MACÁK, Martin, Ivan VANÁT, Michal MERJAVÝ, Tomáš JEVOČIN and Barbora BÜHNOVÁ. Towards Process Mining Utilization in Insider Threat Detection from Audit Logs. Online. In 2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS). New York: IEEE, 2020, p. 250-255. ISBN 978-0-7381-1180-3. Available from: https://dx.doi.org/10.1109/SNAMS52053.2020.9336573.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Towards Process Mining Utilization in Insider Threat Detection from Audit Logs
Authors MACÁK, Martin (703 Slovakia, belonging to the institution), Ivan VANÁT (703 Slovakia, belonging to the institution), Michal MERJAVÝ (703 Slovakia, belonging to the institution), Tomáš JEVOČIN (703 Slovakia, belonging to the institution) and Barbora BÜHNOVÁ (203 Czech Republic, belonging to the institution).
Edition New York, 2020 Seventh International Conference on Social Networks Analysis, Management and Security (SNAMS), p. 250-255, 6 pp. 2020.
Publisher IEEE
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 10201 Computer sciences, information science, bioinformatics
Country of publisher United States of America
Confidentiality degree is not subject to a state or trade secret
Publication form electronic version available online
WWW URL
RIV identification code RIV/00216224:14610/20:00117080
Organization unit Institute of Computer Science
ISBN 978-0-7381-1180-3
Doi http://dx.doi.org/10.1109/SNAMS52053.2020.9336573
UT WoS 000815064600037
Keywords in English process mining; insider threat; audit log
Tags firank_B, rivok
Tags International impact, Reviewed
Changed by Changed by: Mgr. Alena Mokrá, učo 362754. Changed: 30/3/2023 16:09.
Abstract
Nowadays, insider threats are one of the most significant cybersecurity threats. They are much more difficult to detect than external threats since insiders are authorized employees with legitimate access to the organization's resources. Malicious insider knows the organization and can act inconspicuously. Furthermore, threats do not even have to be intentional. Therefore, there can be a complicated background of malicious insider behavior, making it challenging to react adequately to these threats. In this paper, we propose to utilize process mining for insider threat detection using the organization's audit logs. We present the three different types of process mining utilization for insider threat detection from audit logs and discuss their usefulness, namely visual analysis, conformance checking, and declarative conformance checking. Lastly, we give recommendations for future work in this area based on our experience.
Links
EF16_013/0001802, research and development projectName: CERIT Scientific Cloud
MUNI/A/1411/2019, interní kód MUName: Aplikovaný výzkum: softwarové architektury kritických infrastruktur, bezpečnost počítačových systémů, zpracování přirozeného jazyka a jazykové inženýrství, vizualizaci velkých dat a rozšířená realita.
Investor: Masaryk University, Category A
PrintDisplayed: 18/7/2024 12:32