Automated Big Text Security Classification

TL;DR

This paper introduces ACESS, a novel model for classifying sensitive information in large texts at paragraph level, using a new dataset of leaked diplomatic cables to improve insider threat detection.

Contribution

The paper presents ACESS, a new detection model for big text security classification, and constructs the first dataset of sensitive paragraphs from WikiLeaks cables for analysis.

Findings

ACESS effectively classifies sensitive paragraphs in large texts.

The dataset enables detailed analysis of sensitive information at paragraph granularity.

ACESS outperforms existing document-based detection methods.

Abstract

In recent years, traditional cybersecurity safeguards have proven ineffective against insider threats. Famous cases of sensitive information leaks caused by insiders, including the WikiLeaks release of diplomatic cables and the Edward Snowden incident, have greatly harmed the U.S. government's relationship with other governments and with its own citizens. Data Leak Prevention (DLP) is a solution for detecting and preventing information leaks from within an organization's network. However, state-of-art DLP detection models are only able to detect very limited types of sensitive information, and research in the field has been hindered due to the lack of available sensitive texts. Many researchers have focused on document-based detection with artificially labeled "confidential documents" for which security labels are assigned to the entire document, when in reality only a portion of the document is sensitive. This type of whole-document based security labeling increases the chances of preventing authorized users from accessing non-sensitive information within sensitive documents. In this paper, we introduce Automated Classification Enabled by Security Similarity (ACESS), a new and innovative detection model that penetrates the complexity of big text security classification/detection. To analyze the ACESS system, we constructed a novel dataset, containing formerly classified paragraphs from diplomatic cables made public by the WikiLeaks organization. To our knowledge this paper is the first to analyze a dataset that contains actual formerly sensitive information annotated at paragraph granularity.