Business process mining based insider threat detection system

Tai-ming ZHU; Yuan-bo GUO; An-kang JU; Jun MA

Tongxin xuebao (Oct 2016)

Business process mining based insider threat detection system

Tai-ming ZHU,
Yuan-bo GUO,
An-kang JU,
Jun MA

Affiliations

Tai-ming ZHU
Yuan-bo GUO
An-kang JU
Jun MA

Journal volume & issue: Vol. 37
pp. 180 – 188

Abstract

Read online

Current intrusion detection systems are mostly for detecting external attacks,but sometimes the internal staff may bring greater harm to organizations in information security.Traditional insider threat detection methods of-ten do not combine the behavior of people with business activities,making the threat detection rate to be improved.An insider threat detection system based on business process mining from two aspects was proposed,the implementation of insider threats and the impact of threats on system services.Firstly,the normal control flow model of business ac-tivities and the normal behavior profile of each operator were established by mining the training log.Then,the actual behavior of the operators was compared with the pre-established normal behavior contours during the operation of the system,which was supplemented by control flow anomaly detection and performance anomaly detection of business processes,in order to discover insider threats.A variety of anomalies were defined and the corresponding detection algorithms were given.Experiments were performed on the ProM platform.The results show the designed system is effective.

insider threat;process mining;behavior profile;anomaly detection

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords