Quantitative criteria for recognizing the incorrect behavior of computer network users

822

Abstract

Two approaches for recognizing the incorrect behavior of computer network users are presented. The first one relies on the technique of statistical hypotheses testing and uses self-organizing feature maps (Kohonen networks) for generating target statistics. The second approach recognizes dangerous activity using executed sequences of relevant typical actions, with their dynamics being represented with the aid of Markov chains.

General Information

Keywords: computer network threats, user activity, self-organizing feature maps, Markov chains

Journal rubric: Mathematical Psychology

Article type: scientific article

DOI: https://doi.org/10.17759/exppsy.2018110302

For citation: Kuravsky L.S., Yuryev G.A., Scribtsov P.V., Chervonenkis M.A., Konstantinovsky A.A., Shevchenko A.A., Isakov S.S. Quantitative criteria for recognizing the incorrect behavior of computer network users. Eksperimental'naâ psihologiâ = Experimental Psychology (Russia), 2018. Vol. 11, no. 3, pp. 19–35. DOI: 10.17759/exppsy.2018110302. (In Russ., аbstr. in Engl.)

References

  1. Bol’shev A.K. Algoritmy preobrazovaniya i klassifikacii trafika dlya obnaruzheniya vtorzhenij v komp’yuternye seti: diss. ... kand. tekhn. Nauk [Algorithms of classification of traffic for inclusion in computer networks. PhD thesis]. 05.13.11, 05.13.19 SPb, Gos. ehlektrotekhn. un-t (LEHTI), 2011, 155 p. (In Russ.).
  2. Dajneko V.YU. Razrabotka modeli i algoritmov obnaruzheniya vtorzhenij na osnove dinamicheskih bajesovskih setej: diss. ... kand. tekhn. Nauk [Development of a model and algorithms of detection of inclusions based on dynamic Bayesian networks. PhD thesis]. SPb, Nac. issled. un-t informac. tekhnologij, mekhaniki i optiki, 2013, 131 p. (In Russ.).
  3. Kuravskiy L.S., Margolis A.A., Marmalyuk P.A., Panfilova A.S., YUr’ev G.A. Matematicheskie aspekty koncepcii adaptivnogo trenazhera [Mathematical aspects of the conception of an adaptive training]. Psihologicheskaya nauka i obrazovanie [Psychological science and education], 2016, vol. 21, no. 2, pp. 84—95. doi: 10.17759/pse.2016210210. (In Russ.).
  4. Kuravskiy L.S., Yuriev G.A. Veroyatnostnyj metod fil’traciiartefaktov pri adaptivnom testirovanii [Probability method of filtration in adaptive testing]. Eksperimental’naya psihologiya [Experimental Psychology], 2012, vol. 5. no. 1, pp. 119—131. (In Russ.).
  5. Kuravskiy L.S., Yuriev G.A. Ispol’zovanie markovskih modelej pri obrabotke rezul’tatov testirovaniya [Using Markov models for testing analysis]. Voprosy psihologii [Issues in Psychology], 2011, no. 2, pp. 98— 107.
  6. Kuravskiy L.S., Yuriev G.A., Ushakov D.V., Pominov D.A., Yurieva N.E., Valueva E.A., Lapteva E.M. Diagnostika po testovym traektoriyam: metod patternov [Diagnostic of testing trajectories: method of patterns]. Eksperimental’naya psihologiya [Experimental Psychology], 2018, vol. 11, no. 2, pp. 77—94. doi:10.17759/exppsy.2018110206. (In Russ.).
  7. Markovskie modeli v zadachah diagnostiki i prognozirovaniya: Ucheb. Posobie [Markov models in diagnostics and prognosis. Manuel]. L.S. Kuravskoy (Eds.). Moscow, Izd-vo MGPPU, 2017, 203 p. (In Russ.).
  8. Otchet o prikladnyh nauchnyh issledovaniyah i ehksperimental’nyh razrabotkah na temu «Razrabotka intellektual’nyh algoritmov vyyavleniya setevyh ugroz v oblachnoj vychislitel’noj srede i metodov zashchity ot nih, osnovannyh na analize dinamiki trafika i opredelenii otklonenij v povedenii pol’zovatelej» // № gosregistracii AAAA-A17-117122890077-5. Etap 1. FCP «Issledovaniya i razrabotki po prioritetnym napravleniyam razvitiya nauchno-tekhnicheskogo kompleksa Rossii na 2014—2020 gody». Soglashenie o predostavlenii subsidii № 14.579.21.0155 ot 26.09.2017. (In Russ.).
  9. Fatkieva R.R. Korrelyacionnyj analiz anomal’nogo setevogo trafika [Correlation analysis of abnormal internet traffic]. Trudy SPIIRAN, 2012, no. 23, pp. 93—99. (In Russ.).
  10. Fatkieva R.R. Model’ obnaruzheniya atak na osnove analiza vremennyh ryadov [Model of detection of attacks based on time analysis]. Trudy SPIIRAN, 2012, no. 2, pp. 71—80. (In Russ.).
  11. Fatkieva R.R., Levonevskij D.K. Detektirovanie komp’yuternyh atak metodom singulyarnogo spektral’nogo razlozheniya [Detecting of computer attacks using singular spectral method]. Trudy SPIIRAN, 2013, no. 25, pp. 135—147. (In Russ.).
  12. Fatkieva R.R., Levonevskij D.K. Primenenie binarnyh derev’ev dlya agregacii sobytij sistem obnaruzheniya vtorzhenij [Using binary trees for agregations of events in systems of inclusion detecting]. Trudy SPIIRAN, 2015, no. 40, pp. 110—121. (In Russ.).
  13. «CatchSync»: Catching Synchronized Behavior in Large Directed Graphs. URL: http://www.meng-jiang.com/pubs/catchsync-kdd14/catchsync-kdd14-paper.pdf
  14. AlGhamdi G.A., Laskey K.B., Wright E.J., Barbara D., and Chang K. Modeling insider user behavior using multi-entity Bayesian network. 10th International Command and Control Research and Technology Symposium, 2008, vol. 4444, no. 703.
  15. Banafar H., Sharma, S. Intrusion Detection and Prevention System for Cloud Simulation Environment using Hidden Markov Model and MD5. International Journal of Computer Applications, 2014, vol. 90, no. 19, pp. 6—11. doi: 10.5120/15826-4490
  16. Hameed U.N., Ahamd F., Alyas T., Khan, W. Intrusion Detection and Prevention in Cloud Computing using Genetic Algorithm. International Journal of Scientific and Engineering Research, 2014, vol. 5.
  17. Herrero A, Corchado E. In: Abraham A, Hassanien A-E, de Carvalho A, Editors. Mining Network Traffic Data for Attacks through MOVICAB-IDS Foundations of Computational Intelligence, 4 204. Berlin Heidelberg, Springer, 2009, pp. 377—94
  18. Hong B., Peng F., Deng B., Hu Y., Wang D. DAC-Hmm: detecting anomaly in cloud systems with hidden Markov models. Concurrency Computat, Pract. Exper, 2015, vol. 27, pp. 5749—5764. doi: 10.1002/ cpe.3640
  19. Hua Zhang, Shixiang Zhu, Xiao Ma, Jun Zhao, Zeng Shou. A Novel RNN-GBRBM Based Feature Decoder for Anomaly Detection Technology in Industrial Control Network. IEICE Transactions, 2017, pp. 1780—1789.
  20. Kohonen T. Self-Organizing Maps. Springer. 2001, 501 p.
  21. Kuravsky L.S., Marmalyuk P.A., Yuryev G.A., Belyaeva O.B., Prokopieva O.Yu. Mathematical Foundations of Flight Crew Diagnostics Based on Videooculography Data. Applied Mathematical Sciences, 2016, vol. 10, no. 30, pp. 1449—1466. URL: https://doi.org/10.12988/ams.2016.6122.
  22. Kuravsky L.S., Yuryev G.A. On the approaches to assessing the skills of operators of complex technical systems. In Proc. 15th International Conference on Condition Monitoring & Machinery Failure Prevention Technologies, Nottingham, UK, 2018, 25 pp.
  23. Modi K., Quadir A. Detection and Prevention of DDoS Attacks on the Cloud using Double-TCP Mechanism and HMM-based Architecture. International Journal of Cloud Computing and Services Science (IJ-CLOSER), 2014, vol. 3.
  24. Secure use of cloud apps & services. CABS. Cloud Access Security Broker. Symantec. URL: https:// www.symantec.com/content/dam/symantec/docs/solution-briefs/secure-use-of-cloud-apps-and-services. pdf
  25. Singh T., Verma S., Kulshrestha V., Katiyar S. Intrusion Detection System Using Genetic Algorithm for Cloud. In: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies. New York, NY, USA, 2016, Article 115, 6 pages. DOI: http://dx.doi. org/10.1145/2905055.2905175
  26. Wang Y., Anguo Z., Jichun Z. A Case-Based Reasoning Method for Network Security Situation Analysis. International Conference on Control, Automation and Systems Engineering (CASE), 2011, pp. 1—4.
  27. Yu M., Huang S., Yu Q., Wang Y., Gao J. A Density-based Binary SVM Algorithm in the Cloud Security. International Journal of Security and Its Applications, 2015, vol. 9, pp. 153—162. doi: 10.14257/ ijsia.2015.9.7.14

