Researchers at The University of Texas at San Antonio (UTSA) College of Business have received two grants totaling $1 million to help companies better detect insider threats and enhance computer security. UTSA researchers were awarded $797,000 in funding from the Naval Postgraduate School, the U.S. Navy’s national security research university, as part of a three-year $1.4 million contract with the U.S. Department of Homeland Security Science and Technology Directorate Cyber Security Division. UTSA researchers will be responsible for developing an algorithm that detects hostile insiders using digital forensics – the algorithm will help companies detect data exfiltration, employee misconduct, and other unauthorized activity that jeopardizes the organization.”We are pioneering a new approach in insider threat detection using digital forensics and data mining,” said Nicole Beebe, assistant professor of digital forensics and principal investigator of the project. “Previous approaches relied primarily on behavioral analysis from past breaches, but this failed to detect new methods for attacks because no two threats were exactly the same.”
The end result will be a computer program that will scan an organization’s computer systems, analyze the data and present a report on system usage anomalies.
“The benefit of our system is that it is economical to employ and uses only a small amount of memory, processing power and disk space,” said Beebe. “We have found that a common denominator in corporate data theft is digital hoarding. Our system detects hostile insiders by comparing their storage profiles with the storage profile of others in their organization and by detecting deviations in an individual’s storage pattern over time.”
Daijin Ko, professor of statistics in the UTSA College of Business, is a co-researcher in this project.
A second grant of $205,000 from the Naval Postgraduate School awarded earlier this year will help identify the best means to classify file and data types. Beebe and Minghe Sun, professor of management science in the UTSA College of Business, will evaluate three methods of data type classification and determine the most effective, which will ultimately be shared with the public through open source software.
“Our data type classification research will improve computer security while also developing new and enhanced technologies for detecting, preventing and responding to cyber attacks,” said Beebe, who previously worked in federal law enforcement as a digital forensics investigator. “By properly identifying unknown data and file types in a computing environment, we can more accurately deploy security solutions.”
This work will aid forensic triage – the first steps taken by an investigator to assess the situation and focus the investigation – by helping investigators target or prioritize search, extraction and analysis of file and data types of greatest interest to their case. This improved efficiency will allow companies to save time spent on analyzing data and eliminate irrelevant cases earlier on in the investigation process.
Throughout the one and a half year project, researchers will train the computer program to find certain types of data and separate them into various categories, much like organizing items into different buckets by type. They will then fine-tune the system to achieve the most accurate and efficient results.