Title: Process Mining Framework for Insider Attack Detection

Abstract: Insider attacks are currently one of the most critical challenges to cybersecurity in organizations. Specifically, in critical infrastructures, these attacks can cause tremendous harm to properties, injuries, or lives. They are hard to detect because an insider is a person who knows the organization and its processes, which allows them to act inconspicuously, avoiding the known detection mechanisms. Process mining is used to analyze behavior based on event data and is a promising candidate for improving the detection of insider attacks in organizations. However, guidelines on how to utilize process mining for this purpose are currently missing. To bridge the gap, this presentation presents a framework for insider attack detection that can guide the application of process mining in organizations for this very purpose.