M-score: estimating the potential damage of data leakage incident by assigning misuseability weight

Amir Harel, Asaf Shabtai, Lior Rokach, Yuval Elovici

Proceedings of the 2010 ACM workshop on Insider threats, 13-20, 2010

Over the past few years data leakage and data misuse have become a major concern for organizations. A data leakage or data misuse incident can damage an organization’s reputation and brand name as well as compromise the privacy of its customers. Much research has been conducted in order to find a solution to these threats. Most methods are based on anomaly detection that tracks the user’s behavior by examining the syntax of SQL queries in order to detect outlier queries. Other methods examine the data retrieved by the query. In this paper, we propose a new concept for analyzing the retrieved data – the Misuseability Weight. This approach focuses on assigning a score that represents the sensitivity level of the data exposed to the user. This measure predicts the ability of a user to exploit the exposed data in a malicious way. We suggest a new measure, the M-score, which assigns a misuseability weight to …