As an industry-academia cooperation, the Intelligent Technology Research Team (team leader: Hyeontaek Oh), collaborating with ARMIQ (a R&D company that studies SAP system-based solutions), is studying the development of AI/ML based user anomaly detection solution for enterprise resource planning (ERP) system since 2019.
The ERP system has dealt with much business-related information (including trade secrets, confidential business information, etc.), and the security requirements and regulations for handling such information are dynamically updated. For example, according to various surveys, recently enforced regulations (such as privacy information protection act and act on external audit of stock companies) now become more and more burden to companies that running ERP solutions. However, traditional security models such as the triple-A model (Authentication, Authorization, and Accounting) or CIA (Confidentiality, Integrity, and Availability) are not sufficient to cover these issues for a large-scale ERP system because these approaches cannot detect and handle actual system usages (for example, even an authorized user may intentionally/unintentionally access and retrieve information from the system). Therefore, the need for autonomous anomaly detection methods in ERP has increased in the market.
The team has worked to develop efficient AI/ML based user anomaly detection solutions for ERP. Particularly, this project has targeted SAP ERP, which has the highest market share in the world. This project has targeted to find users’ anomaly behaviors through analyzing various ERP system usage logs (such as access and security logs) based on business workflows and transactions. With the analysis, suitable AI/ML models are developed as both on-premises and cloud-based packages for easy deployment, operation, and management. Currently, a prototype version of the solution has tested in a real industrial site and it has continuously developed and updated.
The user anomaly detection solution KI-ARMIQ collaborated work. Especially, SAP ERP related technologies are very limited and unique due to the complexity of SAP ERP solutions. Therefore, by collaborating with KI (with the cutting-edge AI/ML techniques) and ARMIQ (with SAP ERP domain expertise), the group is expected to achieve cost-effective localized AI/ML based users’ anomaly detection solutions.
Hyeontaek Oh Intelligent Technology Research Team, KI for Information Technology Convergence, KAIST
Homepage: http://itc.kaist.ac.kr
E-mail: hyeontaek@kaist.ac.kr