Classifying Insider Threat from Electronic Mail Communication
No Thumbnail Available
Date
2016-06-10
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
In a current interwoven global world the means of communication has been diversified.
Electronic mail is one of the popular, simple and user-friendly for communication. The
implication of this means of communication is reflected in various corners of the day to day
activities of the modern world. Currently, email communication is set as a standard procedure for
office communication in many organizations. Having the good face of such a communication
approach, on the contrary unwanted distracting messages could bring institutional instability and
even collapse.
The objective of this research work is to classify the level of being insider threat using email text
classification techniques from the electronic communication. In order to meet the stated
objective, data mining algorithms in Weka 7.8 software has been used to classify the email texts.
The experiment was conducted using 9808 negative and positive dictionary words identified by
psychologists for training. For testing individual email files are used. The Enron higher officials
email text was investigated after extensive text preprocessing techniques. The text preprocessing
technique includes removal of email header, signature, alphanumeric character etc.SMO
Classifiers are employed to manage the experiment. Therefore, the text email analyzed was
categorized into negative and positive word counts then the negative word count was further
classified into five stages of threat levels. Among twenty eight higher officials investigated at
Enron Company, 22 of the employees were found at the exploration stage, one on exploitation
stage, two on execution stage and three of them classified under escape stage.
The evaluation of the classifier is acceptable and suitable for threat classification. Moreover, a
court which was designated to investigate wire fraud, conspiracy and false audit report,
convicted 3 of the officials spend in prison from 1.5 – 24.3 years. These individuals were
classified under the escape stage of this study. Eventually, the output of this study indicates the
promising use of text classification technique to trace and classify insider threats from email
communication. Hence, further study and standardization of such a work could bring better result
in organizational security and institutional functioning.
Description
Keywords
Insider threat, text classification, email classification, threat classification, organizational security