Mining for insider threats in business transactions and processes

Author

Eberle, William ; Holder, Lawrence

Author_Institution

Dept. of Comput. Sci., Tennessee Technol. Univ., Cookeville, TN

fYear

2009

fDate

March 30 2009-April 2 2009

Firstpage

163

Lastpage

170

Abstract

Protecting and securing sensitive information are critical challenges for businesses. Deliberate and intended actions such as malicious exploitation, theft or destruction of data, are not only harmful and difficult to detect, but frequently these threats are propagated by an insider. Unfortunately, current efforts to identify unauthorized access to information such as what is found in document control and management systems are limited in scope and capabilities. This paper presents an approach to detecting anomalies in business transactions and processes using a graph representation. In our graph-based anomaly detection (GBAD) approach, anomalous instances of structural patterns are discovered in data that represent entities, relationships and actions. A definition of graph-based anomalies and a brief description of the GBAD algorithms are presented, followed by empirical results using a discrete-event simulation of real-world business transactions and processes.

Keywords

authorisation; business data processing; data mining; graph theory; transaction processing; GBAD algorithm; business transaction process; data mining; graph-based anomaly detection; malicious exploitation; securing sensitive information; unauthorized access; Communication system security; Companies; Computer science; Control systems; Data analysis; Data mining; Data security; Pattern matching; Protection; Terrorism;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Intelligence and Data Mining, 2009. CIDM '09. IEEE Symposium on

Conference_Location

Nashville, TN

Print_ISBN

978-1-4244-2765-9

Type

conf

DOI

10.1109/CIDM.2009.4938645

Filename

4938645