Posted on May 1, 2013 by Wendy Frost

Is someone from your organization stealing trade secrets and selling them to your competitors? Does your organization struggle with detecting and stopping Internet attacks? Researchers at The University of Texas at San Antonio (UTSA) College of Business have received two grants totaling $1 million to help companies better detect insider threats and enhance computer security.
Nicole Beebe pictured with female student at computer in classroom

Nicole Beebe pictured with female student at computer in classroom

UTSA researchers were awarded $797,000 in funding from the Naval Postgraduate School, the U.S. Navy’s national security research university, as part of a three-year $1.4 million contract with the U.S. Department of Homeland Security Science and Technology Directorate Cyber Security Division.

UTSA researchers will be responsible for developing an algorithm that detects hostile insiders using digital forensics—the science of discovering, recovering and investigating digital information. The algorithm will help companies detect data exfiltration, employee misconduct and other unauthorized activity jeopardizing the organization.

“We are pioneering a new approach in insider threat detection using digital forensics and data mining,” said Nicole Beebe, assistant professor of digital forensics and principal investigator of the project. “Previous approaches relied primarily on behavioral analysis from past breaches, but this failed to detect new methods for attacks because no two threats were exactly the same.”

The result will be a computer program that will scan an organization’s computer systems, analyze the data and present a report on system usage anomalies.

“The benefit of our system is that it is economical to employ and uses only a small amount of memory, processing power and disk space,” said Beebe. “We have found that digital hoarding is a common denominator in corporate data theft. Our system detects hostile insiders by comparing their storage profiles with the storage profile of others in their organization and by detecting deviations in an individual’s storage pattern over time.”

Daijin Ko, professor of statistics in the UTSA College of Business, is a co-researcher in this project.

A second grant of $205,000 from the Naval Postgraduate School will help identify the best means to classify file and data types. Beebe and Minghe Sun, professor of management science in the UTSA College of Business, will evaluate three methods of data type classification and determine the most effective, which will ultimately be shared with the public through open-source software.

“Our data type classification research will improve computer security while also developing new and enhanced technologies for detecting, preventing and responding to cyber attacks,” said Beebe, who previously worked in federal law enforcement as a digital forensics investigator. “By properly identifying unknown data and file types in a computing environment, we can more accurately deploy security solutions.”

This work will aid forensic triage - the first steps taken by an investigator to assess the situation and focus the investigation - by helping investigators target or prioritize search, extraction and analysis of file and data types of greatest interest to their case. This improved efficiency will allow companies to save time spent on analyzing data and eliminate irrelevant cases earlier on in the investigation process.

Throughout the one and a half year project, researchers will train the computer program to find certain types of data and separate them into various categories, much like organizing items into different buckets by type. They will then fine-tune the system to achieve the most accurate and efficient results.

The UTSA College of Business offers information security degrees at the undergraduate, graduate and doctoral levels. With more than 150 students majoring in this field, coursework includes digital forensics, secure network design, intrusion detection and incident response. UTSA is a designated Center of Academic Excellence in Information Assurance Education and a designated Center of Academic Excellence for Information Assurance Research by the National Security Agency and the Department of Homeland Security.

Please send your comments to: wendy.frost@utsa.edu

— Wendy Frost