Title :
Mining for insider threats in business transactions and processes
Author :
Eberle, William ; Holder, Lawrence
Author_Institution :
Dept. of Comput. Sci., Tennessee Technol. Univ., Cookeville, TN
fDate :
March 30 2009-April 2 2009
Abstract :
Protecting and securing sensitive information are critical challenges for businesses. Deliberate and intended actions such as malicious exploitation, theft or destruction of data, are not only harmful and difficult to detect, but frequently these threats are propagated by an insider. Unfortunately, current efforts to identify unauthorized access to information such as what is found in document control and management systems are limited in scope and capabilities. This paper presents an approach to detecting anomalies in business transactions and processes using a graph representation. In our graph-based anomaly detection (GBAD) approach, anomalous instances of structural patterns are discovered in data that represent entities, relationships and actions. A definition of graph-based anomalies and a brief description of the GBAD algorithms are presented, followed by empirical results using a discrete-event simulation of real-world business transactions and processes.
Keywords :
authorisation; business data processing; data mining; graph theory; transaction processing; GBAD algorithm; business transaction process; data mining; graph-based anomaly detection; malicious exploitation; securing sensitive information; unauthorized access; Communication system security; Companies; Computer science; Control systems; Data analysis; Data mining; Data security; Pattern matching; Protection; Terrorism;
Conference_Titel :
Computational Intelligence and Data Mining, 2009. CIDM '09. IEEE Symposium on
Conference_Location :
Nashville, TN
Print_ISBN :
978-1-4244-2765-9
DOI :
10.1109/CIDM.2009.4938645
