Open AccessDevelopment of the monitoring system for user's actions in the informational system
Author(s) -
Nadegda E. Karpova,
Alina Emelina
Publication year - 2021
Publication title -
bezopasnostʹ cifrovyh tehnologij
Language(s) - English
Resource type - Journals
ISSN - 2782-2230
DOI - 10.17212/2782-2230-2021-2-136-153
Subject(s) - computer science , order (exchange) , information system , analytics , computer security , risk analysis (engineering) , data mining , data science , engineering , medicine , finance , electrical engineering , economics
Currently, there are a large number of mechanisms for protecting computer systems, one of the directions is the creation of systems that respond to possible threats to the information security of the enterprise. Since according to statistics, a large number of information-related crimes are committed by employees of enterprises, monitoring of user actions in the information environment is a particularly important and relevant issue. The main advantages of such monitoring systems are the ability to represent arbitrary parameter values in the form of analytics of specified values, the ability to take into account a large number of development scenarios, the ability to use this system when making decisions, when describing schemes for analyzing information flows, and also to track a large number of computer parameters. In order to respond to information security incidents in a timely manner, it is important to develop a system that also takes into account the interrelationship of user actions. The authors of this paper hypothesized that the user's actions in a computer system are interrelated with each other, that is, if a user performs suspicious actions in a separate monitored parameter, then with a greater degree of confidence, we can say that this user will perform suspicious actions in another monitored parameter. Correlation analysis is necessary for possible reduction of the number of iterations during the program operation, which in the future allows to speed up the analysis of user actions in the information environment. In order to study the statistical relationship of the parameters, the authors found a mathematical measure of correlation - the correlation coefficient (Pearson correlation coefficient) for the studied parameters. Based on the analysis, fuzzy rules were formulated, on the basis of which a system for monitoring user actions in the information environment is built. In this development, a term such as reference user behavior is introduced. Any deviation from this "standard" is considered as a suspicious action and requires a timely response to a possible incident.