Analyzing group communication for preventing accidental data leakage via email

Polina Zilberman, Asaf Shabtai, Lior Rokach

2010 Workshop on Collaborative Methods for Security and Privacy (CollSec 10), 2010

Modern business activities rely on extensive email exchange. Email “wrong recipients” mistakes have become widespread, and the severe damage caused by such mistakes constitutes a disturbing problem both for organizations and for individuals. Various solutions attempt to analyze email exchange for preventing emails to be sent to wrong recipients. However there is still no satisfying solution: many email addressing mistakes are not detected and in many cases correct recipients are wrongly marked as potential addressing mistake. In this paper we present a new approach for preventing emails “slip-ups” in organizations. The approach is based on analysis of emails exchange among members of the organization and identification of groups of members that exchange emails with common topics. Each member‟ s topics are then used during the enforcement phase for detecting potential leakage. When a new email is composed and about to be sent, each email recipient is analyzed. A recipient is approved if the email‟ s content belongs to at least one of the topics common to the sender and the recipient. We evaluated the new approach by comparing its detection performance to a baseline approach using the Enron Email dataset. Our evaluation results suggests that group communication analysis improves the performance of a baseline email classifier, which classifies a new email based only on emails exchanged in the past between the sender of the email and each of the recipients.