Научная электронная библиотека ULRICH'S Periodicals Directory

Сибирский государственный университет
науки и технологий имени академика М.Ф. Решетнева

Сибирский аэрокосмический журнал
ISSN 2712-8970 (Print) ISSN 2782-5760 (on-line)

Сведения об образовательной организации

UDK 004.056.53 Doi: 10.31772/2587-6066-2020-21-4-466-477
ALGORITHMIC AND SOFTWARE OF THE SYSTEM PROFILING THE ACTIONS OF USERS OF THE INFORMATION SYSTEM
E. V. Anashkin, M. N. Zhukova
Reshetnev Siberian State University of Science and Technology; 31, Krasnoyarskii rabochii prospekt, Krasnoyarsk, 660037, Russian Federation
The paper describes the software of the system for profiling the actions of users of the information system. This profiling system is aimed at solving the problem of trust in users of information systems. The system should regulate access to protected resources by analyzing user behavior. The algorithmic component of the system is represented by a user behavior model and a general system operation algorithm. The user behavior model is based on the apparatus of Markov chains Software implementation allows in practice to obtain the foundations of the proposed approach to work. At the development stages, the choice of software architecture is carried out. The client-server architecture was chosen as a reasonable decision. The software component of the user activity profiling system consists of five separate software modules. At the end of development, a brief testing of the components is carried out. The novelty of this work lies in the proposal of an approach that uses the profiling of user actions as an additional determining factor in managing access to objects, as a way to strengthen the basic measures “Controlling access of subjects to access objects” in the order system of FSTEC of Russia.
Keywords: user behavior analysis, access control, UBA, information security software.
References

