We would like to share an interesting article from the RMIT University in collaboration with the CA Labs from CA Technologies about the detection of threats of insiders. DEX graph database (now known as Sparksee) is used as the management system to power their analysis.
Insiders are those people who work, or have previously worked, in a company and intentionally misused the access to compromise some information available. A popular example is Wikileaks, and how the threat of insiders should be a concern for any company. Nowadays, with the outsourcing done with the “cloud computing”, it is more important to detect insider attacks than ever .
With this issue in mind, the researchers at RMIT and CA labs want to propose an analysis in order to detect deviations of users from normal behavior while accessing the systems, using DEX graph database in order to benefit from its capabilities to store huge volumes of data to be analyzed.
From 3 years of logs (2008 to 2011) extracted from the SVN access of a certain CA program they obtained 700M lines of access logs, and 282 unique users. In order to deal with such huge numbers they chose DEX graph database management system, which allowed them to store the following databases:
- Log database, with 700M nodes and 3500M edges, a really huge database with a total size of 305GB
- Command database, storing the commands executed by the users accessing the SVN. This is a smaller database of 6GB total size
DEX graph databases were used in the cluster analysis to detect communities, based on the accessed resources, projects and the daily access patterns. They discovered that a deviation on the daily pattern can be an alert of a possible insider threat.
For more details about the analysis, conclusions and future work we recommend reading the complete article here.
Our congratulations to the researchers at the RMIT University & CA Labs for such an interesting investigation towards building more secure systems for companies.
If you are also interested in using DEX for your research, do not hesitate to join the research program!
CA Labs was established in 2005 to strengthen relationships between research communities and CA Technologies. CA Labs works closely with universities, professional associations and government organizations on various projects that relate to our company’s products, technologies and methodologies. The results of these projects vary from research publications, to best practices, to new directions for products.