Despite a technology bias that focuses on external electronic threats, insiders pose the greatest threat to an organisation. This paper discusses an approach to assist investigators in identifying potential insider threats. We discern employees' interests from e-mail using an extended version of PLSI. These interests are transformed into implicit and explicit social network graphs, which are used to locate potential insiders by identifying individuals who feel alienated from the organisation or have a hidden interest in a sensitive topic. By applying this technique to the Enron e-mail corpus, a small number of employees appear as potential insider threats.
International Journal of Security and Networks
Okolica, J. S., Peterson, G. L., & Mills, R. F. (2008). Using PLSI-U to detect insider threats by datamining e-mail. International Journal of Security and Networks, 3(2), 114. https://doi.org/10.1504/IJSN.2008.017224