search menu icon-carat-right cmu-wordmark

Sentiment Analysis in the Context of Insider Threat

Jason W. Clark

In this blog post, I describe sentiment analysis and discuss its use in the area of insider threat. Sentiment analysis, often referred to as opinion mining, refers to the application of natural language processing (NLP), computational linguistics, and text analytics to identify and extract subjective information in source materials (Wikipedia).

Sentiment analysis may be able to determine if the tone or attitude of a given message (e.g., text, email, blog post, Yelp review, instant message chat logs, Facebook post, and Twitter activity) is positive or negative.

Further, sentiment analysis may be able to help analysts understand the "tone" of an organization's entire workforce. For example, employees may become disgruntled if a certain benefit is removed or new management is put in place. Of course, the entire organization's staff may just be upset that it's Monday morning and their favorite football team just lost. If used properly as part of the organization's insider threat program, sentiment analysis may help organizations better identify if and when an employee is on the critical path towards insider threat.

That said, since it is often difficult, complex, and qualitative at best, sentiment analysis certainly has some drawbacks and difficulties. It has been shown to be error prone with human readability on the order of 75%. Also, this analysis may need to be refined so that it is more tailored to the context of the particular organization. For example, people in the military may write considerably differently than those in industry, academia, or other fields.

With sentiment analysis, it is sometimes difficult to detect sarcasm and similar emotional language patterns. In fact, quotes found in the writing may skew the results dramatically. Thus, it is imperative that the data is pre-processed to ensure that sentiment analysis is being run only on the particular employee's written word.

The desired outcome of sentiment analysis in insider threat is to provide analysts with more ways to detect and alert upon early warning signs of employee threats, such as threats to self and others (e.g., suicide and workplace violence).

The organization also could potentially overlay this data with active directory or an organizational chart to determine how a given employee talks to others (e.g., manager vs subordinate, federal vs contractor, full-time vs part-time employees, and HQ vs remote office). Given enough data, the organization could also incorporate time series to look for behavioral changes and effectively determine who is becoming increasingly dissatisfied.

I do not recommend a particular sentiment analysis tool. However, you should be aware that there has been a significant increase in the development of such tools, software, and add-on modules from reputable vendors to better perform sentiment analysis.

For more information about how sentiment analysis can be used as part of a mature insider threat program, please use the Insider Threat contact form and ask that your message be directed to me.