Towards Process Mining Utilization in Insider Threat Detection from Audit Logs
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F20%3A00117080" target="_blank" >RIV/00216224:14610/20:00117080 - isvavai.cz</a>
Result on the web
<a href="https://ieeexplore.ieee.org/document/9336573" target="_blank" >https://ieeexplore.ieee.org/document/9336573</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1109/SNAMS52053.2020.9336573" target="_blank" >10.1109/SNAMS52053.2020.9336573</a>
Alternative languages
Result language
angličtina
Original language name
Towards Process Mining Utilization in Insider Threat Detection from Audit Logs
Original language description
Nowadays, insider threats are one of the most significant cybersecurity threats. They are much more difficult to detect than external threats since insiders are authorized employees with legitimate access to the organization's resources. Malicious insider knows the organization and can act inconspicuously. Furthermore, threats do not even have to be intentional. Therefore, there can be a complicated background of malicious insider behavior, making it challenging to react adequately to these threats. In this paper, we propose to utilize process mining for insider threat detection using the organization's audit logs. We present the three different types of process mining utilization for insider threat detection from audit logs and discuss their usefulness, namely visual analysis, conformance checking, and declarative conformance checking. Lastly, we give recommendations for future work in this area based on our experience.
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
<a href="/en/project/EF16_013%2F0001802" target="_blank" >EF16_013/0001802: CERIT Scientific Cloud</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach
Others
Publication year
2020
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS)
ISBN
9780738111803
ISSN
—
e-ISSN
—
Number of pages
6
Pages from-to
250-255
Publisher name
IEEE
Place of publication
New York
Event location
Paris, France
Event date
Jan 1, 2020
Type of event by nationality
WRD - Celosvětová akce
UT code for WoS article
—