Exploring bad behaviors from email logs

Abstract

Human is the weakest factor in organization security and is always the target of attackers. Attackers find vulnerability of human cause by his/her bad behaviors and exploit it. Organization shall proactively detect those bad behaviors and prevent it on the first hand. This paper studied employees with bad habit of sending of corporate file(s) to public email addresses that are not allowed by the organization. By using email log as a source to generate social network graph and collect 2 types of out- degree of each node, regular out-degree and out-degree to “not allowed” public email addresses. We analyze correlation of these 2 numbers and found that people with bad habit tend to send mail to public email addresses when they have to send file outside the company. The result of this paper gave us parameters to calculate risk score for further study using the integration of Social Network-Attack Graph (SN-AG) analysis approach.