International Journal of Open Information Technologies

The methodology of organization of search in Big Data, performed in the mode of limited time, of signs of malicious insider activities is discussed. The methodology is tested in a large industrial organization, the operating infrastructure of which covers several thousand servers, hundreds of information resources. As part of their operational functions, several tens of thousands of employees are constantly using these information resources. Critical limitations, which must be taken into account when looking for insider activity characteristics, are dynamically replenished operational data on business activity characteristics, monitoring data, information on operational personnel activities, etc. At the same time, a dynamically changing object is also a threat profile, reflecting the current state of knowledge about the "nature" of malicious insider activities.

In the proposed methodology, the analysis of data is carried out in the mode of limited time, while ensuring the changing needs of the current situation. The presented technique can be generalized to solve tasks of this type. The operability of the methodology and the software developed for its implementation is demonstrated by the example of the organization of counteracting malicious insider activities in large Russian commercial bank.

F.W. Lancaster, Information retrieval systems; characteristics, testing, and evaluation. New York, Wiley, 1968.

M. Kubat, An Introduction to Machine Learning. Springer, 2017. 348 p.

D. V. Smirnov, A. A. Grusho, M. I. Zabezhailo, E. E. Timonina, “System for collecting and analyzing information from various sources in Big Data conditions,” International Journal of Open Information Technologies, vol. 9, no. 4, pp. 64-74, 2021. Available: http://injoit.org/index.php/j1/article/view/1099

M. I. Zabezhailo, “To some new possibilities to control computational complexity of hypotheses,” Scientific and Technical Information Processing, Part I: no. 1, pp. 95-110, Part II: no. 3, pp. 3- 21, 2014.

M. I. Zabezhailo, “To the computational complexity of hypotheses generation in JSM-method,” Scientific and Technical Information Processing, Part I: no. 1, С. 3-17, Часть II: no. 2. С. 3-17, 2015.

A. A. Grusho, M. I. Zabezhailo, A. A. Zatsarinny, E. E. Timonina, “On some possibilities of resource management for organizing active counteraction to computer attacks,” Informatics and Applications, vol. 12, no. 1, pp. 62-70, 2018.

A. A. Grusho, N. A. Grusho, M. I. Zabezhailo, D. V. Smirnov, E. E. Timonina, “About complex authentication,” Systems and Means of Informatics, vol. 27, no. 3, pp. 3-10, 2017.

A. A. Grusho, M. I. Zabezhailo, D. V. Smirnov, E. E. Timonina, “The model of the set of information spaces in the problem of insider detection,” Informatics and Applications, vol. 11, no. 4, pp. 65-69, 2017.

A. A. Grusho, N. A. Grusho, M. I. Zabezhailo, D. V. Smirnov, E. E. Timonina, “Parametrization in Applied Problems of Search of the Empirical Reasons,” Informatics and Applications, vol. 12, no. 3, pp. 62-66, 2018.

A. A. Grusho, M. I. Zabezhailo, D. V. Smirnov, E. E. Timonina, S. Ya. Shorgin, “Mathematical statistics in the task of identifying hostile insiders,” Informatics and Applications, vol. 14, no. 3, pp. 71-75, 2020.

A. A. Grusho, M. I. Zabezhailo, D. V. Smirnov, E. E. Timonina, “On probabilistic estimates of the validity of empirical conclusions,” Informatics and Applications, vol. 14, no. 4, pp. 3-8, 2020.