1. Data Breach Investigations Report. 2019, 78 p.
Available at: https://enterprise.verizon.com/ resources/
reports/2019-data-breach-investigations-report.pdf (accessed
14.09.2020).
2. Utechki dannykh. Rossiya [Analytical report GK
Infowatch], Moscow, 2018 (In Russ). Available at:
https://www.infowatch.ru/resources/analytics/reports/russi
a2018 (accessed 14.09.2020).
3. Lukatskiy A. V. Novaya kontseptsiya kiberbezopasnosti
Cisco Trusted Access [New cybersecurity concept
Cisco Trusted Access]. Samara, 2019, 55 p. (In
Russ). Available at: https://www.slideshare.net/ lukatsky/
zero-trust-196618076 (accessed 15.09.2020).
4. Kindervag J. No More Chewy Centers: The Zero
Trust Model Of Information Security, Forrester, March
23, 2016. 18 p.
5. Shashanka M., Shen M., Wang J. User and Entity
Behavior Analytics for Enterprise Security. IEEE International
Conference on Big Data (Big Data). 2016,
P. 1867–1874. Doi: 10.1109/BigData.2016.7840805.
6. Alruwaythi M., Nygard K. E. Fuzzy logic Approach
Based on User behavior Trust in Cloud Security.
2019 IEEE International Conference on Electro Information
Technology (EIT). Brookings, SD, USA, 2019. Doi:
10.1109/EIT.2019.8834173.
7. Li Y., Zhang T. Anomaly Detection of User Behavior
for Database Security Audit Based on OCSVM. 3rd
International Conference on Information Science and
Control Engineering. Beijing, China, 2016, P. 214–219.
Doi: 10.1109/ICISCE.2016.55.
8. Ghazinour K., Ghayoumi M. An Autonomous
Model to Enforce Security Policies Based on User’s Behavior.
Conf. 14th International Conference on Computer
and Information Science (ICIS), Las-Vegas, USA, June
28 – July 1 2015, 6 p. Doi: 10.1109/ICIS.2015.7166576.
9. Xi X., Shu-tao X., Xin-guang T., Qi-bin Z. Anomaly
detection of user behavior based on DTMC with states
of variable-length sequences. The Journal of China
Universities of Posts and Telecommunication. Vol. 18(6),
P. 106–115. Doi: 10.1016/S1005-8885(10)60128-8.
10. Yang F., Wu J., Tang S., Zhang H. Dynamic
Knowledge Repository-based Security Auxiliary System
of User behavior. Conf. IEEE International Conference
on Green Computing and Communications and IEEE
Internet of Things and IEEE Cyber, Physical and Social
Computing, Beijing, China, 20–23 Aug. 2013. Doi:
10.1109/GreenCom-iThings-CPSCom.2013.390.
11. FSTEC of Russia. Acts. On approval of requirements
for ensuring information security in automated
production and technological process control systems at
critical facilities, potentially dangerous facilities, as well
as objects that pose an increased risk to human life and
health and the environment : order of the FSTEC of Russia
No. 31 : approved on March 14, 2014 : registered by
the Ministry of justice of Russia on February 22, 2018,
registration number 50118. Available at: https://fstec.ru/
normotvorcheskaya/akty/53-prikazy/868-prikaz-fstekrossii-
ot-14-marta-2014-g-n-31 (accessed 15.09.2020).
12. FSTEC of Russia. Acts. On approval of requirements
for ensuring the security of significant objects of
critical information infrastructure of the Russian Federation:
order of the FSTEC of Russia No. 239: approved on
December 25, 2017: registered by the Ministry of justice
of Russia on March 26, 2018, registration number 50524.
Available at: https://fstec.ru/normotvorcheskaya/akty/53-
prikazy/1592-prikaz-fstek-rossii-ot-25-dekabrya-2017-gn-
239 (accessed 15.09.2020).
13. FSTEC of Russia. Acts. On approval of requirements
for the protection of information that does not constitute
a state secret contained in state information systems:
order of the FSTEC of Russia No. 17 : approved on
February 11, 2013: registered by the Ministry of justice of
Russia on may 31, 2013, registration number 28608.
Available at: https://fstec.ru/normotvorcheskaya/akty/53-
prikazy/702-prikaz-fstek-rossii-ot-11-fevralya-2013-g-n-17
(accessed 16.09.2020).
14. FSTEC of Russia. Acts. On approval of the composition
and content of organizational and technical
measures to ensure the security of personal data during
their processing in personal data information systems:
order FSTEC of Russia No. 21: approved on February 18,
2013: registered by the Ministry of justice of Russia on
may 14, 2013, registration number 28375. Available at:
https://fstec.ru/normotvorcheskaya/akty/53-prikazy/691-
prikaz-fstek-rossii-ot-18-fevralya-2013-g-n-21 (accessed
16.09.2020).
15. Federal state statistics service. region of Russia.
Socio-economic indicators-2019. Information and communication
technologies. Number of personal computers
per 100 employees: official website. Available at:
https://gks.ru/bgd/regl/b19_14p/IssWWW.exe/Stg/d02/19
-04.docx (accesed 16.09.2020).
16. Microsoft Docs. File System Minifilter Drivers:
official documentation. Available at:
https://docs.microsoft.com/en-us/windows-hardware/
drivers/ifs/filter-manager-concepts (accessed 17.09.2020).
17. Shildt G. C# uchebnyy kurs [C# Training course].
St.Petersburg, Piter Publ., 2003, 20 p.
18. Microsoft Docs. Sysmon: official documentation.
Available at: https://docs.microsoft.com/en-us/sysinternals/
downloads/sysmon (accessed 17.09.2020).
19. Python: official site. Available at:
https://docs.python.org/3/ (accessed 17.09.2020).
20. Kernigan, B.V. Yazyk Si [Language C]. Moscow,
Williams Publ, 2017, 288 p.

21. PostgreSQL: The World's Most Advanced Open
Source Relational Database. Available at:
https://www.postgresql.org/ (accessed 18.09.2020).


Anashkin Yegor Vadimovich – PhD student, assistant lecturer, department of Information technology security; Reshetnev
Siberian State University of Science and Technology, Institute of Informatics and Telecommunications.
E-mail: a.yegoriy@gmail.com.
Zhukova Marina Nikolaevna – Сand. Sc., associate professor of the department of Information technology security,
Reshetnev Siberian State University of Science and Technology, Institute of Informatics and Telecommunications.


  ALGORITHMIC AND SOFTWARE OF THE SYSTEM PROFILING THE ACTIONS OF USERS OF THE INFORMATION SYSTEM