Abstract
We introduce algorithms to automatically score and rank information technology (IT) assets in an enterprise, such as computer systems or data files, by their business value and criticality to the organization. Typically, information assets are manually assigned classification labels with respect to the confidentiality, integrity and availability. In this paper, we propose semi-automatic machine learning algorithms to automatically estimate the sensitivity of assets by profiling the users. Our methods do not require direct access to the target assets or privileged knowledge about the assets, resulting in a more efficient, scalable and privacy-preserving approach compared with existing data security solutions relying on data content classification. Instead, we rely on external information such as the attributes of the users, their access patterns and other published data content by the users. Validation with a set of 8,500 computers collected from a large company show that all our algorithms perform significantly better than two baseline methods.
Chapter PDF
Similar content being viewed by others
References
Aksoy, S., Haralick, R.M.: Feature normalization and likelihood-based similarity measures for image retrieval. Pattern Recognition Letters 22(5), 563–582 (2001)
Bar-Hillel, A., Hertz, T., Shental, N., Weinshall, D.: Learning distance functions using equivalence relations. In: Proceedings of International Conference on Machine Learning, ICML, pp. 11–18 (2003)
Beaudoin, L., Eng, P.: Asset valuation technique for network management and security. In: Proceedings of the Sixth IEEE International Conference on Data Mining Workshops, ICDMW 2006, pp. 718–721. IEEE Computer Society (2006)
Beaver, J.M., Patton, R.M., Potok, T.E.: An approach to the automated determination of host information value. In: IEEE Symposium on Computational Intelligence in Cyber Security, CICS, pp. 92–99. IEEE (2011)
Bell, D.E., LaPadula, L.J.: Secure computer systems: Mathematical foundations. MITRE Corporation, 1 (1973)
Blei, D., Ng, A., Jordan, M.: Latent dirichlet allocation. Journal of Machine Learning Research 3, 993–1022 (2003)
Cole, E.: Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization. Syngress (2012)
Cover, T., Hart, P.: Nearest neighbor pattern classification. IEEE Transactions on Information Theory 13(1), 21–27 (1967)
Jarvelin, K., Kekalainen, J.: Cumulated gain-based evaluation of ir techniques. ACM Transactions on Information Systems (4), 422–446 (2002)
Kim, A., Kang, M.H.: Determining asset criticality for cyber defense. Technical Report NRL/MR/5540–11-9350, NAVAL RESEARCH LAB WASHINGTON (2011)
Manning, C.D., Raghavan, P., Schütze, H.: Introduction to Information Retrieval. Cambridge University Press (2008)
Park, Y., Gates, S.C., Teiken, W., Chari, S.N.: System for automatic estimation of data sensitivity with applications to access control and other applications. In: Proceedings of The ACM Symposium on Access Control Models and Technologies, SACMAT (2011)
Park, Y., Gates, S.C., Teiken, W., Cheng, P.-C.: An experimental study on the measurement of data sensitivitys. In: Proceedings of Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS, pp. 68–75 (2011)
Weinberger, K.Q., Blitzer, J., Saul, L.K.: Distance metriclearning for large margin nearest neighbor classification. In: Proceedings of the Neural Information Processing Systems Conference, NIPS (2005)
Sawilla, R.E., Ou, X.: Identifying critical attack assets in dependency attack graphs. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 18–34. Springer, Heidelberg (2008)
Shannon, C.E.: A Mathematical Theory of Communication. Bell System Technical Journal (1948)
Shental, N., Hertz, T., Weinshall, D., Pavel, M.: Adjustment learning and relevant component analysis. In: Heyden, A., Sparr, G., Nielsen, M., Johansen, P. (eds.) ECCV 2002, Part IV. LNCS, vol. 2353, pp. 776–790. Springer, Heidelberg (2002)
Stamati-Koromina, V., Ilioudis, C., Overill, R., Georgiadis, C.K., Stamatis, D.: Insider threats in corporate environments: a case study for data leakage prevention. In: Proceedings of the Fifth Balkan Conference in Informatics, BCI 2012, pp. 271–274 (2012)
Voorhees, E.M.: Variations in relevance judgments and the measurement of retrieval effectiveness. In: Proceedings of the 21 st Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, vol. 24, pp. 315–323 (1998)
Yang, L.: Distance metric learning: A comprehensive survey (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Park, Y., Gates, C., Gates, S.C. (2013). Estimating Asset Sensitivity by Profiling Users. In: Crampton, J., Jajodia, S., Mayes, K. (eds) Computer Security – ESORICS 2013. ESORICS 2013. Lecture Notes in Computer Science, vol 8134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40203-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-40203-6_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40202-9
Online ISBN: 978-3-642-40203-6
eBook Packages: Computer ScienceComputer Science (R0)