All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Towards Process Mining Utilization in Insider Threat Detection from Audit Logs

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F20%3A00117080" target="_blank" >RIV/00216224:14610/20:00117080 - isvavai.cz</a>

  • Result on the web

    <a href="https://ieeexplore.ieee.org/document/9336573" target="_blank" >https://ieeexplore.ieee.org/document/9336573</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1109/SNAMS52053.2020.9336573" target="_blank" >10.1109/SNAMS52053.2020.9336573</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Towards Process Mining Utilization in Insider Threat Detection from Audit Logs

  • Original language description

    Nowadays, insider threats are one of the most significant cybersecurity threats. They are much more difficult to detect than external threats since insiders are authorized employees with legitimate access to the organization's resources. Malicious insider knows the organization and can act inconspicuously. Furthermore, threats do not even have to be intentional. Therefore, there can be a complicated background of malicious insider behavior, making it challenging to react adequately to these threats. In this paper, we propose to utilize process mining for insider threat detection using the organization's audit logs. We present the three different types of process mining utilization for insider threat detection from audit logs and discuss their usefulness, namely visual analysis, conformance checking, and declarative conformance checking. Lastly, we give recommendations for future work in this area based on our experience.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/EF16_013%2F0001802" target="_blank" >EF16_013/0001802: CERIT Scientific Cloud</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2020

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS)

  • ISBN

    9780738111803

  • ISSN

  • e-ISSN

  • Number of pages

    6

  • Pages from-to

    250-255

  • Publisher name

    IEEE

  • Place of publication

    New York

  • Event location

    Paris, France

  • Event date

    Jan 1, 2020

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

Scenarios for Process-Aware Insider Attack Detection in ManufacturingCopAS: A Big Data Forensic Analytics SystemLearning Detector of Malicious Network Traffic from Weak Labels