A method of detecting information security incidents based on anomalies in the user’s biometric behavioral characteristics
Annotation
Nowadays a significant amount of attacks on information systems are multi-stage attacks. In many cases the key subjects of attacks are insiders. The actions of an insider differ from the activity of a legitimate user, so it is possible for the latter to form a model of his behavior. Then the differences from the specified model can be classified as information security events or incidents. Existing approaches to anomaly detection in user activity use separate characteristics of user behavior, without taking into account their interdependencies and dependencies on various factors. The task of the study is to form a comprehensive characteristic of the user`s behavior when using a computer — a “digital pattern” for detecting information security events and incidents. The essence of the method is in the formation of a digital pattern of the user’s activity by analyzing his behavioral characteristics and their dependencies selected as predictors. The developed method involves the formation of a model through unsupervised machine learning. The following algorithms were considered: one-class support vector machine, isolating forest and elliptic envelope. The Matthews correlation coefficient was chosen as the main metric for the quality of the models, but other indicators were also taken into consideration. According to the selected quality metrics, a comparative analysis of algorithms with different parameters was conducted. An experiment was carried out to evaluate the developed method and compare its effectiveness with the closest analogue. Real data on the behavior of 138 users was used to train and evaluate models within the studied methods. According to the results of the comparative analysis, the proposed method showed great performance for all the considered metrics, including an increase in the Matthews correlation coefficient by 0.6125 compared to the anomaly detection method by keystroke dynamics. The proposed method can be used for continuous user authentication from unauthorized access and identifying information security incidents related to the actions of insiders.
Keywords
Постоянный URL
Articles in current issue
- Investigation of congruent lithium niobate crystal dispersion properties in the terahertz frequency range
- Polarization extinction ratio in polarization maintaining fiber sealed with glass solder
- Method for remote control of radiation parameters of spacecraft based on X-ray fluorescence analysis
- Fiber-optic amplitude bend direction and magnitude sensor
- Compensation of external disturbances for MIMO systems with control delay
- Building cryptographic schemes based on elliptic curves over rational numbers
- An algorithm for generating design solutions for data and design-production procedures management at the stages of the lifecycle of an electronic product
- Karin S.A., Karin A.I.A method for improving the efficiency of integrated processing of Earth remote sensing data in solving problems of spatial objects monitoring
- Development of a model for detecting network traffic anomalies in distributed wireless ad hoc networks
- Applying the FN-corrector to improve the quality of audio event classification
- Strengthening the role of microarchitectural stages of embedded systems design
- A multivariate binary decision tree classifier based on shallow neural network
- Improvement and comparison the performance of fuzzing testing algorithms for applications in Google Thread Sanitizer
- A method for protecting neural networks from computer backdoor attacks based on the trigger identification
- Software development system for creation adaptive user interfaces
- Light weight recommendation system for social networking analysis using a hybrid BERT-SVM classifier algorithm
- Modeling of random processes based on Karhunen-Loeve decomposition
- Numerical dissipation control of a hybrid large-particle method in vortex instability problems
- Numerical model of a pulsed subcritical streamer microwave discharge for problems of plasma ignition of fuel mixtures in the gas phase
- Numerical study on the straight, helical and spiral capillary tube for the CO2 refrigerant
- Information reconstruction from noisy channel using ghost imaging method with spectral multiplexing in visible range