The technique of the visual analysis of the organization employees routes for anomaly detection

The detection of anomalies in the movement of employees is an important task of the cyber-physical security of enterprises, including critical infrastructures. The paper presents a technique to analyze the routes of the organization employees based on combination of the data mining and interactive visualization techniques. It includes two stages – detection of the groups of the employees with similar behavior and anomaly discovery. The self-organizing Kohonen maps are used to group employees on the basis of their behavior. To present spatiotemporal patterns, authors developed special visualization model named BandView. To detect anomalies authors present a rating mechanism assessing spatiotemporal attributes of the movement. The visualization of the anomalies is done using heatmaps that allow an analyst to spot place and time with a possibly suspicious activity. The technique is tested against data set provided within VAST MiniChallenge-2 contest that contains logs from access control sensors describing employees’ movement within organization building.