The insider on the outside: a novel system for the detection of information leakers in social networks

Confidential information is all too easily leaked by naive users posting comments. In this paper we introduce DUIL, a system for Detecting Unintentional Information Leakers. The value of DUIL is in its ability to detect those responsible for information leakage that occurs through comments posted on news articles in a public environment, when those articles have withheld material non-public information. DUIL is comprised of several artefacts, each designed to analyse a different aspect of this challenge: the information, the user(s) who posted the information, and the user(s) who may be involved in the dissemination of information. We present a design science analysis of DUIL as an information system artefact comprised of social, information, and technology artefacts. We demonstrate the performance of DUIL on real data crawled from several Facebook news pages spanning two years of news articles.

[1]  J Reason,et al.  The contribution of latent human failures to the breakdown of complex systems. , 1990, Philosophical transactions of the Royal Society of London. Series B, Biological sciences.

[2]  Alan R. Hevner,et al.  POSITIONING AND PRESENTING DESIGN SCIENCE RESEARCH FOR MAXIMUM IMPACT 1 , 2013 .

[3]  A. Smeaton,et al.  On Using Twitter to Monitor Political Sentiment and Predict Election Results , 2011 .

[4]  Eric W. Orts,et al.  Moral Principle in the Law of Insider Trading , 2000 .

[5]  David G. Schwartz,et al.  Revealing censored information through comments and commenters in online social networks , 2015, 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[6]  Alan R. Hevner,et al.  Design Research in Information Systems: Theory and Practice , 2010 .

[7]  Alan R. Hevner,et al.  Design Research in Information Systems , 2010 .

[8]  Mauro Conti,et al.  SocialSpy: Browsing (Supposedly) Hidden Information in Online Social Networks , 2014, CRiSIS.

[9]  Peter I. Miller,et al.  Does Presence of a Mid-Ocean Ridge Enhance Biomass and Biodiversity? , 2013, PloS one.

[10]  Richard Baskerville,et al.  A longitudinal study of information system threat categories: the enduring problem of human error , 2005, DATB.

[11]  Juhani Iivari,et al.  Distinguishing and contrasting two strategies for design science research , 2015, Eur. J. Inf. Syst..

[12]  Samir Chatterjee,et al.  A Design Science Research Methodology for Information Systems Research , 2008 .

[13]  Robin L. Wakefield,et al.  Social media network behavior: A study of user passion and affect , 2016, J. Strateg. Inf. Syst..

[14]  Michael Karsch,et al.  THE INSIDER TRADING SANCTIONS ACT: INCORPORATING A MARKET INFORMATION DEFINITION , 1984 .

[15]  Christopher J. Fariss,et al.  Inferring Tie Strength from Online Directed Behavior , 2013, PloS one.

[16]  Dimitris Gritzalis,et al.  Proactive insider threat detection through social media: the YouTube case , 2013, WPES.

[17]  Merrill Warkentin,et al.  Behavioral and policy issues in information systems security: the insider threat , 2009, Eur. J. Inf. Syst..

[18]  Sandeep Purao,et al.  Action Design Research , 2011, MIS Q..

[19]  Kalle Lyytinen,et al.  Nothing At The Center?: Academic Legitimacy in the Information Systems Field , 2004, J. Assoc. Inf. Syst..

[20]  Les Gasser,et al.  A Design Theory for Systems That Support Emergent Knowledge Processes , 2002, MIS Q..

[21]  Pompeu Casanovas,et al.  Cyber Warfare and Organised Crime. A Regulatory Model and Meta-Model for Open Source Intelligence (OSINT) , 2017 .

[22]  David G. Schwartz,et al.  Detecting unintentional information leakage in social media news comments , 2014, Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration (IEEE IRI 2014).

[23]  Richard Baskerville,et al.  Going back to basics in design science: from the information technology artifact to the information systems artifact , 2015, Inf. Syst. J..

[24]  M. Taddeo,et al.  Ethics and Policies for Cyber Operations , 2017 .

[25]  Jay F. Nunamaker,et al.  Creating High-Value Real-World Impact through Systematic Programs of Research , 2017, MIS Q..

[26]  Gilad Mishne,et al.  Finding high-quality content in social media , 2008, WSDM '08.

[27]  Juhani Iivari,et al.  Information system artefact or information system application: that is the question , 2017, Inf. Syst. J..

[28]  Carrie Gates,et al.  Defining the insider threat , 2008, CSIIRW '08.

[29]  Jay F. Nunamaker,et al.  A Comparison of Classification Methods for Predicting Deception in Computer-Mediated Communication , 2004, J. Manag. Inf. Syst..

[30]  Bin Ke,et al.  Information Asymmetry and Cross-sectional Variation in Insider Trading* , 2007 .

[31]  David G. Schwartz,et al.  News censorship in online social networks: A study of circumvention in the commentsphere , 2017, J. Assoc. Inf. Sci. Technol..

[32]  Elizabeth K. Bowman Content-Based Multimedia Analytics : Rethinking the Speed and Accuracy of Information Retrieval for Threat Detection , 2017 .

[33]  Steven M. Bellovin,et al.  A study of privacy settings errors in an online social network , 2012, 2012 IEEE International Conference on Pervasive Computing and Communications Workshops.

[34]  Andrea Resca,et al.  Design for social media engagement: Insights from elderly care assistance , 2015, J. Strateg. Inf. Syst..

[35]  Jay F. Nunamaker,et al.  Autonomous Scientifically Controlled Screening Systems for Detecting Information Purposely Concealed by Individuals , 2014, J. Manag. Inf. Syst..

[36]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[37]  K BurgoonJudee,et al.  A Comparison of Classification Methods for Predicting Deception in Computer-Mediated Communication , 2004 .

[38]  David G. Schwartz,et al.  Research Commentary - The Disciplines of Information: Lessons from the History of the Discipline of Medicine , 2014, Inf. Syst. Res..

[39]  Wanda J. Orlikowski,et al.  Research Commentary: Desperately Seeking the "IT" in IT Research - A Call to Theorizing the IT Artifact , 2001, Inf. Syst. Res..

[40]  Scott Jasper U.S. Cyber Threat Intelligence Sharing Frameworks , 2017 .