|
Imitation model of insider detection by statistical techniques
E. A. Martyanov M. V. Lomonosov Moscow State University, Faculty of Computational Mathematics and Cybernetics, GSP-1, Leninskie Gory, Moscow 119991, Russian Federation
Abstract:
The paper considers the task of insider detection in a group of analysts who work with a data warehouse, presented as a raw table with a huge amount of attributes. The main difference in the behavior of a legitimate analyst and an insider is that the latter collects data redundant for his/her functionality during his/her work cycle. Thus, to detect an insider, it is enough to detect the regular fact of redundancy on his/her requests of data, which he/she can consider and use to damage a company. The paper presents the mathematical model of insider behavior, the formal definition of the main difference in the behavior of a legitimate analyst and an insider, and the results of modeling. The conditions when it is possible to use statistical criteria to solve the task are found.
Keywords:
insider threat; redundant data collection; statistical criteria; mathematical model; systems simulation.
Received: 20.03.2017
Citation:
E. A. Martyanov, “Imitation model of insider detection by statistical techniques”, Sistemy i Sredstva Inform., 27:2 (2017), 48–59
Linking options:
https://www.mathnet.ru/eng/ssi515 https://www.mathnet.ru/eng/ssi/v27/i2/p48
|
Statistics & downloads: |
Abstract page: | 194 | Full-text PDF : | 65 | References: | 48 |
|