Russian Psychological Issues PsyJournals.ru
OPEN ACCESS JOURNALS
JournalsTopicsAuthorsEditor's Choice About PsyJournals.ruContact Us

  Previous issue (2018. Vol. 11, no. 2)

Web of Science EBSCO Academic Search International database Ulrich’s Periodicals Directory DOAJ ERIH PLUS Higher Attestation Commission Russian Science Citation Index VINITI Database RAS
CrossRef

Experimental Psychology (Russia)

Publisher: Moscow State University of Psychology and Education

ISSN (printed version): 2072-7593

ISSN (online): 2311-7036

DOI: http://dx.doi.org/10.17759/exppsy

Started in 2008

Published quarterly

Free of fees
Open Access Journal

 

Quantitative criteria for recognizing the incorrect behavior of computer network users

Kuravsky L.S., Doctor in Technical Sciences, Dean of the Department of Information Technologies, Moscow State University of Psychology & Education, Moscow, Russia, l.s.kuravsky@gmail.com
Yuryev G.A., Ph.D. in Physics and Matematics, associate professor, Deputy Dean of the Department of Information Technologies, Moscow State University of Psychology & Education, Moscow, Russia, g.a.yuryev@gmail.com
Scribtsov P.V., Ph.D. in Technical Sciences, general Director, Pavlin Techno, Moscow, Russia, pvs@pawlin.ru
Chervonenkis M.A., Leading researcher, Pavlin Techno, Moscow, Russia, chervonenkis@yandex.ru
Konstantinovsky A.A., Student, Moscow State University of Psychology & Education, Moscow, Russia, sanekkonst@gmail.com
Shevchenko A.A., Master student, Moscow State University of Psychology & Education, Moscow, Russia, apokend@gmail.com
Isakov S.S., Master student, Moscow State University of Psychology & Education, Moscow, Russia, phebra@yandex.ru
Abstract
Two approaches for recognizing the incorrect behavior of computer network users are presented. The first one relies on the technique of statistical hypotheses testing and uses self-organizing feature maps (Kohonen networks) for generating target statistics. The second approach recognizes dangerous activity using executed sequences of relevant typical actions, with their dynamics being represented with the aid of Markov chains.

Keywords: computer network threats, user activity, self-organizing feature maps, Markov chains

