Education at Lviv Polytechnic

Analysis of Insider Detection Algorithms in Infocommunication Networks

Students Name: Andrusik Valentyn Stepanovych

Qualification Level: magister

Speciality: System Administration of Telecommunications Networks

Institute: Institute of Telecommunications, Radioelectronics and Electronic Engineering

Mode of Study: full

Academic Year: 2020-2021 н.р.

Language of Defence: ukrainian

Abstract: Modern life is difficult to imagine without information interaction, which affects both individual members of society and large organizations. In addition to the obvious advantages, such interaction also has a number of significant disadvantages. For example, the transmission of information over a network exposes it to a triad of threats to information security: confidentiality, integrity and accessibility. In this case, the security of information must be ensured both when it is transmitted over open networks and within the infocommunication network (ICN), which means the corporate network. However, information in the ICN, especially that which is critical, may be accessed by internal staff, some of whom initially have powers that fall within the scope of their job responsibilities. Thus, there is a problem of counteracting attacks on ICN, both accidental and malicious, produced, including by internal employees of the organization [1,2]. There are different ways to counter insider activity at different stages [3,4] - before the attack, during it and after the attack. Each method has its advantages and disadvantages, but the important fact is that information can become obsolete and its value, respectively, decrease. Therefore, providing late counteraction to insider attacks may be impractical, as the information will still be compromised and used by third parties. Therefore, it is the prevention of an insider attack that is in demand, which can be achieved by identifying insiders before the attack itself. Once insiders are identified, of course, they are expected to be neutralized. Neutralization of insiders can be carried out either automatically - by software, or manually - by information security experts [5]. The main difficulty in identifying insiders in the ICN directly follows from current trends in information technology, inextricably linked with the constant increase in the parameters of network traffic: its volume; generation speed; the number of sources and recipients of traffic; the number of logical flows that are related to their goals and objectives; increasing the level of data heterogeneity, etc. All this leads to a significant complication of traffic analyzers, because not all existing systems are able to cope with such large volumes and complexity, while insiders hide their actions in the general flow of action of legitimate users. Thus, improving the efficiency of detecting insiders in infocommunication networks is an urgent scientific task. Study object is infocommunication networks in which the presence of insiders is possible. Scope of research is models and algorithms for detecting insiders in a computer network using expert rules, machine learning methods and big data processing. Goal of research is to increase the security of infocommunication networks by developing an algorithm for detecting insiders. Research methods. Probability theory, set theory, mathematical and simulation modeling were used for research. The scientific novelty of the obtained results is to develop an algorithm for detecting insider attacks based on expert rules, which, unlike existing ones, detects insiders taking into account the characteristics and properties of users, devices, applications, services, including time parameter. The practical significance of the obtained results lies in the possibility of using the developed algorithm in infocommunication networks to detect insiders, which will increase the information security of the infocommunication network. Keywords: machine learning, expert rules, NoSQL, attack, insider. References 1. Klymash, M., Lavriv, O., Maksymyuk, T., & Beshley, M. (2016). State of the art and further development of information and communication systems. 2016 International Conference RadioElectronics & InfoCommunications (UkrMiCo). doi: 10.1109/UkrMiCo.2016.7739637. 2. Klymash, M., Schpur, O., Lavriv, O., & Peleh, N. (2019). Information security in virtualized data center network. 2019 3rd International Conference on Advanced Information and Communications Technologies (AICT). doi: 10.1109/AIACT.2019.8847764. 3. Xu, H., Przystupa, K., Fang, C., Kochan, O., & Beshley, M. (2020) A Combination Strategy of Feature Selection Based on an Integrated Optimization Algorithm and Weighted K-Nearest Neighbor to Improve the Performance of Network Intrusion Detection. Electronics. doi:10.3390/electronics9081206. 4. Song, W., Beshley, M., Przystupa, K., Beshley, H., Kochan, O., & Su, J. (2020). A software deep packet inspection system for network traffic analysis and anomaly detection. Sensors 20(6): 1637. doi: 10.3390/s20061637. 5. Beshley, M., Toliupa, S., Pashkevych, V., & Kolodiy, R. (2018). Development of software system for network traffic analysis and intrusion detection. 2018 International Conference on Information and Telecommunication Technologies and Radio Electronics (UkrMiCo). doi:10.1109/UkrMiCo43733.2018.9047546.