Software Source to Spot Potential for Cyber Attack

A University of Huddersfield researcher has developed free downloadable software that can to help companies fight a growing form of cyber threat.

Creeper – developed by Dr Simon Parkinson – combats the problem dubbed “permissions creep”, which can happen when employees accrue and retain increasing numbers of permissions to gain access to a firm or organisation’s file systems and directories, where they can then open, read and modify documents and data.

Permissions that are no longer relevant to a person’s job might never be revoked and this increases the vulnerability of computer networks, said Dr Parkinson, who is Senior Lecturer in Computer Science, with a speciality in cyber security.

“It is not necessarily a security threat,” he added. “If a person has got an elevated permission level and they are very careful, then it is not really a problem, but it does mean that if they have unwittingly installed some malware or ransomware then there is potential for it to gain access to more information.”

The open source software uses machine learning to autonomously detect whether a user’s permissions are consistent with those of other users, or if they are irregular and warrant further investigation.

“Creeper is able to calculate a benchmark level of what it thinks is normal and then it is able to look for outliers that don’t match that model,” said Dr Parkinson. He developed the software after being awarded a £25,000 Researcher in Residence programme at the Bradford-based Digital Catapult Centre Yorkshire, which is backed by Government funding body Innovate UK.

The importance of managing permissions and privileges is one of the 10 Steps to Cyber Security that have been issued by the Government to coincide with the General Data Protection Regulation (GDPR) that replaces the Data Protection Act in May. Fines for data breach could be stiffer under the GDPR, said Dr Parkinson, and this makes the development of the Creeper tool especially timely.