Column: Mathematical Psychology

DOI: http://dx.doi.org/10.17759/exppsy.2018110302

For Reference

References
  1. Bol’shev A.K. Algoritmy preobrazovaniya i klassifikacii trafika dlya obnaruzheniya vtorzhenij v komp’yuternye seti: diss. ... kand. tekhn. Nauk [Algorithms of classification of traffic for inclusion in computer networks. PhD thesis]. 05.13.11, 05.13.19 SPb, Gos. ehlektrotekhn. un-t (LEHTI), 2011, 155 p. (In Russ.).
  2. Dajneko V.YU. Razrabotka modeli i algoritmov obnaruzheniya vtorzhenij na osnove dinamicheskih bajesovskih setej: diss. ... kand. tekhn. Nauk [Development of a model and algorithms of detection of inclusions based on dynamic Bayesian networks. PhD thesis]. SPb, Nac. issled. un-t informac. tekhnologij, mekhaniki i optiki, 2013, 131 p. (In Russ.).
  3. Kuravskiy L.S., Margolis A.A., Marmalyuk P.A., Panfilova A.S., YUr’ev G.A. Matematicheskie aspekty koncepcii adaptivnogo trenazhera [Mathematical aspects of the conception of an adaptive training]. Psihologicheskaya nauka i obrazovanie [Psychological science and education], 2016, vol. 21, no. 2, pp. 84—95. doi: 10.17759/pse.2016210210. (In Russ.).
  4. Kuravskiy L.S., Yuriev G.A. Veroyatnostnyj metod fil’traciiartefaktov pri adaptivnom testirovanii [Probability method of filtration in adaptive testing]. Eksperimental’naya psihologiya [Experimental Psychology], 2012, vol. 5. no. 1, pp. 119—131. (In Russ.).
  5. Kuravskiy L.S., Yuriev G.A. Ispol’zovanie markovskih modelej pri obrabotke rezul’tatov testirovaniya [Using Markov models for testing analysis]. Voprosy psihologii [Issues in Psychology], 2011, no. 2, pp. 98— 107.
  6. Kuravskiy L.S., Yuriev G.A., Ushakov D.V., Pominov D.A., Yurieva N.E., Valueva E.A., Lapteva E.M. Diagnostika po testovym traektoriyam: metod patternov [Diagnostic of testing trajectories: method of patterns]. Eksperimental’naya psihologiya [Experimental Psychology], 2018, vol. 11, no. 2, pp. 77—94. doi:10.17759/exppsy.2018110206. (In Russ.).
  7. Markovskie modeli v zadachah diagnostiki i prognozirovaniya: Ucheb. Posobie [Markov models in diagnostics and prognosis. Manuel]. L.S. Kuravskoy (Eds.). Moscow, Izd-vo MGPPU, 2017, 203 p. (In Russ.).
  8. Otchet o prikladnyh nauchnyh issledovaniyah i ehksperimental’nyh razrabotkah na temu «Razrabotka intellektual’nyh algoritmov vyyavleniya setevyh ugroz v oblachnoj vychislitel’noj srede i metodov zashchity ot nih, osnovannyh na analize dinamiki trafika i opredelenii otklonenij v povedenii pol’zovatelej» // № gosregistracii AAAA-A17-117122890077-5. Etap 1. FCP «Issledovaniya i razrabotki po prioritetnym napravleniyam razvitiya nauchno-tekhnicheskogo kompleksa Rossii na 2014—2020 gody». Soglashenie o predostavlenii subsidii № 14.579.21.0155 ot 26.09.2017. (In Russ.).
  9. Fatkieva R.R. Korrelyacionnyj analiz anomal’nogo setevogo trafika [Correlation analysis of abnormal internet traffic]. Trudy SPIIRAN, 2012, no. 23, pp. 93—99. (In Russ.).
  10. Fatkieva R.R. Model’ obnaruzheniya atak na osnove analiza vremennyh ryadov [Model of detection of attacks based on time analysis]. Trudy SPIIRAN, 2012, no. 2, pp. 71—80. (In Russ.).
  11. Fatkieva R.R., Levonevskij D.K. Detektirovanie komp’yuternyh atak metodom singulyarnogo spektral’nogo razlozheniya [Detecting of computer attacks using singular spectral method]. Trudy SPIIRAN, 2013, no. 25, pp. 135—147. (In Russ.).
  12. Fatkieva R.R., Levonevskij D.K. Primenenie binarnyh derev’ev dlya agregacii sobytij sistem obnaruzheniya vtorzhenij [Using binary trees for agregations of events in systems of inclusion detecting]. Trudy SPIIRAN, 2015, no. 40, pp. 110—121. (In Russ.).
  13. «CatchSync»: Catching Synchronized Behavior in Large Directed Graphs. URL: http://www.meng-jiang.com/pubs/catchsync-kdd14/catchsync-kdd14-paper.pdf
  14. AlGhamdi G.A., Laskey K.B., Wright E.J., Barbara D., and Chang K. Modeling insider user behavior using multi-entity Bayesian network. 10th International Command and Control Research and Technology Symposium, 2008, vol. 4444, no. 703.
  15. Banafar H., Sharma, S. Intrusion Detection and Prevention System for Cloud Simulation Environment using Hidden Markov Model and MD5. International Journal of Computer Applications, 2014, vol. 90, no. 19, pp. 6—11. doi: 10.5120/15826-4490
  16. Hameed U.N., Ahamd F., Alyas T., Khan, W. Intrusion Detection and Prevention in Cloud Computing using Genetic Algorithm. International Journal of Scientific and Engineering Research, 2014, vol. 5.
  17. Herrero A, Corchado E. In: Abraham A, Hassanien A-E, de Carvalho A, Editors. Mining Network Traffic Data for Attacks through MOVICAB-IDS Foundations of Computational Intelligence, 4 204. Berlin Heidelberg, Springer, 2009, pp. 377—94
  18. Hong B., Peng F., Deng B., Hu Y., Wang D. DAC-Hmm: detecting anomaly in cloud systems with hidden Markov models. Concurrency Computat, Pract. Exper, 2015, vol. 27, pp. 5749—5764. doi: 10.1002/ cpe.3640
  19. Hua Zhang, Shixiang Zhu, Xiao Ma, Jun Zhao, Zeng Shou. A Novel RNN-GBRBM Based Feature Decoder for Anomaly Detection Technology in Industrial Control Network. IEICE Transactions, 2017, pp. 1780—1789.
  20. Kohonen T. Self-Organizing Maps. Springer. 2001, 501 p.
  21. Kuravsky L.S., Marmalyuk P.A., Yuryev G.A., Belyaeva O.B., Prokopieva O.Yu. Mathematical Foundations of Flight Crew Diagnostics Based on Videooculography Data. Applied Mathematical Sciences, 2016, vol. 10, no. 30, pp. 1449—1466. URL: http://dx.doi.org/10.12988/ams.2016.6122.
  22. Kuravsky L.S., Yuryev G.A. On the approaches to assessing the skills of operators of complex technical systems. In Proc. 15th International Conference on Condition Monitoring & Machinery Failure Prevention Technologies, Nottingham, UK, 2018, 25 pp.
  23. Modi K., Quadir A. Detection and Prevention of DDoS Attacks on the Cloud using Double-TCP Mechanism and HMM-based Architecture. International Journal of Cloud Computing and Services Science (IJ-CLOSER), 2014, vol. 3.
  24. Secure use of cloud apps & services. CABS. Cloud Access Security Broker. Symantec. URL: https:// www.symantec.com/content/dam/symantec/docs/solution-briefs/secure-use-of-cloud-apps-and-services. pdf
  25. Singh T., Verma S., Kulshrestha V., Katiyar S. Intrusion Detection System Using Genetic Algorithm for Cloud. In: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies. New York, NY, USA, 2016, Article 115, 6 pages. DOI: http://dx.doi. org/10.1145/2905055.2905175
  26. Wang Y., Anguo Z., Jichun Z. A Case-Based Reasoning Method for Network Security Situation Analysis. International Conference on Control, Automation and Systems Engineering (CASE), 2011, pp. 1—4.
  27. Yu M., Huang S., Yu Q., Wang Y., Gao J. A Density-based Binary SVM Algorithm in the Cloud Security. International Journal of Security and Its Applications, 2015, vol. 9, pp. 153—162. doi: 10.14257/ ijsia.2015.9.7.14
comments powered by Disqus
 
About PsyJournals.ruLaureate of the XIV National psychological contest «Golden Psyche» at the results of 2012

© 1997–2018 Portal of Russian Psychological Publications. All rights reserved

PsyJournals.ru in Russian

Publisher: Moscow State University of Psychology and Education

Catalogue of academic journals in psychology & education MSUPE NEW!

RSS Psyjournals at facebook Psyjournals at Twitter Psyjournals at Youtube Яндекс.Метрика