Modeling Exfiltration Events in Sunlife Cybersecurity Data
Many governments and other organizations hold confidential data. Theft of that data can be extremely damaging both to the organization and to the people whose data has been stolen. Massive breaches each involving millions of people have been occurring on a regular basis in recent years. New Cyber Security tools are needed to help people determine the threats that exist and to provide active online monitoring that can detect unusual behavior as it happens. In this project researchers from the Interactive Media Lab at the University of Toronto are working with Sun Life Financial to carry out research towards the development of these tools using expertise in machine learning, human factors, and data visualization and user interface design. We will begin by developing a kind of dictionary of the kinds of events and transactions that occur on the organization servers. We will then develop methods for detecting unusual events with the assistance of domain experts at Sun Life. Methods will then be developed to screen which unusual events are more likely to be associated with data theft attempts.