Abstract
The present paper discusses various aspects of embedding the intrusion detection system based on the personal adaptive behavior profile into the existing complex information system. The paper proposes the classification of types of access to the target information infrastructure in order to assess the feasibility of the established system integration. The criteria for evaluating the effectiveness of the implementation of the established system are also described. A method for calculating the dynamic threshold level of abnormality is proposed in the present research. The paper also considers a technique of adjusting the sensitivity of the system in case of abnormal user behavior. The paper describes the approach used for system scaling in case of an increase in the intensity of the incoming requests.
Similar content being viewed by others
References
Viswanath, B., et al., Towards detecting anomalous user behavior in online social networks, 23rd USENIX Security Symposium (USENIX Security 14), 2014, pp. 223–238.
Ted, E., et al., Detecting insider threats in a real corporate database of computer usage activity, Proc. 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, ACM, 2013, pp. 1393–1401.
Young, W.T., et al., Use of domain knowledge to detect insider threats in computer activities, Security and Privacy Workshops (SPW), IEEE, 2013, pp. 60–67.
Markov, A.A., Theory of Algorithms, Moscow, 1954.
Osipov, P.A. and Borisov, A.N., System for anomalous activity detection based on Markov models, Autom. Control Comput. Sci., 2011, vol. 45, no. 2, pp. 46–60.
Day, J.D. and Zimmermann, H., The OSI Reference Model, Proc. IEFJ2, 1983, vol. 71, no. 12, pp. 1334–1340.
Osipov, P.A., Mrochko, A.E., and Borisov, A.N., Identification of differences of user behavior profiles and user class templates, Autom. Control Comput. Sci., 2014, vol. 48, no. 2, pp. 65–79.
Cover, T.M. and Thomas, J.A., Elements of Information Theory, New Jersey: A John Wiley & Sons, 2006, 2nd ed.
Shirai, K., Interest Rate Risk Modeling Using Extended Lognormal Distribution with Variable Volatility, Stochastic Modeling, International Actuarial Association, 2010.
Bongard, M., Pattern Recognition, SAMS, 2000.
Sheskin, D., Handbook of Parametric and Nonparametric Statistical Procedures, CRC Press, 2004.
Kallenberg, O., Foundations of Modern Probability, Springer-Verlag, 2002, 2nd ed.
Bell, G., Gray, J., and Szalay, A., Petascale computational systems: Balanced cyber infrastructure in a data-centric world, IEEE Comput., 2006, vol. 39, no. 1, pp. 110–112.
Sevens, R., White, A., Dosanjh, S., et al., Scientific Grand Challenges: Architectures and Technology for Extreme-Scale Computing Report, 2011.
Rupali, A. and Aggarwal, R.R., Modeling and querying data in Mongodb, Int. J. Sci. Eng. Res., 2013, vol. 4, no. 7, pp. 141–144.
Author information
Authors and Affiliations
Corresponding author
Additional information
The article is published in the original.
About this article
Cite this article
Osipov, P.A., Aleksejeva, L.Y., Borisov, A.N. et al. Implementation and operation aspects of a system for detecting abnormally level of user activity. Aut. Control Comp. Sci. 51, 417–425 (2017). https://doi.org/10.3103/S0146411617060050
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411617060050