Systems and Means of Informatics
2017, Volume 27, Issue 2, pp 48-59
IMITATION MODEL OF INSIDER DETECTION BY STATISTICAL TECHNIQUES
Abstract
The paper considers the task of insider detection in a group of analysts who work with a data warehouse, presented as a raw table with a huge amount of attributes. The main difference in the behavior of a legitimate analyst and an insider is that the latter collects data redundant for his/her functionality during his/her work cycle. Thus, to detect an insider, it is enough to detect the regular fact of redundancy on his/her requests of data, which he/she can consider and use to damage a company. The paper presents the mathematical model of insider behavior, the formal definition of the main difference in the behavior of a legitimate analyst and an insider, and the results of modeling. The conditions when it is possible to use statistical criteria to solve the task are found.
[+] References (10)
- General Services Administration. 22.10.2010. Retrieved 05.12.2011. Anomaly detection at multiple scales (ADAMS). 40 p. Available at: https://www. fbo.gov/download/2f6/2f6289e99a0c04942bbd89ccf242fb4c/DARPA-BAA-ll-04_ ADAMS.pdf/ (accessed April 27, 2017).
- Senator, T., D. Bader, E. Chow, et al. 2013. Detecting insider threats in a real corporate database of computer usage activity. 19th ACM SIGKDD Conference (International) on Knowledge Discovery and Data Mining Proceedings. New York, NY: ACM. 1393-1401.
- Yu, R., X. He, and Y. Liu. 07.10.2014. GLAD: Group anomaly detection in social media analysis. arXiv.org. arXiv:1410.1940.
- System G: Developed graph computing industry solutions. 2014. Available at: http://systemg.research.ibm.com/solutions.html (accessed April 27, 2017).
- Allure Security Technology Inc. November 9, 2011. Anomaly detection at multiple scales (ADAMS). Final Report. Available at: https://info.publicintelligence. net/DARPA-ADAMS.pdf (accessed April 27, 2017).
- Kleijen, J.P. C. 1974. Statistical techniques in simulation. Part 1. New York, NY: Marcel Dekker, Inc. 285 p.
- Kleijen, J. P. C. 1975. Statistical techniques in simulation. Part 2. New York, NY: Marcel Dekker, Inc. 488 p.
- Shennon, R.E. 1975. Systems simulation - the art and science. Englewood Cliffs, NJ: Prentice-Hall, Inc. 387 p.
- Matsumoto, M., and T. Nishimura. 1998. Mersenne twister: A 623-dimensionally equidistributed uniform pseudo-random number generator. ACM Trans. Model. Com- put. 8(1):3-30.
- Grusho, A., N. Grusho, and E. Timonina. 2016. Detection of anomalies in non- numerical data. 8th Congress (International) on Ultra Modern Telecommunications and Control Systems and Workshops Proceedings. Piscataway, NJ: IEEE. 273-276.
[+] About this article
Title
IMITATION MODEL OF INSIDER DETECTION BY STATISTICAL TECHNIQUES
Journal
Systems and Means of Informatics
Volume 27, Issue 2, pp 48-59
Cover Date
2017-05-30
DOI
10.14357/08696527170205
Print ISSN
0869-6527
Publisher
Institute of Informatics Problems, Russian Academy of Sciences
Additional Links
Key words
insider threat; redundant data collection; statistical criteria; mathematical model; systems simulation
Authors
E. A. Martyanov 
Author Affiliations
M. V. Lomonosov Moscow State University, Faculty of Computational Mathematics and Cybernetics, GSP-1, Leninskie Gory, Moscow 119991, Russian Federation
|