Detecting and Identifying Insider Threats Based on Advanced Clustering Methods
IEEE Access 2024
Oksana Ņikiforova, Andrejs Romānovs, Vitālijs Zabiņako, Jurijs Korņijenko

This paper explores the analysis of user behavior in information systems through audit records, creating a behavior model represented as a graph. The model captures actions over a specified period, facilitating real-time comparison to identify insider threats exploring anomalies detected in behavior models. “e-StepControl,” developed by “ABC software” Ltd., incorporates this approach for monitoring user behavior in different business environments. The study proposes enhancing this solution with automatic user clustering, achieved by grouping individuals exhibiting similar behavior patterns using AI/ML algorithms. The research evaluates various clustering methods, discussing their suitability for grouping users based on their behavior. The subsequent step involves leveraging user class behavior models to identify anomalies by comparing an individual’s actions with the behavior model expected in their specific user group. This extension aims to enhance the system’s ability to detect potentially malicious activities, providing data security administrators with timely alerts in case of deviations from typical behavior.

Atslēgas vārdi
Anomaly detection, clustering algorithms, data mining, information system user behavior analysis, information technology security, insider threats detection

Ņikiforova, O., Romānovs, A., Zabiņako, V., Korņijenko, J. Detecting and Identifying Insider Threats Based on Advanced Clustering Methods. IEEE Access, 2024, Vol. 12, 30242.-30253.lpp. e-ISSN 2169-3536. Pieejams: doi:10.1109/ACCESS.2024.3365424

Publikācijas valoda
English (en)
RTU Zinātniskā bibliotēka.
E-pasts:; Tālr: +371 28399196