Algorithmic and software of the system profiling the actions of users of the information system
Автор: Anashkin E.V., Zhukova M.N.
Журнал: Сибирский аэрокосмический журнал @vestnik-sibsau
Рубрика: Информатика, вычислительная техника и управление
Статья в выпуске: 4 т.21, 2020 года.
Бесплатный доступ
The paper describes the software of the system for profiling the actions of users of the information system. This profiling system is aimed at solving the problem of trust in users of information systems. The system should regulate access to protected resources by analyzing user behavior. The algorithmic component of the system is represented by a user behavior model and a general system operation algorithm. The user behavior model is based on the apparatus of Markov chains Software implementation allows in practice to obtain the foundations of the proposed approach to work. At the development stages, the choice of software architecture is carried out. The client-server architecture was chosen as a reasonable decision. The software component of the user activity profiling system consists of five separate software modules. At the end of development, a brief testing of the components is carried out. The novelty of this work lies in the proposal of an approach that uses the profiling of user actions as an additional determining factor in managing access to objects, as a way to strengthen the basic measures “Controlling access of subjects to access objects” in the order system of FSTEC of Russia.
User behavior analysis, access control, information security software
Короткий адрес: https://sciup.org/148321996
IDR: 148321996 | DOI: 10.31772/2587-6066-2020-21-4-466-477
Список литературы Algorithmic and software of the system profiling the actions of users of the information system
- Data Breach Investigations Report. 2019, 78 p. Available at: https://enterprise.verizon.com/ resources/ reports/2019-data-breach-investigations-report.pdf (accessed 14.09.2020).
- Utechki dannykh. Rossiya [Analytical report GK Infowatch], Moscow, 2018 (In Russ). Available at: https://www.infowatch.ru/resources/analytics/reports/russi a2018 (accessed 14.09.2020).
- Lukatskiy A. V. Novaya kontseptsiya kiberbe-zopasnosti Cisco Trusted Access [New cybersecurity concept Cisco Trusted Access]. Samara, 2019, 55 p. (In Russ). Available at: https://www.slideshare.net/ lukatsky/ zero-trust-196618076 (accessed 15.09.2020).
- Kindervag J. No More Chewy Centers: The Zero Trust Model Of Information Security, Forrester, March 23, 2016. 18 p.
- Shashanka M., Shen M., Wang J. User and Entity Behavior Analytics for Enterprise Security. IEEE International Conference on Big Data (Big Data). 2016, P. 1867-1874. Doi: 10.1109/BigData.2016.7840805.
- Alruwaythi M., Nygard K. E. Fuzzy logic Approach Based on User behavior Trust in Cloud Security. 2019 IEEE International Conference on Electro Information Technology (EIT). Brookings, SD, USA, 2019. Doi: 10.1109/EIT.2019.8834173.
- Li Y., Zhang T. Anomaly Detection of User Behavior for Database Security Audit Based on OCSVM. 3rd International Conference on Information Science and Control Engineering. Beijing, China, 2016, P. 214-219. Doi: 10.1109/ICISCE.2016.55.
- Ghazinour K., Ghayoumi M. An Autonomous Model to Enforce Security Policies Based on User's Behavior. Conf. 14th International Conference on Computer and Information Science (ICIS), Las-Vegas, USA, June 28 - July 1 2015, 6 p. Doi: 10.1109/ICIS.2015.7166576.
- Xi X., Shu-tao X., Xin-guang T., Qi-bin Z. Anomaly detection of user behavior based on DTMC with states of variable-length sequences. The Journal of China Universities of Posts and Telecommunication. Vol. 18(6), P. 106-115. Doi: 10.1016/S1005-8885(10)60128-8.
- Yang F., Wu J., Tang S., Zhang H. Dynamic Knowledge Repository-based Security Auxiliary System of User behavior. Conf. IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing, Beijing, China, 20-23 Aug. 2013. Doi: 10.1109/GreenCom-iThings-CPSCom.2013.390.
- FSTEC of Russia. Acts. On approval of requirements for ensuring information security in automated production and technological process control systems at critical facilities, potentially dangerous facilities, as well as objects that pose an increased risk to human life and health and the environment : order of the FSTEC of Russia No. 31 : approved on March 14, 2014 : registered by the Ministry of justice of Russia on February 22, 2018, registration number 50118. Available at: https://fstec.ru/ normotvorcheskaya/akty/53-prikazy/868-prikaz-fstek-rossii-ot-14-marta-2014-g-n-31 (accessed 15.09.2020).
- FSTEC of Russia. Acts. On approval of requirements for ensuring the security of significant objects of critical information infrastructure of the Russian Federation: order of the FSTEC of Russia No. 239: approved on December 25, 2017: registered by the Ministry of justice of Russia on March 26, 2018, registration number 50524. Available at: https://fstec.ru/normotvorcheskaya/akty/53-prikazy/1592-prikaz-fstek-rossii-ot-25-dekabrya-2017-g-n-239 (accessed 15.09.2020).
- FSTEC of Russia. Acts. On approval of requirements for the protection of information that does not constitute a state secret contained in state information systems: order of the FSTEC of Russia No. 17 : approved on February 11, 2013: registered by the Ministry of justice of Russia on may 31, 2013, registration number 28608. Available at: https://fstec.ru/normotvorcheskaya/akty/53-prikazy/702-prikaz-fstek-rossii-ot-11-fevralya-2013-g-n-17 (accessed 16.09.2020).
- FSTEC of Russia. Acts. On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems: order FSTEC of Russia No. 21: approved on February 18, 2013: registered by the Ministry of justice of Russia on may 14, 2013, registration number 28375. Available at: https://fstec.ru/normotvorcheskaya/akty/53-prikazy/691-prikaz-fstek-rossii-ot-18-fevralya-2013 -g-n-21 (accessed 16.09.2020).
- Federal state statistics service. region of Russia. Socio-economic indicators-2019. Information and communication technologies. Number of personal computers per 100 employees: official website. Available at: https://gks.ru/bgd/regl/b19_14p/IssWWW.exe/Stg/d02/19 -04.docx (accesed 16.09.2020).
- Microsoft Docs. File System Minifilter Drivers: official documentation. Available at: https://docs.microsoft.com/en-us/windows-hardware/ drivers/ifs/filter-manager-concepts (accessed 17.09.2020).
- Shildt G. C# uchebnyy kurs [C# Training course]. St.Petersburg, Piter Publ., 2003, 20 p.
- Microsoft Docs. Sysmon: official documentation. Available at: https://docs.microsoft.com/en-us/sysinternals/ downloads/sysmon (accessed 17.09.2020).
- Python: official site. Available at: https://docs.python.org/3/ (accessed 17.09.2020).
- Kernigan, B.V. Yazyk Si [Language C]. Moscow, Williams Publ, 2017, 288 p.
- PostgreSQL: The World's Most Advanced Open Source Relational Database. Available at: https://www.postgresql.org/ (accessed 18.09.2020).