1. Field of the Disclosure
The present disclosure relates to a method and an apparatus for detecting an anomaly based on behavior-analysis. More specifically, the present disclosure relates to a method for detecting internal information leakage in a company or the like by monitoring users' behaviors of using documents to detect a behavior in a pattern different from the past pattern of the behavior, and an apparatus perform the method.
2. Description of the Related Art
“Another attempt to leak the core semiconductor technology of Company A. How did he break through the thorough security system?”, which is an excerpt from the headline of a news article on Sep. 25, 2016. The article says that the executive with the surname Lee, who was in charge of quality control at Company A, was caught by security attempting to leave the company compounds with 14 copied documents that covered technology data on the nano processing
An additional security solution is installed in the mobile device of every executives of Company A. Accordingly, as they pass through the security devices at the office, the features of taking pictures, Bluetooth and Wi-Fi are automatically turned off. In addition, an electronic detector and an X-ray scanner are installed in the security devices, so no one can carry out a USB or external hard disk with permission.
According to the article, the executive seems to have carried out the confidential data little by little in the form of documents. Actually, thousands of documents were found at his home after searching by Company A. This attempt was based on the idea that electronic devices such as smart phones and storage devices are mainly monitored at the security devices, which is a security hole.
It is believed that by patterning the executive's ordinary behavior and monitoring it, it was possible to detect the increased number of behavior of “printing” documents by him as an anomaly, to thereby prevent his technology leak in the form of documents.
Therefore, what is required is a method for monitoring a behavior of leaking internal information in a company or the like by analyzing users' behavior/activities of using files, so as to detect the behavior of leaking.