Data leakage detection algorithm based on task sequences and probabilities

摘要

In this paper we propose a novel algorithm to detect anomalous user behaviour in computer sessions. We first identify the behavioural profile of each authorized user from the computational tasks they usually carry out on the files of the information system. A new session is then codified as 2-length sequences and an algorithm based on the probability of those sequences is applied. The activities classified as possible anomalies are double-checked by applying Markov chains. The procedure has been proved efficient in terms of high detection accuracy and low false positive rate. It has been validate on a real database provided by a governmental institution of Ecuador and also on a public dataset of Unix commands. Besides, the algorithm has been shown efficient regarding computational time and the overhead of this monitoring software is low.