An Approach to Identify Risk-Based Human Behaviour Profiling Within an Office Environment

Documented cases involving Edward Snowden (Greenwald et al., 2018) and Chelsea Manning (Lewis, 2018) highlight the need for an effective employee risk mitigation process. Mitigation has generally focused on system and network access controls to determine the risk level and where possible neutralise the threat. However, these controls rely on access to a computer network before behaviour analysis can determine the threat potential. Determining the threat posed by individuals is a challenging concept as human behaviour can be unpredictable as there may be an exponential number of factors that can influence movement patterns. There are also environmental considerations that may have a direct impact on the movement of an individual. To address this threat, an algorithm has been developed that attempts to identify anomalous human behaviour patterns within a controlled physical environment. The algorithm incorporates multi-dimensional factors such as office entry points, trajectories, time analysis and the physical attributes of the environment. The algorithm also incorporates categorical (qualitative) and continuous (quantitative) attributes within the detection process. The algorithm was embedded within a threat detection application that was designed to be independent of the monitoring solution providing the source data. It achieved this through a data restructure process to ensure it met the criteria of the anomaly detection process. The algorithm was evaluated within a real-life scenario, leveraging data from a Bluetooth proximity human monitoring solution installed within a financial services institution located within the City of London. The data tracked the movement patterns of 50 contractors working for the target organisation. This then fed into the algorithm to determine the potential threat posed by trusted contract employees operating within a multi-storey, open plan office building.