Detection of Insider Threats Using Graph Databases
Curator's Note: The content of this article is based on the original written over at the Sparsity Technologies' blog .
The RMIT University in collaboration with the CA Labs from CA Technologies have recently shared their work about the detection of threats of insiders, where they use graph database in order to deal with large datasets and pattern analysis. In particular DEX graph database is the one used as the management system to power their analysis.
Insiders are those people who work, or have previously worked, in a company and intentionally misused the access to compromise some information available. A popular example is Wikileaks, and how the threat of insiders should be a concern for any company. Nowadays, with the outsourcing done with the “cloud computing”, it is more important to detect insider attacks than ever.
With this issue in mind, the researchers at RMIT and CA labs want to propose an analysis in order to detect deviations of users from normal behavior while accessing the systems, using DEX graph database in order to benefit from its capabilities to store huge volumes of data to be analyzed.
From 3 years of logs (2008 to 2011) extracted from the SVN access of a certain CA program they obtained 700M lines of access logs, and 282 unique users. It allowed them to store the following graph databases:
- Log database, with 700M nodes and 3500M edges, a really huge database with a total size of 305GB
- Command database, storing the commands executed by the users accessing the SVN. This is a smaller database of 6GB total size
DEX graph databases were used in the cluster analysis to detect communities, based on the accessed resources, projects and the daily access patterns. They discovered that a deviation on the daily pattern can be an alert of a possible insider threat.
For more details about the analysis, conclusions and future work we recommend reading the complete article here
A very interesting investigation towards building more secure systems for companies.
DEX graph database is available free for research as part of their research license program. More details about licenses here .
(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)