Welcome to the InfoSci Platform
Reference Hub8
An Insider Threat Detection Method Based on Business Process Mining

An Insider Threat Detection Method Based on Business Process Mining

Taiming Zhu, Yuanbo Guo, Ankang Ju, Jun Ma, Xuan Wang
Copyright: © 2017 |Volume: 13 |Issue: 2 |Pages: 16
ISSN: 1548-0631|EISSN: 1548-064X|EISBN13: 9781522511403|DOI: 10.4018/ijbdcn.2017070107
Cite Article Cite Article

MLA

Zhu, Taiming, et al. "An Insider Threat Detection Method Based on Business Process Mining." IJBDCN vol.13, no.2 2017: pp.83-98. http://doi.org/10.4018/ijbdcn.2017070107

APA

Zhu, T., Guo, Y., Ju, A., Ma, J., & Wang, X. (2017). An Insider Threat Detection Method Based on Business Process Mining. International Journal of Business Data Communications and Networking (IJBDCN), 13(2), 83-98. http://doi.org/10.4018/ijbdcn.2017070107

Chicago

Zhu, Taiming, et al. "An Insider Threat Detection Method Based on Business Process Mining," International Journal of Business Data Communications and Networking (IJBDCN) 13, no.2: 83-98. http://doi.org/10.4018/ijbdcn.2017070107

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Current intrusion detection systems are mostly for detecting external attacks, but the “Prism Door” and other similar events indicate that internal staff may bring greater harm to organizations in information security. Traditional insider threat detection methods only consider the audit records of personal behavior and failed to combine it with business activities, which may miss the insider threat happened during a business process. The authors consider operators' behavior and correctness and performance of the business activities, propose a business process mining based insider threat detection system. The system firstly establishes the normal profiles of business activities and the operators by mining the business log, and then detects specific anomalies by comparing the content of real-time log with the corresponding normal profile in order to find out the insiders and the threats they have brought. The relating anomalies are defined and the corresponding detection algorithms are presented. The authors have performed experimentation using the ProM framework and Java programming, with five synthetic business cases, and found that the system can effectively identify anomalies of both operators and business activities that may be indicative of potential insider threat.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.