Open AccessA CLUSTERING METHOD FOR IDENTIFYING FILE IMPACTS BASED ON THE K-MEANS ALGORITHM USED IN INFORMATION SECURITY INCIDENTS INVESTIGATION
Author(s) -
R. V. Gibilinda
Publication year - 2020
Publication title -
vestnik urfo. bezopasnostʹ v informacionnoj sfere
Language(s) - English
Resource type - Journals
eISSN - 2225-5443
pISSN - 2225-5435
DOI - 10.14529/secur200104
Subject(s) - cluster analysis , computer science , data mining , cluster (spacecraft) , process (computing) , volume (thermodynamics) , relation (database) , algorithm , k means clustering , information security , database , computer security , machine learning , operating system , physics , quantum mechanics
The article presents a clustering method for identifying file impacts used in information se-curity incidents investigation. The proposed method is based on application of k-means cluster-ization algorithm with adapted automatic optimal cluster number determination algorithm. Precisely defined clusters amount allows to group data to describe file impacts. The article dis-cusses preparation process of input data obtained from $UsnJrnl volume changes log records, as well as the algorithm for identifying complex file impacts based on the search for relation-ships between clusters. The proposed clustering method has a pronounced automated charac-ter, which allows a specialist that carries out an information security incident investigation to speed up the process of identifying and eliminating the consequences of an incide