Abstract
Employees of different critical infrastructures, including energy systems, are considered to be a security resource, and understanding their behavior patterns may leverage user and entity behavior analytics and improve organization capabilities in information threat detection such as insider threat and targeted attacks. Such behavior patterns are particularly critical for power stations and other energy companies. The paper presents a visual analytics approach to the exploratory analysis of the employees’ routes extracted from the logs of the access control system. Key elements of the approach are interactive self-organizing Kohonen maps used to detect groups of employees with similar movement trajectories, and heat maps highlighting possible anomalies in their movement. The spatiotemporal patterns of the routes are presented using a Gantt chart-based visualization model named BandView. The paper also discusses the results of efficiency assessment of the proposed analysis and visualization models. The assessment procedure was implemented using artificially generated and real-world data. It is demonstrated that the suggested approach may significantly increase the efficiency of the exploratory analysis especially under the condition when no prior information on existing employees’ moving routine is available.
Highlights
Application of digital technologies has greatly contributed to economical and social aspects of humanity development and enhanced environment protection, it has been shown that socio-technical systems and ecosystem has become more vulnerable to cyber-threats, and especially this problem is important to critical infrastructure in the energy sector [1] as any system malfunctioning may cause severe impact on all aspects of human living
This paper presents the development of the results partly presented on the MMM-ACNS 2017 [11] and ElConRus conferences [12] and in the article [13]. It contains a formal description of the analysis process, including an extended description of the developed visual analytics techniques and rationale for their choice, recommendations to selection of the analysis models parameters and presents an expert assessment on the effectiveness of the proposed visualization techniques as well as the efficiency of the approach in the anomaly detection
The usage of the approach proposed may significantly increase the efficiency of the access control logs analysis as it reveals the groups of employees having similar routes and shows deviations in their routes
Summary
Application of digital technologies has greatly contributed to economical and social aspects of humanity development and enhanced environment protection, it has been shown that socio-technical systems and ecosystem has become more vulnerable to cyber-threats, and especially this problem is important to critical infrastructure in the energy sector [1] as any system malfunctioning may cause severe impact on all aspects of human living. A set of interactive visualization models tightly coupled with data mining techniques assists in establishing groups of employees with similar trajectories, spatiotemporal patterns of the employees’ routes and detecting anomalous deviations in their movement. [28], authors proposed a visual analytics approach to investigate how massive movement flows change over time, it is based on a graph-based technique that includes a spatial aggregation step with a consequent temporal clustering step to reduce input graph volume. The visualization technique named BandView proposed in the approach to investigate the raw data about employees movement is quite similar to the Event Quiltmap described in [32] as they both are based on Gantt chart. Unlike [32], the authors use SOM clustering technique for revealing possible patterns in employees’ movement and apply statistics-based mechanism for ranking detected deviations in employee’s route considering the periodicity of their occurrence. The graphical presentation of the SOM is enforced by the special glyph that gives brief characteristics on entities belonging to one cluster
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
