Towards Process Mining Utilization in Insider Threat Detection from Audit Logs

Investor logo

Warning

This publication doesn't include Faculty of Arts. It includes Institute of Computer Science. Official publication website can be found on muni.cz.
Authors

MACÁK Martin VANÁT Ivan MERJAVÝ Michal JEVOČIN Tomáš BÜHNOVÁ Barbora

Year of publication 2020
Type Article in Proceedings
Conference 2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS)
MU Faculty or unit

Institute of Computer Science

Citation
web https://ieeexplore.ieee.org/document/9336573
Doi http://dx.doi.org/10.1109/SNAMS52053.2020.9336573
Keywords process mining; insider threat; audit log
Description Nowadays, insider threats are one of the most significant cybersecurity threats. They are much more difficult to detect than external threats since insiders are authorized employees with legitimate access to the organization's resources. Malicious insider knows the organization and can act inconspicuously. Furthermore, threats do not even have to be intentional. Therefore, there can be a complicated background of malicious insider behavior, making it challenging to react adequately to these threats. In this paper, we propose to utilize process mining for insider threat detection using the organization's audit logs. We present the three different types of process mining utilization for insider threat detection from audit logs and discuss their usefulness, namely visual analysis, conformance checking, and declarative conformance checking. Lastly, we give recommendations for future work in this area based on our experience.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.