At the KAIST Institute for Information Technology Convergence, the Intelligent Technology Research team has conducted research and development of an AI/ML based user anomaly detection solution for enterprise resource planning system (ERP), particularly targeted at SAP ERP, by collaborating with ARMIQ (a company with SAP ERP system expertise). The team is developing core modules for ERP user anomaly detection solutions such as user behavior categorizers, AI/ML inference models, model optimization methods). By utilizing domain expertise related to SAP ERP and cutting-edge AI/ML techniques, it is expected to achieve cost-effective localized ML based user anomaly detection solutions.

As an industry-academia cooperation, the Intelligent Technology Research Team (team leader: Hyeontaek Oh), collaborating with ARMIQ (a R&D company that studies SAP system-based solutions), is studying the development of AI/ML based user anomaly detection solution for enterprise resource planning (ERP) system since 2019.

The ERP system has dealt with much business-related information (including trade secrets, confidential business information, etc.), and the security requirements and regulations for handling such information are dynamically updated. For example, according to various surveys, recently enforced regulations (such as privacy information protection act and act on external audit of stock companies) now become more and more burden to companies that running ERP solutions. However, traditional security models such as the triple-A model (Authentication, Authorization, and Accounting) or CIA (Confidentiality, Integrity, and Availability) are not sufficient to cover these issues for a large-scale ERP system because these approaches cannot detect and handle actual system usages (for example, even an authorized user may intentionally/unintentionally access and retrieve information from the system). Therefore, the need for autonomous anomaly detection methods in ERP has increased in the market.

Figure 1. Overview of SAP ERP based user anomaly behavior detection process
Figure 1. Overview of SAP ERP based user anomaly behavior detection process

The team has worked to develop efficient AI/ML based user anomaly detection solutions for ERP. Particularly, this project has targeted SAP ERP, which has the highest market share in the world. This project has targeted to find users’ anomaly behaviors through analyzing various ERP system usage logs (such as access and security logs) based on business workflows and transactions. With the analysis, suitable AI/ML models are developed as both on-premises and cloud-based packages for easy deployment, operation, and management. Currently, a prototype version of the solution has tested in a real industrial site and it has continuously developed and updated.

The user anomaly detection solution KI-ARMIQ collaborated work. Especially, SAP ERP related technologies are very limited and unique due to the complexity of SAP ERP solutions. Therefore, by collaborating with KI (with the cutting-edge AI/ML techniques) and ARMIQ (with SAP ERP domain expertise), the group is expected to achieve cost-effective localized AI/ML based users’ anomaly detection solutions.

Figure 2. Detailed KI-ARMIQ ERP user anomaly detection solution
Figure 2. Detailed KI-ARMIQ ERP user anomaly detection solution
Contact Information:
Hyeontaek Oh Intelligent Technology Research Team, KI for Information Technology Convergence, KAIST
Homepage: http://itc.kaist.ac.kr
E-mail: hyeontaek@kaist.ac.kr