Predicting likelihood of legitimate data loss in email DLP

Faiz, Mohamed Falah, Arshad, Junaid ORCID: https://orcid.org/0000-0003-0424-9498, Alazab, Mamoun and Shalaginov, Andrii (2019) Predicting likelihood of legitimate data loss in email DLP. Future Generation Computer Systems. ISSN 0167-739X

[img] PDF
Predicting_the_Likelihood_of_Legitimate_Data_Loss_in_Email_DLP-accepted_Repo.pdf - Accepted Version
Restricted to Repository staff only until 10 November 2020.
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (1MB) | Request a copy

Abstract

The volume and variety of data collected for modern organizations has increased significantly over the last decade necessitating the detection and prevention of disclosure of sensitive data. Data loss prevention is an embedded process used to protect against disclosure of sensitive data to external uncontrolled environments. A typical Data Loss Prevention (DLP) system uses custom policies to identify and prevent accidental and malicious data leakage producing large number of security alerts including significant volume of false positives. Consequently, identifying legitimate data loss can be very challenging as each incident comprises of different characteristics often requiring extensive intervention by a domain expert to review alerts individually. This limits the ability to detect data loss alerts in real-time making organisations vulnerable to financial and reputational damages. The aim of this research is to strengthen data loss detection capabilities of a DLP system by implementing a machine learning model to predict the likelihood of legitimate data loss. We conducted extensive experimentation using Decision Tree and Random Forest algorithms with historical email incident data collected by a globally established telecommunication enterprise. The final model produced with Random Forest algorithm was identified as the most effective as it was successfully able to predict approximately 95% data loss incidents accurately with an average true positive value of 90%. Furthermore, the proposed solution successfully enables identification of legitimate data loss in email DLP whilst facilitating prioritisation of real data loss through human-understandable explanation of the decision thereby improving the efficiency of the process.

Item Type: Article
Uncontrolled Keywords: Data Loss Prevention, Email DLP, Insider Threats, Threat Prediction, Machine Learning
Subjects: Computing > Information security > Cyber security
Computing > Information security
Computing
Depositing User: Junaid Arshad
Date Deposited: 05 Nov 2019 12:20
Last Modified: 19 Nov 2019 13:36
URI: http://repository.uwl.ac.uk/id/eprint/6510

Actions (login required)

View Item View Item

Menu