Статья 'Использование технических индикаторов для выявления инсайдерских угроз' - журнал 'Кибернетика и программирование' - NotaBene.ru
по
Journal Menu
> Issues > Rubrics > About journal > Authors > About the Journal > Requirements for publication > Council of Editors > Peer-review process > Policy of publication. Aims & Scope. > Article retraction > Ethics > Online First Pre-Publication > Copyright & Licensing Policy > Digital archiving policy > Open Access Policy > Open access publishing costs > Article Identification Policy > Plagiarism check policy
Journals in science databases
About the Journal

Публикация за 72 часа - теперь это реальность!
При необходимости издательство предоставляет авторам услугу сверхсрочной полноценной публикации. Уже через 72 часа статья появляется в числе опубликованных на сайте издательства с DOI и номерами страниц.
По первому требованию предоставляем все подтверждающие публикацию документы!
MAIN PAGE > Back to contents
Cybernetics and programming
Reference:

Using technical indicators to identify insider threats

Polyanichko Mark Aleksandrovich

PhD in Technical Science

Associate Professor, Department of Computer Science and Information Security, Emperor Alexander I St. Petersburg State University of Communications

190031, Russia, Sankt-Peterburg oblast', g. Saint Petersburg, ul. Moskovskii, 9

polyanichko@pgups.ru
Другие публикации этого автора
 

 

DOI:

10.25136/2306-4196.2018.6.27970

Review date:

10-11-2018


Publish date:

15-01-2019


Abstract.

Detecting insider threats and countering them is a complex task faced by information security experts in both the commercial sector and government organizations. Modern organizations depend on information technology and their information assets, which makes the problem of confronting insiders all the more urgent. Identification of insiders can be carried out by introducing a complex of both technical and organizational measures. The article proposes the use of data from the work logs of information protection software and other monitoring tools to identify insider threats and highlights a set of indicators indicating the presence of suspicious employee actions. The set of technical indicators (indicators) proposed in the article can be used to build a system of logical rules or fuzzy inference rules that allow identifying insiders in an organization. The introduction of mechanisms for analyzing the proposed indicators will improve the efficiency of the information security administrator and will help prevent incidents related to the implementation of insider threats.

Keywords: information security tools, indicator, insider detection, insider, information security, internal threats, monitoring, insider threats, suspicious actions, staff
This article written in Russian. You can find full text of article in Russian here .

References
1.
Insider Threat Report: 2018 - CA Technologies // CA Technologies URL: https://www.ca.com/content/dam/ca/us/files/ebook/insider-threat-report.pdf (data obrashcheniya: 18.07.2018).
2.
Kauh J. [i dr.]. Indicator-based behavior ontology for detecting insider threats in network systems // KSII Transactions on Internet and Information Systems. 2017. № 10 (11). C. 5062–5079.
3.
Smith J.A., Holloway R. Mitigating cyber threat from malicious insiders 2014. C. 1–8.
4.
Thomas Georg, Patrick D., Meier M. Ethical issues of user behavioral analysis through machine learning // Journal of Information System Security. 2017. № 1 (13). C. 3–17.
5.
Verizon 2015 Data Breach Investigations Report // Information Security. 2015. C. 1–70.
6.
Anikin I.V. Upravlenie vnutrennimi riskami informatsionnoi bezopasnosti korporativnykh informatsionnykh setei // Nauchno-tekhnicheskie vedomosti SPbGPU. Informatika. Telekommunikatsii. Upravlenie. 2009. №3 (80).
7.
Zade L. Ponyatie lingvisticheskoi peremennoi i ego primenenie k prinyatiyu priblizhennykh reshenii. — M.: Mir, 1976.
8.
Kofman A. Vvedenie v teoriyu nechetkikh mnozhestv. — M.: Radio i svyaz', 1982. — 432 c.
9.
Polyanichko M.A., Korolev A.I. Podkhod k vyyavleniyu insaiderskikh ugroz v organizatsii // Estestvennye i tekhnicheskie nauki. 2018. - №9., Vypusk (123). - 2018 - s. 152 - 154.
10.
Polyanichko M.A. Sovremennoe sostoyanie metodov obnaruzheniya i protivodeistviya insaiderskim ugrozam informatsionnoi bezopasnosti // Colloquium-Journal. 2018. № 9–1 (20). C. 44–46.
11.
Polyanichko M.A., Punanova K.V. Osnovnye problemy prakticheskogo primeneniya cheloveko-orientirovannogo podkhoda k obespecheniyu informatsionnoi bezopasnosti // «Fundamental'nye i prikladnye razrabotki v oblasti tekhnicheskikh i fiziko-matematicheskikh nauk» Sbornik nauchnykh statei po itogam raboty tret'ego mezhdunarodnogo kruglogo stola. - M.: Obshchestvo s ogranichennoi otvetstvennost'yu «KONVERT». 2018. C. 57–60.
12.
Polyanichko M.A. Osnovnye mery protivodeistviya insaiderskim ugrozam informatsionnoi bezopasnosti // «Fundamental'nye i prikladnye razrabotki v oblasti tekhnicheskikh i fiziko-matematicheskikh nauk» Sbornik nauchnykh statei po itogam raboty tret'ego mezhdunarodnogo kruglogo stola. - M.: Obshchestvo s ogranichennoi otvetstvennost'yu «KONVERT». 2018. C. 43–46.
13.
Rutkovskaya D., Pilin'skii M., Rutkovskii L. Neironnye seti, geneticheskie algoritmy i nechetkie sistemy: Per. s pol'sk. I.D. Rudinskogo, Tom 452. — Moskva: Goryachaya liniya-Telekom, 2006.
14.
Chto takoe SIEM - sistemy i dlya chego oni nuzhny? // ANTI - MALWARE [Elektronnyi resurs]. URL: https://www.anti-malware.ru/analytics/Technology_Analysis/Popular-SIEM-Starter-Use- Cases (data obrashcheniya: 25.07.2018).
Link to this article

You can simply select and copy link from below text field.


Other our sites:
Official Website of NOTA BENE / Aurora Group s.r.o.
"History Illustrated" Website