Using PLSI-U to Detect Insider Threats from Email Traffic
Document Type
Conference Proceeding
Publication Date
2006
Abstract
Despite a technology bias that focuses on external electronic threats, insiders pose the greatest threat to commercial and government organizations. Once information on a specific topic has gone missing, being able to quickly determine who has shown an interest in that topic can allow investigators to focus their attention. Even more promising is when individuals can be found who have an interest in the topic but who have never communicated that interest within the organization. An employee’s interests can be discerned by data mining corporate email correspondence. These interests can be used to construct social networks that graphically expose investigative leads. This paper describes the use of Probabilistic Latent Semantic Indexing (PLSI) [4] extended to include users (PLSI-U) to determine topics that are of interest to employees from their email activity. It then applies PLSI-U to the Enron email corpus and finds a small number of employees (0.02%) who appear to have had clandestine interests.
DOI
https://doi.org/10.1007/0-387-36891-4_8
Source Publication
Advances in Digital Forensics II
Recommended Citation
Okolica, J., Peterson, G., Mills, R. (2006). Using PLSI-U To Detect Insider Threats from Email Traffic. In: Olivier, M.S., Shenoi, S. (eds) Advances in Digital Forensics II. DigitalForensics 2006. IFIP Advances in Information and Communication, vol 222. Springer, Boston, MA, pp. 91-104. https://doi.org/10.1007/0-387-36891-4_8
Comments
© 2006 IFIP International Federation for Information Processing
The "Link to Full Text" on this page opens the article hosted through the SpringerNature SharedIt content sharing initiative. It is available for download.
A similar article was published in the International Journal of Security and Networks (2008) and is available from AFIT Scholar here.