Title: Using PLSI-U to detect insider threats by datamining e-mail

 

Author: J.S. Okolica, G.L. Peterson, R.F. Mills

 

Address: Air Force Institute of Technology, AFIT/ENG, BLDG 641 RM 220, 2950 Hobson Way, Wright Patterson AFB, OH 45433-7765, USA. ' Air Force Institute of Technology, AFIT/ENG, BLDG 641 RM 220, 2950 Hobson Way, Wright Patterson AFB, OH 45433-7765, USA. ' Air Force Institute of Technology, AFIT/ENG, BLDG 641 RM 220, 2950 Hobson Way, Wright Patterson AFB, OH 45433-7765, USA

 

Journal: Int. J. of Security and Networks, 2008 Vol.3, No.2, pp.114 - 121

 

Abstract: Despite a technology bias that focuses on external electronic threats, insiders pose the greatest threat to an organisation. This paper discusses an approach to assist investigators in identifying potential insider threats. We discern employees' interests from e-mail using an extended version of PLSI. These interests are transformed into implicit and explicit social network graphs, which are used to locate potential insiders by identifying individuals who feel alienated from the organisation or have a hidden interest in a sensitive topic. By applying this technique to the Enron e-mail corpus, a small number of employees appear as potential insider threats.

 

Keywords: probabilistic latent semantic indexing; PLSI; insider threats; data mining; social networks; large datasets; emails; alienation; sensitive information; security; insider attacks.

 

DOI: 10.1504/IJSN.2008.017224

10.1504/08.17224

 

 

Purchase this articleComment on this article