Towards Process Mining Utilization in Insider Threat Detection from Audit Logs
| Autor: | Ivan Vanat, Tomas Jevocin, Michal Merjavy, Martin Macak, Barbora Buhnova |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
Computer science
Process mining Insider threat 02 engineering and technology Audit Computer security computer.software_genre Conformance checking Insider ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS Work (electrical) Audit trail 020204 information systems 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Conformance testing computer |
| Zdroj: | SNAMS |
| DOI: | 10.1109/snams52053.2020.9336573 |
| Popis: | Nowadays, insider threats are one of the most significant cybersecurity threats. They are much more difficult to detect than external threats since insiders are authorized employees with legitimate access to the organization's resources. Malicious insider knows the organization and can act inconspicuously. Furthermore, threats do not even have to be intentional. Therefore, there can be a complicated background of malicious insider behavior, making it challenging to react adequately to these threats. In this paper, we propose to utilize process mining for insider threat detection using the organization's audit logs. We present the three different types of process mining utilization for insider threat detection from audit logs and discuss their usefulness, namely visual analysis, conformance checking, and declarative conformance checking. Lastly, we give recommendations for future work in this area based on our experience. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|