 봉," http://news.mk.co.kr/v2/econo my/view. php?sc=50000010&cm=%C4%BF%B9 %F6%BD%BA%C5%E4%B8%AE&year =2012&no=141884&relatedcode=0000 90143, 2012년 3월.
13 매경이코노미, "소셜 커머스, 유통지도 바꿀까", http://news.mk.co.kr/v2/economy/ view.php?sc=50000010&cm=%C4%BF %B9%F6%BD%BA%C5%E4%B8%AE& year=2012&no=202943&relatedcode= 000130165, 2012년 4월.
14 Weka 3, http://www.cs.waikato.ac.nz/ ml/weka/
15 Richardson, R., "CSI Computer Crime & Security Survey," Computer Security Institute, 2008.
16 장항배, 여상수, 박길철, 이창훈, "내부정보 유출방지를 위한 문서보안 컴포넌트 개발 연구," 보안공학연구논문지, 5(2), pp.123-132, 2008년 4월.
17 Liu, S. and Kuhn, R., "Data loss prevention," IEEE IT Professional, vol. 12, no. 2, pp 10-13, Mar./Apr. 2010.
18 N. Zheng, A. Paloski, and H. Wang, "An efficient user verification system via mouse movements," ACM in Proceedings of the 18th ACM conference on Computer and Communications Security, pp. 139-150, Oct. 2011.
19 Liu, Q. and Safavi-Naini, R. and Sheppard, N.P., "Digital rights management for content distribution," Australian Computer Society Inc., Proceedings of the Australasian information security workshop conference on ACSW frontiers 2003, vol. 21, pp 49-58, 2003.
20 Volchkov, A., "Server-based computing opportunities," IEEE IT professional, vol. 4, no. 2, pp 18-23, March-April 2002.