Software Engineering Institute

Insider Threat Control: Using Plagiarism Detection Algorithms to Prevent Data Exfiltration in Near Real Time

October 3, 2013 • Technical Note

By

Todd Lewellen, George Silowash, and Daniel L. Costa

In this report, the authors describe how an insider threat control can monitor an organization's web request traffic for text-based data exfiltration.

Publisher

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2013-TN-008

DOI (Digital Object Identifier)

10.1184/R1/6574484.v1

Subjects

Controls Insider Threat

Abstract

In organizations with access to the internet, the potential for data leakage is ever present. Data loss prevention is a difficult issue because exfiltration channels, such as modern webmail services, are readily available to insiders. An insider can paste text into a webmail message to bypass other controls. Therefore, monitoring must include the content of this communication. A data loss prevention control determines if the content in outgoing web requests is similar to the organization's intellectual property, actively blocks suspicious requests, and logs these events. This technical note describes how a control can monitor web request traffic for text-based data exfiltration attempts and block them in real time. Using this control can help an organization protect text-based intellectual property, including source code repositories.

Cite This Technical Note

APA

Lewellen, T., Silowash, G., & Costa, D. (2013, October 3). Insider Threat Control: Using Plagiarism Detection Algorithms to Prevent Data Exfiltration in Near Real Time. (Technical Note CMU/SEI-2013-TN-008). Retrieved April 19, 2024, from https://doi.org/10.1184/R1/6574484.v1.

BibTeX

@techreport{lewellen_2013,
author={Lewellen, Todd and Silowash, George and Costa, Daniel},
title={Insider Threat Control: Using Plagiarism Detection Algorithms to Prevent Data Exfiltration in Near Real Time},
month={Oct},
year={2013},
number={CMU/SEI-2013-TN-008},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6574484.v1},
note={Accessed: 2024-Apr-19}
}

CHI

Lewellen, Todd, George Silowash, and Daniel Costa. "Insider Threat Control: Using Plagiarism Detection Algorithms to Prevent Data Exfiltration in Near Real Time." (CMU/SEI-2013-TN-008). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, October 3, 2013. https://doi.org/10.1184/R1/6574484.v1.

IEEE

T. Lewellen, G. Silowash, and D. Costa, "Insider Threat Control: Using Plagiarism Detection Algorithms to Prevent Data Exfiltration in Near Real Time," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2013-TN-008, 3-Oct-2013 [Online]. Available: https://doi.org/10.1184/R1/6574484.v1. [Accessed: 19-Apr-2024].

MLA

Lewellen, Todd, George Silowash, and Daniel Costa. "Insider Threat Control: Using Plagiarism Detection Algorithms to Prevent Data Exfiltration in Near Real Time." (Technical Note CMU/SEI-2013-TN-008). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 3 Oct. 2013. https://doi.org/10.1184/R1/6574484.v1. Accessed 19 Apr. 2024.

SEI

Lewellen, Todd; Silowash, George; & Costa, Daniel. Insider Threat Control: Using Plagiarism Detection Algorithms to Prevent Data Exfiltration in Near Real Time. CMU/SEI-2013-TN-008. Software Engineering Institute. 2013. https://doi.org/10.1184/R1/6574484.v1

Ask a question about this Technical Note