When an individual is working on a project, they can store all of the relevant files on their own computing device or in a personal data repository. When an organization is carrying out a project that involves numerous individuals, it is significantly more practical to store files in a shared data repository that is accessible by a large number of users operating many different computing devices. However, just because an organization wishes files for a project or projects to be accessible to a large number of individuals doesn't mean that every user is expected to access every file in the normal course of operations. In some cases, individuals or groups trying to commit corporate espionage may attempt to view or copy files from an organization's shared data repository. It is important for organizations to have some means of identifying suspicious patterns of data access in a shared data repository that may indicate data prospecting for purposes of corporate espionage.
Unfortunately, traditional systems for shared data repositories may have no mechanisms in place to detect anomalous file access behavior. While some traditional systems for shared data repositories may track which files are accessed by each user, these systems may not organize the file access records in any way that would allow an analyst to easily identify anomalous behavior. The instant disclosure, therefore, identifies and addresses a need for systems and methods for detecting anomalous behavior in shared data repositories.