Detecting and Identifying Insider Threats Based on Advanced Clustering Methods

被引：5

作者：

Nikiforova, Oksana ^{[1
]}

Romanovs, Andrejs ^{[1
]}

Zabiniako, Vitaly ^{[2
]}

Kornienko, Jurijs ^{[2
]}

机构：

[1] Riga Tech Univ, Fac Comp Sci & Informat Technol, LV-1048 Riga, Latvia

[2] ABC Software Ltd, LV-1012 Riga, Latvia

来源：

IEEE ACCESS | 2024年 / 12卷

关键词：

Behavioral sciences; Analytical models; Security; Clustering algorithms; Manuals; Data models; Clustering methods; Threat assessment; Anomaly detection; Information systems; User experience; Information security; clustering algorithms; data mining; information system user behavior analysis; information technology security; insider threats detection;

D O I：

10.1109/ACCESS.2024.3365424

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This paper explores the analysis of user behavior in information systems through audit records, creating a behavior model represented as a graph. The model captures actions over a specified period, facilitating real-time comparison to identify insider threats exploring anomalies detected in behavior models. "e-StepControl," developed by "ABC software" Ltd., incorporates this approach for monitoring user behavior in different business environments. The study proposes enhancing this solution with automatic user clustering, achieved by grouping individuals exhibiting similar behavior patterns using AI/ML algorithms. The research evaluates various clustering methods, discussing their suitability for grouping users based on their behavior. The subsequent step involves leveraging user class behavior models to identify anomalies by comparing an individual's actions with the behavior model expected in their specific user group. This extension aims to enhance the system's ability to detect potentially malicious activities, providing data security administrators with timely alerts in case of deviations from typical behavior.

引用

页码：30242 / 30253

页数：12

共 33 条

[1]

ABC Software, 2021, System and Method for Detecting Atypical Behavior of Users in an Information System by Analyzing Their Actions Using a Markov Chain and an Artificial Neural Network

[2]

Aggarwal CC, 2014, CH CRC DATA MIN KNOW, P1

[3]

[Anonymous], 2022, Cost of Insider Threats: Global Report

[4] Brief Overview of Modelling Methods, Life-Cycle and Application Domains of Cyber-Physical Systems [J].

Babris, Kristaps ;

Nikiforova, Oksana ;

Sukovskis, Uldis .

APPLIED COMPUTER SYSTEMS, 2019, 24 (01) :1-8

[5]

E-StepControl, about us

[6]

Elavarasi S. A., 2011, A Survey On Partition Cclustering Algorithms

[7]

Gagniuc PA., 2017, MARKOV CHAINS THEORY, DOI [DOI 10.1002/9781119387596, 10.1002/9781119387596]

[8]

Garkalns P., 2023, PROC IEEE 64 INT SCI, P1, DOI [10.1109/ITMS59786, DOI 10.1109/ITMS59786]

[9]

Gilbert N., 2023, 31 Crucial Insider Threat Statistics: 2023 Latest Trends & Challenges

[10]

Google LLC, 2022, K-means Advantages and Disadvantages. Machine Learning, Advanced courses, Clusterin

← 1 2 3 4 →