【 摘 要 】

Recent use of Electronic Medical Records in the hospitals has raised many privacy concerns regarding confidential patient information which can be accessed by various users in the hospital's complex and dynamic environment.There has been considerable success in developing strategies to detect insider threats in healthcare information systems based on what one might call therandom object access model or ROA. This approach models illegitimate users who randomly access records. The goal is to use statistics, machine learning, knowledge of hospital workflows and other techniques to support an anomalydetection framework thatfinds such users.In this work we introduce and study a random topic access model, RTA, aimed at the users whose access may well be illegitimate but is not fully random because it is focused on common hospital themes. We argue that thismodel is appropriate for a meaningful range of attacks and develop a systembased on topic summarization that is able to formalize the model and provide anomalous user detection for it. We also propose a framework for evaluatingthe ability to recognize various types of random users called random topic access detection, or RTAD. The proposed RTAD framework is an unsupervised detection model which is a combination of Latent Dirichlet Allocation (LDA), for feature extraction, and a k-nearest neighbor (k-NN) algorithmfor outlier detection. The analysis is done on the dataset from Northwestern Memorial Hospital which consists of over 5 million accesses made by 8000users to 14,000 patients in a four month time period. Our results show varying degrees of success based on user roles and the anticipated characteristicsof attackers and evaluate the ability to identify different adversarial typesrelevant to the hospital ecosystem.

【 预 览 】

附件列表

Files	Size	Format	View
Modeling and detecting anomalous topic access in EMR audit logs	3416KB	PDF	download