Resource Anomaly Detection

C0mp@ny is a medium sized company with its headquarter located in Charlotte, North Carolina, USA. It has its offshore offices in Paris, London and Luxembourg. The Charlotte office employs around 100 employees. The company has four departments: Human Resource (HR), Research, Information Technology (IT), and Finance. On every work-day each employee logs onto their office machine. Employees can log on to their account either from home or office using the proper credentials and a secure connection. They can access documents shared with them or documents they have been given authorized access. They can use devices (e.g., printer, fax, and telephone) and other company resources available to them. After working hours, they need to log out of the machines.

Each employee works in one department, and each resource belongs to one department. An employee is supposed to access resources only in his/her work department.

In this lab, students will detect anomalous resource accesses, i.e., an employee accesses resource(s) outside of the work department.