Why and Where: A Characterization of Data Provenance
ICDT '01 Proceedings of the 8th International Conference on Database Theory
Role mining - revealing business roles for security administration using data mining technology
Proceedings of the eighth ACM symposium on Access control models and technologies
Workflow mining: a survey of issues and approaches
Data & Knowledge Engineering
Proceedings of the tenth ACM symposium on Access control models and technologies
Proceedings of the 44th annual Southeast regional conference
Business process mining: An industrial application
Information Systems
Challenging the anomaly detection paradigm: a provocative discussion
NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Topic and role discovery in social networks with experiments on enron and academic email
Journal of Artificial Intelligence Research
Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance
Electronic Notes in Theoretical Computer Science (ENTCS)
Intelligent email: aiding users with ai
Intelligent email: aiding users with ai
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Proceedings of the 2010 workshop on New security paradigms
Process Mining: Discovery, Conformance and Enhancement of Business Processes
Process Mining: Discovery, Conformance and Enhancement of Business Processes
A Survey of Data Leakage Detection and Prevention Solutions
A Survey of Data Leakage Detection and Prevention Solutions
On the exploitation of process mining for security audits: the conformance checking case
Proceedings of the 27th Annual ACM Symposium on Applied Computing
A comprehensive gold standard for the Enron organizational hierarchy
ACL '12 Proceedings of the 50th Annual Meeting of the Association for Computational Linguistics: Short Papers - Volume 2
Role Mining with Probabilistic Models
ACM Transactions on Information and System Security (TISSEC)
Hi-index | 0.00 |
Traditionally, insider threat detection has focused on observing human actors -- or, more precisely, computer accounts and processes acting on behalf of those actors -- to model their "normal" behavior, then determine if they have performed some anomalous action and, further, if that action is malicious. In this paper, we shift the paradigm from observing human behavior to observing information behavior by modeling how documents flow through an organization. We hypothesize that similar types of documents will exhibit similar workflows, and that a document deviating from its expected workflow indicates potential data leakage.