Abstract
This paper introduces a Business Process Mining Based Insider Threat Detection System. The system firstly establishes the normal profiles of business activities and the operators by mining event logs, and then detects specific anomalies by comparing the content and the order of execution logs with the corresponding normal profile in order to find out the insiders and the threats they have brought. The anomalies concerned are defined and the corresponding detection algorithms are presented. We have performed experimentation using the ProM framework and Java programming with five synthetic business cases, and found that the system can effectively identify anomalies of both operators and business activities that may be indicative of potential insider threat.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson R H, Bozek T, Longstaff T, et al. Research on mitigating the insider threat to information systems-# 2. RAND NATIONAL DEFENSE RESEARCH INST SANTA MONICA CA(2000).
Spitzner L. Honeypots: Catching the insider threat. Computer Security Applications Conference, 2003. Proceedings. 19th Annual. IEEE. (2003) 170-179.
Hu N, Bradford P G, Liu J. Applying role based access control and genetic algorithms to insider threat detection. Proceedings of the 44th annual Southeast regional conference. ACM (2006) 790-791.
Bishop M, Engle S, Peisert S, et al. We have met the enemy and he is us. /Proceedings of the 2008 workshop on New security paradigms. ACM (2009) 1-12.
Greitzer F L, Frincke D A. Combining traditional cyber security audit data with psychosocial data: towards predictive modeling for insider threat mitigation. Insider Threats in Cyber Security. Springer US (2010) 85-113.
Brdiczka O, Liu J, Price B, et al. Proactive insider threat detection through graph learning and psychological context. Security and Privacy Workshops (SPW), 2012 IEEE Symposium on. IEEE (2012) 142-149.
Parveen P, Evans J, Thuraisingham B, et al. Insider threat detection using stream mining and graph mining. Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third Inernational Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on. IEEE (2011) 1102-1110.
Parveen P, Thuraisingham B. Unsupervised incremental sequence learning for insider threat detection. Intelligence and Security Informatics (ISI), 2012 IEEE International Conference on. IEEE (2012) 141-143.
Van der Aalst W M P, de Medeiros A K A. Process mining and security: Detecting anomalous process executions and checking process conformance. Electronic Notes in Theoretical Computer Science (2005) 121: 3-21.
Van der Aalst W, Weijters T, Maruster L. Workflow mining: Discovering process models from event logs. Knowledge and Data Engineering, IEEE Transactions on (2004) 16(9): 1128-1142.
Wen L, Wang J, Sun J. Detecting implicit dependencies between tasks from event log. Frontiers of WWW Research and Development-APWeb 2006 (2006) 591-603.
De Medeiros A K A, Weijters A. Genetic process mining. Applications and Theory of Petri Nets 2005, volume 3536 of Lecture Notes in Computer Science (2005)
Van der Aalst W M P, van Dongen B F, Günther C W, et al. ProM: The Process Mining Toolkit. BPM (Demos) (2009) 489: 31.
Burattin A, Sperduti A. PLG: A Framework for the Generation of Business Process Models and Their Execution Logs. Business Process Management Workshops. Springer Berlin Heidelberg (2011) 214-219.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Zhu, T., Guo, Y., Ma, J., Ju, A. (2017). Business Process Mining based Insider Threat Detection System. In: Xhafa, F., Barolli, L., Amato, F. (eds) Advances on P2P, Parallel, Grid, Cloud and Internet Computing. 3PGCIC 2016. Lecture Notes on Data Engineering and Communications Technologies, vol 1. Springer, Cham. https://doi.org/10.1007/978-3-319-49109-7_44
Download citation
DOI: https://doi.org/10.1007/978-3-319-49109-7_44
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49108-0
Online ISBN: 978-3-319-49109-7
eBook Packages: EngineeringEngineering (R0)