Applying text mining methods for data loss prevention

Currently, the greatest risks for information security of organizations are internal, rather than external, threats. Data loss prevention (DLP) systems are used for minimization of risks related to internal threats. The main function of the DLP systems is to prevent leak of confidential data; however, comparison of the DLP systems relies currently on their capabilities to analyze information captured and convenience of carrying out retrospective investigations of information security incident. In the paper, a new approach to retrospective analysis of user's text information is presented. The idea of the proposed approach consists in topic analysis of the text content processed by the user in the past and prediction of further user behavior with content. User text content can cover different categories, including confidential ones. The topic analysis of user text content assumes determination of main topics and their weights for given past time intervals. Based on deviations of behavior of user's operations with a content from the forecast, one can reveal time intervals when operation with documents of one or another category differs from normal (historical) work and when the user worked with documents of unusual categories. The proposed approach was experimentally verified on an example of actual corporate email correspondence created from the Enron data set.