Information About the Authors

Lev S. Kuravsky, Doctor of Engineering, professor, Dean of the Computer Science Faculty, Moscow State University of Psychology and Education, Moscow, Russia, ORCID: https://orcid.org/0000-0002-3375-8446, e-mail: l.s.kuravsky@gmail.com

Grigory A. Yuryev, PhD in Physics and Matematics, Associate Professor, Head of Department of the Computer Science Faculty, Leading Researcher, Youth Laboratory Information Technologies for Psychological Diagnostics, Moscow State University of Psychology and Education, Moscow, Russia, ORCID: https://orcid.org/0000-0002-2960-6562, e-mail: g.a.yuryev@gmail.com

P. V. Scribtsov, PhD in Engineering, General Director, Pavlin Techno, Moscow, Russia, e-mail: pvs@pawlin.ru

M. A. Chervonenkis, Leading Researcher, Pavlin Techno, Moscow, Russia, e-mail: chervonenkis@yandex.ru

A. A. Konstantinovsky, Student, Faculty of Information Technology, Moscow State University of Psychology & Education, Moscow, Russia, e-mail: sanekkonst@gmail.com

A. A. Shevchenko, Master Student, Faculty of Information Technology, Moscow State University of Psychology & Education, Moscow, Russia, e-mail: apokend@gmail.com

Sergey S. Isakov, Lecturer, Postgraduate Student of the Computer Science Faculty, Moscow State University of Psychology & Education, Moscow, Russia, ORCID: https://orcid.org/0000-0003-1719-2355, e-mail: isakovss@mgppu.ru

Metrics

Views

Total: 2117
Previous month: 11
Current month: 5

Downloads

Total: 822
Previous month: 5
Current month: 0