Using Author Topic to detect insider threats from email traffic

One means of preventing insider theft is by stopping potential insiders from becoming actual thieves. This article discusses an approach to assist managers in identifying potential insider threats. By using the Author Topic [Rosen-Zvi Michal, Griffiths Thomas, Steyvers Mark, Smyth Padhraic. The author-topic model for authors and documents. In: Proceedings of the 20th conference on uncertainty in artificial intelligence; 2004. p. 487–94.] clustering algorithm, we discern employees' interests from their daily emails. These interests then provide a means to create an implicit and an explicit social network graph. This approach locates potential insiders by finding individuals who either (1) feel alienated from the organization (a key warning sign of a possible disgruntled worker) or (2) have a hidden interest in a sensitive (e.g. proprietary or classified) topic. In both cases, this is revealed when someone demonstrates an interest in a topic but does not share that interest with anyone in the organization. By applying this technique to the Enron email corpus, we produce coherent, sensible topics and reveal Sherron Watkins, the famous Enron whistleblower, as a potential insider threat from the viewpoint of the individuals behind the Enron scandal.