This paper introduces a Business Process Mining Based Insider Threat Detection System. The system firstly establishes the normal profiles of business activities and the operators by mining event logs, and then detects specific anomalies by comparing the content and the order of execution logs with the corresponding normal profile in order to find out the insiders and the threats they have brought. The anomalies concerned are defined and the corresponding detection algorithms are presented. We have performed experimentation using the ProM framework and Java programming with five synthetic business cases, and found that the system can effectively identify anomalies of both operators and business activities that may be indicative of potential insider threat.
CITATION STYLE
Zhu, T., Guo, Y., Ma, J., & Ju, A. (2017). Business process mining based insider threat detection system. In Lecture Notes on Data Engineering and Communications Technologies (Vol. 1, pp. 467–478). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-319-49109-7_44
Mendeley helps you to discover research relevant for your work.