Behavioural analysis for prevention of intranet information leakage

摘要

User authentication in web applications such as emails is many times done at a single point of time such as during login. Information leakage occurs when the user's authentication is compromised. Although authentication systems verify different aspects of the user, a deviation in user behaviour is not captured in such validations. This paper proposes a mechanism to model user behaviour and captures the deviations in the intention of the user that could lead to information leakage. Through design of an application plugin developed for an intranet email application, the proposed model assists with preventing the leakage of classified emails. Password authentication and behavioural analysis based authentication are both used to architect this plugin. The plugin features continuous monitoring and authentication of the user during their time of usage.