Efficient Generation of Social Network Data from Computer-Mediated Communication Logs

Abstract

The insider threat poses a significant risk to any network or information system. A general definition of the insider threat is an authorized user performing unauthorized actions, a broad definition with no specifications on severity or action. While limited research has been able to classify and detect insider threats, it is generally understood that insider attacks are planned, and that there is a time period in which the organization's leadership can intervene and prevent the attack. Previous studies have shown that the person's behavior will generally change, and it is possible that social network analysis could be used to observe those changes. Unfortunately, generation of social network data can be a time consuming and manually intensive process. This research discusses the automatic generation of such data from computer-mediated communication records. Using the tools developed in this research, raw social network data can be gathered from communication logs quickly and cheaply. Ideas on further analysis of this data for insider threat mitigation are then presented.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 11, 2005
Accession Number
ADA435252

Entities

People

  • Jason W. Yee

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Air Force
  • Computer Networks
  • Computers
  • Cyberattacks
  • Cybersecurity
  • Databases
  • Detection
  • Electronic Mail
  • Human Behavior
  • Information Systems
  • Insider Threats
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Online Communications
  • Operating Systems
  • United States Government

Fields of Study

  • Computer science

Readers

  • Aviation Safety Risk Assessment.
  • Economics
  • Systems Analysis and Design