Informatics and Applications
2020, Volume 14, Issue 3, pp 76-80
IDENTIFYING ANOMALIES USING METADATA
- A. A. Grusho
- E. E. Timonina
- N. A. Grusho
- I. Yu. Teryokhina
Abstract
The paper discusses the problem of information technology security control based on computer audit data. These data are the sequence of small samples, each of which describes the transmission of information from one transformation to another. Information technologies are represented by mathematical models in the form of oriented acyclic graphs. In the article, such graphs describing data transmission are called metadata. In integrated computer audit data, there may be at the same time traces of the execution of several information technologies described by their graphs. This makes it difficult to recognize information flows that correspond to arcs of different graphs. The concept of legal information flow is introduced in the paper, which corresponds to the transfer of data of all information technologies being performed. Information flows that do not correspond to the execution of existing information technologies are called illegal or anomalies. Such information flows can occur due to hostile activities of insiders or due to errors in user actions. The article solves the problem of effective identification of legal information flows and anomalies on the basis of metadata.
[+] References (12)
- Samuylov, K. E., A. V. Chukarin, and N. V. Yarkina. 2009. Biznes-protsessy i informatsionnye tekhnologii v upravlenii telekommunikatsionnymi kompaniyami [Business processes and information technologies in management of the telecommunication companies]. Moscow: Alpina Pabls. 442 p.
- Grusho, N.A., A. A. Grusho, M. I. Zabezhailo, and
E. E. Timonina. 2020. Metody nakhozhdeniya prichin sboev v informatsionnykh tekhnologiyakh s pomoshch'yu metadannykh [Methods of finding the causes of information technology failures by means of meta data]. Informatika i ee Primeneniya - Inform. Appl. 14(2):33-39.
- DoD 5200.28-STD. 1985. Department of Defense Trusted Computer System Evaluation Criteria. Available at: http://csrc.nist.gov/publications/history/dod85.pdf (accessed July 14, 2020).
- Grusho, A. A., E. A. Primenko, and E. E. Timonina. 2009. Teoreticheskie osnovy komp'yuternoy bezopasnosti [Theo-retical bases of computer security]. Moscow: Academy. 272 ð.
- Aalst, W, T. Weijters, and L. Maruster. 2004. Work-flow mining: Discovering process models from event logs. IEEE T. Knowl. Data En. 16(9):1128-1142.
- Bezerra, F, and J. Weiner. 2013. Algorithms of anomaly detection of traces in logs of process aware information systems. Inform. Syst. 38(1):33-44.
- Grusho, A., N. Grusho, and E. Timonina. 2016. Detection of anomalies in non-numerical data. 8th Congress (International) on Ultra Modern Telecommunications and Control Systems and Workshops Proceedings. Piscataway NJ: IEEE. 273-276.
- Grusho, A. A., E. E. Timonina, and S.Ya. Shorgin. 2018. Ierarkhicheskiy metod porozhdeniya metadannykh dlya upravleniya setevymi soedineniyami [Hierarchical method of meta data generation for control of network connections]. Informatika iee Primeneniya - Inform. Appl. 12(2):44-49.
- Grusho, A. A., N. A. Grusho, and E. E. Timonina. 2019. Information flow control on the basis of meta data. Distributed computer and communication networks, 22nd International Conference, Revised Selected Papers. Eds. V. M. Vishnevskiy, K. E. Samouylov, and
D. V. Kozyrev. Lecture notes in computer science ser. Springer. 11965:548-562.
- Grusho, A. A., E. E. Timonina, and S.Ya. Shorgin. 2017. Modelling for ensuring information security of the distributed information systems. 31th European Conference on Modelling and Simulation Proceedings. Dudweiler, Germany: Digitaldruck Pirrot GmbH. 656-660.
- Ryser, H. J. 1963. Combinatorial mathematics. New York, NY: Wiley. 154 p.
- Hall, M., Jr. 1967. Combinatorial theory. New York, NY Wiley. 424 p.
[+] About this article
Title
IDENTIFYING ANOMALIES USING METADATA
Journal
Informatics and Applications
2020, Volume 14, Issue 3, pp 76-80
Cover Date
2020-09-30
DOI
10.14357/19922264200311
Print ISSN
1992-2264
Publisher
Institute of Informatics Problems, Russian Academy of Sciences
Additional Links
Key words
information security; information flow; anomalies; metadata; systems of different representatives
Authors
A. A. Grusho  , E. E. Timonina , N. A. Grusho , and I. Yu. Teryokhina 
Author Affiliations
Institute of Informatics Problems, Federal Research Center "Computer Science and Control" of the Russian Academy of Sciences, 44-2 Vavilov Str., Moscow 119333, Russian Federation
Faculty of Computational Mathematics and Cybernetics, M. V. Lomonosov Moscow State University, 1-52 Lenin-skiye Gory, GSP-1, Moscow 119991, Russian Federation
|