Advanced Classification Lists (Dirty Word Lists) for Automatic Security Classification

With the increasing risk of data leakage, information guards have emerged as a novel concept in the field of security which bears similarity to spam filter that examine the content of the exchanged messages. A guard is defined as a high-assurance device used to control the information flow, typically from a domain with a "high" level of confidentiality, such as a corporate or military network, to a domain with a "low" level, such as the Internet or a network of a subcontractor. It often uses simple classification lists (a.k.a. "Dirty Word Lists") to automatically assess the security classification (e.g. "Public" vs "Confidential") of information objects, such as documents or text messages. The object is released into the "low" domain, only if the policy allows for information objects of that classification level to be released. Otherwise, it will be blocked and possibly quarantined for human inspection and intervention. The classification lists today are usually simple and configured manually. This paper demonstrates the use of machine learning to create more advanced classification lists automatically. A major obstacle for machine learning to be used is that they would create long lists that are difficult to inspect, analyze and control by humans. In addition, some of the most efficient machine learning techniques, particularly SVM and Neural Networks, are "black-box" classifiers, meaning that they do not posses an explanatory nature. In this paper, we explore the use of massive/strict dimensionality reduction in order to create a sparse solution that results in a brief classification list that is easier for humans to analyze.