Towards Process Mining Utilization in Insider Threat Detection from Audit Logs

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F20%3A00117080" target="_blank" >RIV/00216224:14610/20:00117080 - isvavai.cz</a>

Výsledek na webu

<a href="https://ieeexplore.ieee.org/document/9336573" target="_blank" >https://ieeexplore.ieee.org/document/9336573</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/SNAMS52053.2020.9336573" target="_blank" >10.1109/SNAMS52053.2020.9336573</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Towards Process Mining Utilization in Insider Threat Detection from Audit Logs

Popis výsledku v původním jazyce

Nowadays, insider threats are one of the most significant cybersecurity threats. They are much more difficult to detect than external threats since insiders are authorized employees with legitimate access to the organization's resources. Malicious insider knows the organization and can act inconspicuously. Furthermore, threats do not even have to be intentional. Therefore, there can be a complicated background of malicious insider behavior, making it challenging to react adequately to these threats. In this paper, we propose to utilize process mining for insider threat detection using the organization's audit logs. We present the three different types of process mining utilization for insider threat detection from audit logs and discuss their usefulness, namely visual analysis, conformance checking, and declarative conformance checking. Lastly, we give recommendations for future work in this area based on our experience.

Název v anglickém jazyce

Towards Process Mining Utilization in Insider Threat Detection from Audit Logs

Popis výsledku anglicky

Nowadays, insider threats are one of the most significant cybersecurity threats. They are much more difficult to detect than external threats since insiders are authorized employees with legitimate access to the organization's resources. Malicious insider knows the organization and can act inconspicuously. Furthermore, threats do not even have to be intentional. Therefore, there can be a complicated background of malicious insider behavior, making it challenging to react adequately to these threats. In this paper, we propose to utilize process mining for insider threat detection using the organization's audit logs. We present the three different types of process mining utilization for insider threat detection from audit logs and discuss their usefulness, namely visual analysis, conformance checking, and declarative conformance checking. Lastly, we give recommendations for future work in this area based on our experience.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/EF16_013%2F0001802" target="_blank" >EF16_013/0001802: CERIT Scientific Cloud</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2020

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS)

ISBN

9780738111803

ISSN

—

e-ISSN

—

Počet stran výsledku

6

Strana od-do

250-255

Název nakladatele

IEEE

Místo vydání

New York

Místo konání akce

Paris, France

Datum konání akce

1. 1. 2020

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—