An Interactive Dashboard for Human-AI Detection of Anomalous Employee Accounts at Risk of Data Exfiltration

Confidential data is one of the most precious assets large organizations can have and data theft can be embarrassing and costly. In this research we will carry out innovative research on detecting employee accounts that are exhibiting risky behaviour that may lead to leakage of data, whether carelessly or through malicious intent. It is difficult to protect against careless actions of employees, or malicious people masquerading as employees. Machine Learning (ML) models have been used to make identification of anomalous data transfers more efficient. However, ML models are typically trained through supervised learning and require training with accurately assigned labels. In our past research with Sun Life we have focused on accurately labeled single events such as USB transfers and emails containing attachments and have shown that techniques such as visualization and Active Learning (AL) can be helpful. Active learning is an approach where human experts label the instances (e.g., email messages) that the machine finds hard to label. In this project we will take the next step of labelling employee accounts (rather than USB transfers, or emails) as potentially unusual (and possibly dangerous), based on more extensive analysis of the available data.

Faculty Supervisor:

Mark Chignell

Student:

Partner:

Sun Life Financial

Discipline:

Engineering

Sector:

Finance and Insurance

University:

University of Toronto

Program: