Login Anomaly Detection

C0mp@ny is a medium sized company with its headquarter located in Charlotte, North Carolina, USA. It has its offshore offices in Paris, London and Luxembourg. The Charlotte office employs around 100 employees. The company has four departments: Human Resource (HR), Research, Information Technology (IT), and Finance. On every work-day each employee logs onto their office machine. Employees can log on to their account either from home or office using the proper credentials and a secure connection. They can access documents shared with them or documents they have been given authorized access. They can use devices (e.g., printer, fax, and telephone) and other company resources available to them. After working hours, they need to log out of the machines.

In this lab, students will identify anomalous login locations from the given dataset. An employee can log in from within a radius of 10 miles from home or office in the headquarter (HQ), Paris, London, or Luxembourg. Any other login locations are suspicious.

In other words, the anomaly to be detected is: employee logs in from a different location other than home, headquarter (HQ), Paris, London, and Luxembourg.