Time Based Graph Mining to Detect Insider Threats
AbstractInsider threats such as sabotage, theft, espionage, fraud and competitive advantage are accomplished by abusing access to the organization's network, system or data, theft of materials and mishandling of physical devices. This kind of threat negatively affects the confidentiality, integrity or availability of the organization's information or information system. In this paper, we try to identify anomalous insider activity which can be malicious in the email communication of the organization. We use graph mining to identify these anomalous instances. Our approach incorporates the time element to the analysis process to identify anomalous instances. In this paper, we discuss about the dataset being used for the experiments. We also discuss about data preprocessing approaches being used, experimental setup and the results obtained from the experiments.