10.1016/j.diin.2007.10.002">
 

Document Type

Article

Publication Date

9-2007

Abstract

One means of preventing insider theft is by stopping potential insiders from becoming actual thieves. This article discusses an approach to assist managers in identifying potential insider threats. By using the Author Topic [Rosen-Zvi Michal, Griffiths Thomas, Steyvers Mark, Smyth Padhraic. The author-topic model for authors and documents. In: Proceedings of the 20th conference on uncertainty in artificial intelligence; 2004. p. 487–94.] clustering algorithm, we discern employees' interests from their daily emails. These interests then provide a means to create an implicit and an explicit social network graph. This approach locates potential insiders by finding individuals who either (1) feel alienated from the organization (a key warning sign of a possible disgruntled worker) or (2) have a hidden interest in a sensitive (e.g. proprietary or classified) topic. In both cases, this is revealed when someone demonstrates an interest in a topic but does not share that interest with anyone in the organization. By applying this technique to the Enron email corpus, we produce coherent, sensible topics and reveal Sherron Watkins, the famous Enron whistleblower, as a potential insider threat from the viewpoint of the individuals behind the Enron scandal.

Comments

AFIT Scholar furnishes the draft version of this article. The published version of record appears in Digital Investigation and is available by subscription through the DOI link in the citation below.

The authors presented a related conference paper in the IEEE International Conference on Intelligence and Security Informatics, ISI 2006 proceedings.

Source Publication

Digital Investigation

Download

Share

COinS