Title: Using PLSI-U to detect insider threats by datamining e-mail

Authors: J.S. Okolica, G.L. Peterson, R.F. Mills

Addresses: Air Force Institute of Technology, AFIT/ENG, BLDG 641 RM 220, 2950 Hobson Way, Wright Patterson AFB, OH 45433-7765, USA. ' Air Force Institute of Technology, AFIT/ENG, BLDG 641 RM 220, 2950 Hobson Way, Wright Patterson AFB, OH 45433-7765, USA. ' Air Force Institute of Technology, AFIT/ENG, BLDG 641 RM 220, 2950 Hobson Way, Wright Patterson AFB, OH 45433-7765, USA

Abstract: Despite a technology bias that focuses on external electronic threats, insiders pose the greatest threat to an organisation. This paper discusses an approach to assist investigators in identifying potential insider threats. We discern employees| interests from e-mail using an extended version of PLSI. These interests are transformed into implicit and explicit social network graphs, which are used to locate potential insiders by identifying individuals who feel alienated from the organisation or have a hidden interest in a sensitive topic. By applying this technique to the Enron e-mail corpus, a small number of employees appear as potential insider threats.

Keywords: probabilistic latent semantic indexing; PLSI; insider threats; data mining; social networks; large datasets; emails; alienation; sensitive information; security; insider attacks.

DOI: 10.1504/IJSN.2008.017224

International Journal of Security and Networks, 2008 Vol.3 No.2, pp.114 - 121

Published online: 19 Feb 2008 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article