{"title":"信息系统中用户行为监控系统的开发","authors":"N. Karpova, A. Emelina","doi":"10.17212/2782-2230-2021-2-136-153","DOIUrl":null,"url":null,"abstract":"Currently, there are a large number of mechanisms for protecting computer systems, one of the directions is the creation of systems that respond to possible threats to the information security of the enterprise. Since according to statistics, a large number of information-related crimes are committed by employees of enterprises, monitoring of user actions in the information environment is a particularly important and relevant issue. The main advantages of such monitoring systems are the ability to represent arbitrary parameter values in the form of analytics of specified values, the ability to take into account a large number of development scenarios, the ability to use this system when making decisions, when describing schemes for analyzing information flows, and also to track a large number of computer parameters. In order to respond to information security incidents in a timely manner, it is important to develop a system that also takes into account the interrelationship of user actions. The authors of this paper hypothesized that the user's actions in a computer system are interrelated with each other, that is, if a user performs suspicious actions in a separate monitored parameter, then with a greater degree of confidence, we can say that this user will perform suspicious actions in another monitored parameter. Correlation analysis is necessary for possible reduction of the number of iterations during the program operation, which in the future allows to speed up the analysis of user actions in the information environment. In order to study the statistical relationship of the parameters, the authors found a mathematical measure of correlation - the correlation coefficient (Pearson correlation coefficient) for the studied parameters. Based on the analysis, fuzzy rules were formulated, on the basis of which a system for monitoring user actions in the information environment is built. In this development, a term such as reference user behavior is introduced. Any deviation from this \"standard\" is considered as a suspicious action and requires a timely response to a possible incident.","PeriodicalId":207311,"journal":{"name":"Digital Technology Security","volume":"25 7","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Development of the monitoring system for user's actions in the informational system\",\"authors\":\"N. Karpova, A. Emelina\",\"doi\":\"10.17212/2782-2230-2021-2-136-153\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Currently, there are a large number of mechanisms for protecting computer systems, one of the directions is the creation of systems that respond to possible threats to the information security of the enterprise. Since according to statistics, a large number of information-related crimes are committed by employees of enterprises, monitoring of user actions in the information environment is a particularly important and relevant issue. The main advantages of such monitoring systems are the ability to represent arbitrary parameter values in the form of analytics of specified values, the ability to take into account a large number of development scenarios, the ability to use this system when making decisions, when describing schemes for analyzing information flows, and also to track a large number of computer parameters. In order to respond to information security incidents in a timely manner, it is important to develop a system that also takes into account the interrelationship of user actions. The authors of this paper hypothesized that the user's actions in a computer system are interrelated with each other, that is, if a user performs suspicious actions in a separate monitored parameter, then with a greater degree of confidence, we can say that this user will perform suspicious actions in another monitored parameter. Correlation analysis is necessary for possible reduction of the number of iterations during the program operation, which in the future allows to speed up the analysis of user actions in the information environment. In order to study the statistical relationship of the parameters, the authors found a mathematical measure of correlation - the correlation coefficient (Pearson correlation coefficient) for the studied parameters. Based on the analysis, fuzzy rules were formulated, on the basis of which a system for monitoring user actions in the information environment is built. In this development, a term such as reference user behavior is introduced. Any deviation from this \\\"standard\\\" is considered as a suspicious action and requires a timely response to a possible incident.\",\"PeriodicalId\":207311,\"journal\":{\"name\":\"Digital Technology Security\",\"volume\":\"25 7\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-06-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Digital Technology Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.17212/2782-2230-2021-2-136-153\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Digital Technology Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17212/2782-2230-2021-2-136-153","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Development of the monitoring system for user's actions in the informational system
Currently, there are a large number of mechanisms for protecting computer systems, one of the directions is the creation of systems that respond to possible threats to the information security of the enterprise. Since according to statistics, a large number of information-related crimes are committed by employees of enterprises, monitoring of user actions in the information environment is a particularly important and relevant issue. The main advantages of such monitoring systems are the ability to represent arbitrary parameter values in the form of analytics of specified values, the ability to take into account a large number of development scenarios, the ability to use this system when making decisions, when describing schemes for analyzing information flows, and also to track a large number of computer parameters. In order to respond to information security incidents in a timely manner, it is important to develop a system that also takes into account the interrelationship of user actions. The authors of this paper hypothesized that the user's actions in a computer system are interrelated with each other, that is, if a user performs suspicious actions in a separate monitored parameter, then with a greater degree of confidence, we can say that this user will perform suspicious actions in another monitored parameter. Correlation analysis is necessary for possible reduction of the number of iterations during the program operation, which in the future allows to speed up the analysis of user actions in the information environment. In order to study the statistical relationship of the parameters, the authors found a mathematical measure of correlation - the correlation coefficient (Pearson correlation coefficient) for the studied parameters. Based on the analysis, fuzzy rules were formulated, on the basis of which a system for monitoring user actions in the information environment is built. In this development, a term such as reference user behavior is introduced. Any deviation from this "standard" is considered as a suspicious action and requires a timely response to a possible incident.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
