Beyond Information System User Behavior Models: The Power of User Groups in Preventing Insider Attacks
Lecture Notes in Networks and Systems 2024
Oksana Ņikiforova, Vitālijs Zabiņako

Traditional information security methods, such as access control and firewalls, cannot always provide effective protection against internal threats. Analysis of user behavior allows us to identify anomalous actions that may indicate an attempt to gain unauthorized access to information or commit other illegal actions. The most common sign about suspicious user behavior is changing system usage patterns, atypical data queries, an attempt to access unallowed resources, sudden change in workload, etc. Various methods can be used to analyze user behavior, such as collection and analysis of data about user actions in the system and application of machine learning methods to identify anomalous patterns. All these methods analyze the behavior of individual users relative to their usual behavior. Such an analysis may be inaccurate if it is determined that the user regularly makes unauthorized use of information systems. This paper proposes grouping users according to their behavior patterns and analyze the behavior of each individual user against the behavior that is expected for the group. Then, by excluding user behavior data from the group's expected behavior pattern, the behavior pattern of the individual user can be analyzed against the behavior of the remained users in the group. The novelty consists in obtaining more precise behavioral analyzes by introducing the concept of subgroups (groups consisting of the users remaining after the extraction of the respective user, which is analyzed against expected behavior model of its group).


Keywords
Insider Threats, Machine Learning, User Behavior Modelling, e-StepControl
DOI
10.1007/978-3-031-66329-1_43
Hyperlink
https://link.springer.com/chapter/10.1007/978-3-031-66329-1_43

Ņikiforova, O., Zabiņako, V. Beyond Information System User Behavior Models: The Power of User Groups in Preventing Insider Attacks. In: Intelligent Systems and Applications (IntelliSys 2024). Lecture Notes in Networks and Systems. Vol.1065. Cham: Springer, 2024. pp.670-684. ISBN 978-3-031-66328-4. e-ISBN 978-3-031-66329-1. ISSN 2367-3370. e-ISSN 2367-3389. Available from: doi:10.1007/978-3-031-66329-1_43

Publication language
English (en)
The Scientific Library of the Riga Technical University.
E-mail: uzzinas@rtu.lv; Phone: +371 28399196