A Role Mining Inspired Approach to Representing U ser Behaviour in ERP Systems

4A bstract. Despite all attempts to prevent fraud, it continues to be a major threat to industry and government. Traditionally, organizations have focused on fraud prevention rather than detection, to combat fraud. In this paper we present a role mining inspired approach to represent user behaviour in Enterprise Resource Planning (ERP) systems, primarily aimed at detecting opportunities to commit fraud or potentially suspicious activities. We have adapted an approach which uses set theory to create transaction profiles based on analysis of user activity records. Based on these transaction profiles, we propose a set of (1) anomaly types to detect potentially suspicious user behaviour and (2) scenarios to identify inadequate segregation of duties in an ERP environment. In addition, we present two algorithms to construct a directed acyclic graph to represent relationships between transaction profiles. Experiments were conducted using a real dataset obtained from a teaching environment and a demonstration dataset, both using SAP R/3, presently the most predominant ERP system. The results of this empirical research demonstrate the effectiveness of the proposed approach.

[1]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[2]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.

[3]  Peter Best,et al.  A Framework for Separation of Duties in an SAP R/3 Environment , 2003 .

[4]  Joseph T. Wells Principles of Fraud Examination , 2004 .

[5]  Kotagiri Ramamohanarao,et al.  Role engineering using graph optimisation , 2007, SACMAT '07.

[6]  Mark A. Toleman,et al.  Continuous Fraud Detection in Enterprise Systems through Audit Trail Analysis , 2009, J. Digit. Forensics Secur. Law.

[7]  Li Guo,et al.  Network anomaly detection based on TCM-KNN algorithm , 2007, ASIACCS '07.

[8]  Prasad Bingi,et al.  Critical Issues Affecting an ERP Implementation , 1999, Inf. Syst. Manag..

[9]  Colleen McCue,et al.  Data Mining and Predictive Analysis: Intelligence Gathering and Crime Analysis , 2006 .

[10]  H. Dominic Covvey,et al.  Adaptive Fraud Detection Using Benford's Law , 2006, Canadian Conference on AI.

[11]  Ulrike Steffens,et al.  Role mining with ORCA , 2005, SACMAT '05.

[12]  Vijayalakshmi Atluri,et al.  Migrating to optimal RBAC with minimal perturbation , 2008, SACMAT '08.

[13]  Edward J. Coyne Role engineering , 1996, RBAC '95.

[14]  D. Richard Kuhn,et al.  Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems , 1997, RBAC '97.

[15]  Martin Kuhlmann,et al.  Role mining - revealing business roles for security administration using data mining technology , 2003, SACMAT '03.

[16]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[17]  Jaideep Vaidya,et al.  RoleMiner: mining roles using subset enumeration , 2006, CCS '06.

[18]  David J. Hand,et al.  Statistical fraud detection: A review , 2002 .

[19]  Philip S. Yu,et al.  Dual Labeling: Answering Graph Reachability Queries in Constant Time , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[20]  Qingzhong Liu,et al.  Behaviour Mining for Fraud Detection , 2007, J. Res. Pract. Inf. Technol..

[21]  Bin Srinidhi,et al.  The Influence of Segregation of Duties on Internal Control Judgments , 1994 .

[22]  Yusufali F. Musaji Integrated Auditing of ERP Systems , 2002 .

[23]  John D. O'Gara Corporate Fraud: Case Studies in Detection and Prevention , 2004 .

[24]  Jeremy L. Jacob,et al.  The role-based access control system of a European bank: a case study and discussion , 2001, SACMAT '01.