Abstract:
Current security operations are unable to predict a data leakage,
while the number of such incidents are continuously increasing. "2020 Ponemon
Institute Cost of Insider Threats" report states the mean cost of an insider threat
is $8.7 million, the survey tallied the maximum cost at nearly $26.5 million, while
the minimum cost, is still significant at $489,100. Current security controls and
systems are able to prevent various incidents, but at the same time produces
many false-positives. Such systems are unfortunately also prone to bypassing.
Agent assigned to confirm if an user has caused a data leakage, usually cannot
check the content of sent files. Insider can perform various actions to make
sent file seem as a personal one, or temporary file used by various applications.
When file becomes public, it is hard to deduce who is responsible for the leakage.
Currently there is a lack of systems able to identify the owner of a leaked
document. The incident can be detected, but the person responsible for it may
still remain unknown. Present study presents an implementation of a word
document’s owner identification, allowing to find a person responsible for a
leakage.