信息系统中用户行为监控系统的开发

N. Karpova, A. Emelina
{"title":"信息系统中用户行为监控系统的开发","authors":"N. Karpova, A. Emelina","doi":"10.17212/2782-2230-2021-2-136-153","DOIUrl":null,"url":null,"abstract":"Currently, there are a large number of mechanisms for protecting computer systems, one of the directions is the creation of systems that respond to possible threats to the information security of the enterprise. Since according to statistics, a large number of information-related crimes are committed by employees of enterprises, monitoring of user actions in the information environment is a particularly important and relevant issue. The main advantages of such monitoring systems are the ability to represent arbitrary parameter values in the form of analytics of specified values, the ability to take into account a large number of development scenarios, the ability to use this system when making decisions, when describing schemes for analyzing information flows, and also to track a large number of computer parameters. In order to respond to information security incidents in a timely manner, it is important to develop a system that also takes into account the interrelationship of user actions. The authors of this paper hypothesized that the user's actions in a computer system are interrelated with each other, that is, if a user performs suspicious actions in a separate monitored parameter, then with a greater degree of confidence, we can say that this user will perform suspicious actions in another monitored parameter. Correlation analysis is necessary for possible reduction of the number of iterations during the program operation, which in the future allows to speed up the analysis of user actions in the information environment. In order to study the statistical relationship of the parameters, the authors found a mathematical measure of correlation - the correlation coefficient (Pearson correlation coefficient) for the studied parameters. Based on the analysis, fuzzy rules were formulated, on the basis of which a system for monitoring user actions in the information environment is built. In this development, a term such as reference user behavior is introduced. Any deviation from this \"standard\" is considered as a suspicious action and requires a timely response to a possible incident.","PeriodicalId":207311,"journal":{"name":"Digital Technology Security","volume":"25 7","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Development of the monitoring system for user's actions in the informational system\",\"authors\":\"N. Karpova, A. Emelina\",\"doi\":\"10.17212/2782-2230-2021-2-136-153\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Currently, there are a large number of mechanisms for protecting computer systems, one of the directions is the creation of systems that respond to possible threats to the information security of the enterprise. Since according to statistics, a large number of information-related crimes are committed by employees of enterprises, monitoring of user actions in the information environment is a particularly important and relevant issue. The main advantages of such monitoring systems are the ability to represent arbitrary parameter values in the form of analytics of specified values, the ability to take into account a large number of development scenarios, the ability to use this system when making decisions, when describing schemes for analyzing information flows, and also to track a large number of computer parameters. In order to respond to information security incidents in a timely manner, it is important to develop a system that also takes into account the interrelationship of user actions. The authors of this paper hypothesized that the user's actions in a computer system are interrelated with each other, that is, if a user performs suspicious actions in a separate monitored parameter, then with a greater degree of confidence, we can say that this user will perform suspicious actions in another monitored parameter. Correlation analysis is necessary for possible reduction of the number of iterations during the program operation, which in the future allows to speed up the analysis of user actions in the information environment. In order to study the statistical relationship of the parameters, the authors found a mathematical measure of correlation - the correlation coefficient (Pearson correlation coefficient) for the studied parameters. Based on the analysis, fuzzy rules were formulated, on the basis of which a system for monitoring user actions in the information environment is built. In this development, a term such as reference user behavior is introduced. Any deviation from this \\\"standard\\\" is considered as a suspicious action and requires a timely response to a possible incident.\",\"PeriodicalId\":207311,\"journal\":{\"name\":\"Digital Technology Security\",\"volume\":\"25 7\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-06-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Digital Technology Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.17212/2782-2230-2021-2-136-153\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Digital Technology Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17212/2782-2230-2021-2-136-153","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

目前,有大量的机制来保护计算机系统,其中一个方向是创建系统,以应对可能对企业的信息安全的威胁。据统计,大量与信息相关的犯罪是由企业员工实施的,因此监控用户在信息环境中的行为是一个尤为重要和相关的问题。这种监控系统的主要优点是能够以指定值的分析形式表示任意参数值,能够考虑大量的开发场景,能够在决策时使用该系统,在描述分析信息流的方案时使用该系统,并且还可以跟踪大量的计算机参数。为了及时对资讯保安事件作出反应,重要的是要发展一个系统,同时考虑到用户行为的相互关系。本文作者假设用户在计算机系统中的行为是相互关联的,即如果用户在单独的监控参数中执行可疑行为,那么我们可以更有信心地说,该用户将在另一个监控参数中执行可疑行为。相关性分析对于可能减少程序操作期间的迭代次数是必要的,这在未来可以加快对信息环境中用户操作的分析。为了研究参数间的统计关系,作者对所研究的参数建立了相关的数学度量——相关系数(Pearson相关系数)。在此基础上,制定了模糊规则,并在此基础上构建了信息环境下用户行为监控系统。在这种发展中,引入了一个术语,如参考用户行为。任何偏离这一“标准”的行为都被视为可疑行为,需要对可能发生的事件作出及时反应。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Development of the monitoring system for user's actions in the informational system
Currently, there are a large number of mechanisms for protecting computer systems, one of the directions is the creation of systems that respond to possible threats to the information security of the enterprise. Since according to statistics, a large number of information-related crimes are committed by employees of enterprises, monitoring of user actions in the information environment is a particularly important and relevant issue. The main advantages of such monitoring systems are the ability to represent arbitrary parameter values in the form of analytics of specified values, the ability to take into account a large number of development scenarios, the ability to use this system when making decisions, when describing schemes for analyzing information flows, and also to track a large number of computer parameters. In order to respond to information security incidents in a timely manner, it is important to develop a system that also takes into account the interrelationship of user actions. The authors of this paper hypothesized that the user's actions in a computer system are interrelated with each other, that is, if a user performs suspicious actions in a separate monitored parameter, then with a greater degree of confidence, we can say that this user will perform suspicious actions in another monitored parameter. Correlation analysis is necessary for possible reduction of the number of iterations during the program operation, which in the future allows to speed up the analysis of user actions in the information environment. In order to study the statistical relationship of the parameters, the authors found a mathematical measure of correlation - the correlation coefficient (Pearson correlation coefficient) for the studied parameters. Based on the analysis, fuzzy rules were formulated, on the basis of which a system for monitoring user actions in the information environment is built. In this development, a term such as reference user behavior is introduced. Any deviation from this "standard" is considered as a suspicious action and requires a timely response to a possible incident.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信