Informatics and Applications
2020, Volume 14, Issue 4, pp 3-8
ON PROBABILISTIC ESTIMATES OF THE VALIDITY OF EMPIRICAL CONCLUSIONS
- A. A. Grusho
- M. I. Zabezhailo
- D. V. Smirnov
- E. E. Timonina
Abstract
The work focuses on some features of data analysis in insider search problems. The possibilities of using different approaches to describe the diagnosis of insider actions in the analysis of large empirical data are discussed.
In tasks of this type, it is necessary to establish (predict, diagnose, etc.) the presence or the absence of target properties in any users from a given set. The assessment of the correctness of plausible reasoning is checked on the basis of estimates of the probabilities of the random appearance of the found laws in the simplest probabilistic models. The examples discussed show at what ratios of parameters it is possible to effectively identify correlations between events with which insiders can be identified. Two methods of controlling relations between parameters are indicated, allowing to obtain content information. The first method is based on dividing the observation period at the intervals during which the desired correlation may appear. The second method relates to the ways to reduce the set of users that could potentially become insiders, i. e., the authors are talking about the formation of clusters in which probabilistic estimates become operational. The desired relationships between the parameters for finding correlations can be determined using limit theorems in the series scheme.
[+] References (14)
- Anomaly Detection at Multiple Scales. 2011. Available at: https: //info.publicintelligence.net/DARPAADAMS.pdf (accessed October 11, 2020).
- Memory, A., H.G. Goldberg, and T. E. Senator. 2013. Context-aware insider threat detection. Activity Context-Aware System Architectures: Papers from the AAAI 2013 Workshop. 44-47. Available at: https://pdfs.
semanticscholar.org/04aa/e6d97900ba62e90b07ac682fb 7bd8c2e1029.pdf (accessed August 13, 2020).
- Ruttenberg, B.E., D. Blumstein, J. Druce, et al. 2018. Probabilistic modeling of insider threat detection systems. Graphical models for security. Eds. P Liu, S. Mauw, and K. St0len. Lecture notes in computer science ser. Springer. 10744:91-98. doi: 1007/978-3-319-74860- 3_6.
- Rashid, T, I. Agrafiotis, and J. R. C. Nurse. 2016. A new take on detecting insider threats: Exploring the use of hidden Markov models. 8th ACM CCS Workshop (Interna-tional) on Managing Insider Security Threats Proceedings. ACM. 47-56.
- Gheyas, I., and A. Abdallah. 2016. Detection and prediction of insider threats to cyber security: A systematic literature review and meta-analysis. Big Data Anal. 1(6):1-29. doi: 10.1186/s41044-016-0006-0.
- Grusho, A. A., M.I. Zabezhailo, D.V. Smirnov, and
E. E. Timonina. 2017. Model' mnozhestva informatsionnykh prostranstv v zadache poiska insaydera [The model of the set of information spaces in the problem of insider detection]. Informatika i ee Primeneniya - Inform. Appl. 11(4):65-69.
- Grusho, A.A., N.A. Grusho, M.I. Zabezhailo, D. V. Smirnov, and E. E. Timonina. 2018. Parametrizatsiya v prikladnykh zadachakh poiska empiricheskikh prichin [Parametrization in applied problems of search of the empirical reasons]. Informatika i ee Primeneniya - Inform. Appl. 12(3):62-66.
- Grusho, A., N. Grusho, and E. Timonina. 2020. Method of several information spaces for identification of anomalies. Intelligent distributed computing XIII. Eds. I. Kotenko, C. Badica,V. Desnitsky, D. ElBaz, andM. Ivanovic. Studies in computational intelligence ser. Springer. 868:515- 520.
- Grusho, A. A., M.I. Zabezhailo, and E. E. Timonina. 2020. O kauzal'noy reprezentativnosti obuchayushchikh vyborok pretsedentov v zadachakh diagnosticheskogo tipa [On causal representativeness of training samples of precedents in diagnostic type tasks]. Informatika i ee Primeneniya - Inform. Appl. 14(1):80-86.
- Grusho, A. A., N.A. Grusho, and E. E. Timonina. 2019. Metody vyyavleniya "slabykh" priznakov narusheniy in- formatsionnoy bezopasnosti [Methods of identification of "weak" signs of violations of information security]. Informatika i ee Primeneniya - Inform. Appl. 13(3):3-8.
- Shiryaev, A. N. 2004. Veroyatnost' [Probability]. Moscow: MTsNMO. 521 p.
- Grusho, A. A., and E. E. Timonina. 2011. Prohibitions in discrete probabilistic statistical problems. Discrete Mathe-matics Applications 21(3):275-281.
- Grusho, A., A. Kniazev, and E. Timonina. 2005. Detection of illegal information flow. Computer network security. Eds. V. Gorodetsky, I. Kotenko, and V. Skormin. Lecture notes in computer science ser. Springer. 3685:235-244.
- Zabezhailo, M. I., and Y. Y. Trunin. 2019. On the problem of medical diagnostic evidence: Intelligent analysis of em-pirical data on patients in samples of limited size. Automatic Documentation Mathematical Linguistics 53:322-328. doi: 10.3103/S0005105519060086.
[+] About this article
Title
ON PROBABILISTIC ESTIMATES OF THE VALIDITY OF EMPIRICAL CONCLUSIONS
Journal
Informatics and Applications
2020, Volume 14, Issue 4, pp 3-8
Cover Date
2020-12-30
DOI
10.14357/19922264200401
Print ISSN
1992-2264
Publisher
Institute of Informatics Problems, Russian Academy of Sciences
Additional Links
Key words
hostile insider; causal analysis; probabilistic estimates of random appearance of properties
Authors
A. A. Grusho  , M. I. Zabezhailo  , D. V. Smirnov  , and E. E. Timonina
Author Affiliations
Institute of Informatics Problems, Federal Research Center "Computer Science and Control" of the Russian Academy of Sciences, 44-2 Vavilov Str., Moscow 119333, Russian Federation
A. A. Dorodnicyn Computing Center, Federal Research Center "Computer Science and Control" of the Russian Academy of Sciences, 40 Vavilov Str., Moscow 119333, Russian Federation
Sberbank of Russia, 19 Vavilov Str., Moscow 117999, Russian Federation
|