Sciweavers

CEAS
2006
Springer

Using E-Mail Social Network Analysis for Detecting Unauthorized Accounts

14 years 4 months ago
Using E-Mail Social Network Analysis for Detecting Unauthorized Accounts
In this paper we detail the use of e-mail social network analysis for the detection of security policy violations on computer systems. We begin by formalizing basic policies that derive from the expected social behavior of computer users. We then extract the social networks of three organizations by analyzing e-mail server logs collected over several months and apply the policies to the resultant social network and identify subsequent policy violators. After closer examination of the outlier accounts, we find that a significant fraction of the suspect accounts were supposed to have been terminated long ago for a variety of reasons. Through the analysis and experiments presented in the paper, we conclude the analysis of social networks extracted from network logs can prove useful in a variety of traditionally hard to solve security problems, such as detecting insider threats.
Adam J. O'Donnell, Walter C. Mankowski, Jeff Abrah
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2006
Where CEAS
Authors Adam J. O'Donnell, Walter C. Mankowski, Jeff Abrahamson
Comments (0)