Menu
Publications
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
Editor-in-Chief
Nikiforov
Vladimir O.
D.Sc., Prof.
Partners
doi: 10.17586/2226-1494-2021-21-4-553-561
Risk assessment methodology for information systems, based on the user behavior and IT-security incidents analysis
Read the full article ';
Article in русский
For citation:
Abstract
For citation:
Bezzateev S.V., Elina T.N., Mylnikov V.A., Livshitz I.I. Risk assessment methodology for information systems, based on the user behavior and IT-security incidents analysis. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2021, vol. 21, no. 4, pp. 553–561 (in Russian). doi: 10.17586/2226-1494-2021-21-4-553-561
Abstract
Obtaining trustworthy estimates for the reliability and security of corporate information systems is an urgent problem. It is not enough just to have estimations for security of software and hardware components. Constant monitoring of a user’s actions and a comprehensive analysis of his (her) behavior in the system are necessary. The novelty of the proposed approach consists in application of psychological profiling methods, models of neuro-fuzzy inference and mechanisms of multidimensional data analysis. Vulnerabilities of computer information systems are determined on the basis of a retrospective analysis of information security incidents. The user’s profile is based on the analysis of his (her) behavior. The patterns of this behavior in a particular computer information system are determined. The work studies the influence of intentional and unintentional user behavior on the probability of information security threats and identifies the threshold values of the number and frequency of the events indicating an information security incident. Such data helped to build a model to search for an intruder during an information security incident. The proposed method was tested in the MatLab software package. The experimental calculations of potential vulnerabilities were performed in the “1C: Enterprise 8.3” system of programs. As the initial data for the calculation, we used the log entries of the actions of more than 100 users with different roles for a period of one year. It is noted that the risk management policy should include a continuous analysis of user actions, as well as the consequences of these actions, in order to identify the goals of such behavior and prevent information security incidents. It is shown that when implementing the proposed methodology, it is necessary to constantly identify users who should not have access to sensitive information from the inside, assuming that a current violator is located within the boundaries of a computer information network. The application of the proposed methodology allows us to increase the level of information security with a constant change in the “working environment” of the information system. It will help to significantly simplify the process of making an objective and reasonable management decision about the most likely implementation of information security incidents. This allows one to take appropriate preventive measures in advance.
Keywords: modeling, psychological profiling, neuro-fuzzy inference, multidimensional data analysis, information security threat assessment
References
References
-
Yelina T.N., Mylnikov V.A., Bezzateev S.V. Optimal allocation of cloud service resources using multi-agent technologies. Proc. of the 2020 Wave Electronics and its Application in Information and Telecommunication Systems (WECONF), 2020, pp. 9131519. https://doi.org/10.1109/WECONF48837.2020.9131519
-
Review of solutions of the UBA class. BIT. Business & Information Technology, 2019, no. 9(92), pp. 14–15. (inRussian)
-
Cherkasova E.S. Profiling as a method of creating a psychological portrait of a potential criminal at the stage of preliminary investigation, the effective. Vestnik Novosibirskogo gosudarstvennogo universiteta. Pravo, 2013, vol. 9, no 1, pp. 72–75. (in Russian)
-
Muravyov N.S., Astakhova L.V. Prevention of information security incidents based on user profling: program-technical aspect. Bulletin of the Ural Federal District. Security in the Information Sphere, 2018, no. 1(27), pp. 66–70. (in Russian)
-
Tulupeva T.V., Azarov A.A., Tulupev A.L. Socio-engineering attacks as the form of social action. Nauchnye trudy Severo-Zapadnogo instituta upravlenija RANHiGS, 2013, vol. 4, no. 4(11), pp. 100–110. (in Russian)
-
Golyanich V.M., Tulupeva T.V., Yushchenko N.A., Glazyrin A.A. Targets and requirements of civil servants. Nauchnye trudy Severo-Zapadnogo instituta upravlenija RANHiGS, 2013, vol. 4, no. 4(11), pp. 20–36. (in Russian)
-
Puchkov I.I. Commercial profiling in DLP systems. Young Scientist, 2017, no. 51(185), pp. 75–77. Available at: https://moluch.ru/archive/185/47448/ (accessed: 02.04.2021). (in Russian)
-
Ryumin D. Automated hand detection method for tasks of gesture recognition in human-machine interfaces. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2020, vol. 20, no. 4, pp. 525–531. (in Russian). https://doi.org/10.17586/2226-1494-2020-20-4-525-531
-
Tatarnikova T.M., Bogdanov P.Yu. Human psyche creation by application of natural language processing technologies. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2021, vol. 21, no. 1, pp. 85–91. (in Russian). https://doi.org/10.17586/2226-1494-2021-21-1-85-91
-
Zubkova T.M., Tagirova L.F., Tagirov V.K. Prototyping of adaptive user application programming interfaces by artificial intelligence methods. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2019, vol. 19, no. 4, pp. 680–688. (in Russian). https://doi.org/10.17586/2226-1494-2019-19-4-680-688
-
Danilchenko P.A., Sedina M.S. Analysis of opportunities of modern DLP-systems. Colloquium-journal, 2019, no. 1-5 (25), pp. 61–62. (in Russian)
-
Bogdanov D.S. Speech recognition systems: classification, methods and algorithms. Alley Science, 2018, vol. 7, no. 11(27), pp. 819–823. (in Russian)
-
Eremeev E.A. Pattern recognition in expert decision-making systems. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2019, vol. 19, no. 4, pp. 704–713. (in Russian).https://doi.org/10.17586/2226-1494-2019-19-4-704-713
-
Livshitz I. Information security audit for fuel and power sector facilities. Energy Safety and Energy Economy, 2021, no. 1, pp. 5–12. (in Russian). https://doi.org/10.18635/2071-2219-2021-1-5-12
-
Basyrova A.A., Livshits I.I. Analyzing the methodology of enterprise cybersecurity audit with the help of outsourcing companies. Automation in Industry, 2020, no. 7, pp. 6–9. (in Russian). https://doi.org/10.25728/avtprom.2020.07.02
-
Purtov D., Sidorkina I. An approach combining general and highly specialized semantic analysis in DLP systems. Open Semantic Technology for Intelligent Systems, 2020, no. 4, pp. 301–304.
-
Yelin N.N., Bubnov V.B., Mylnikov V.A., Elina T.N. Expert system of decision-making on perspective development of system of water supply of the urban area on the basis of model of the return indistinct logical conclusion. Technology of Technosphere Safety, 2018, no. 1(77), pp. 81–89. (in Russian). https://doi.org/10.25257/TTS.2018.1.77.81-89
-
Gao Y., Xu L., Su Y., Ranasinghe D.C. Lightweight (reverse) fuzzy extractor with multiple reference PUF responses. IEEE Transactions on Information Forensics and Security, 2019, vol. 14, no. 7, pp. 1887–1901. https://doi.org/10.1109/TIFS.2018.2886624
-
Tardío R., Maté A., Trujillo J. A new big data benchmark for OLAP cube design using data pre-aggregation techniques. Applied Sciences (Switzerland), 2020, vol. 10, no. 23, pp. 8674. https://doi.org/10.3390/app10238674
-
Savina A.G., Malyavkina L.I. Architecture concept of the system 1С: enterprise and means of applied solutions designing. Economic Environment, 2021, no. 1(35), pp. 63–69. (in Russian). https://doi.org/10.36683/2306-1758/2021-1-35/63-69
-
Kuzmicheva S.A., Tarabrina O.V. Building an analytical system for event analysis to ensure information security of the enterprise. IT Security (Russia), 2019, vol. 26, no. 1, pp. 6–14. (in Russian)