Systems and Means of Informatics
2017, Volume 27, Issue 2, pp 4147
POSSIBILITY OF INSIDER DETECTION BY STATISTICAL TECHNIQUES
Abstract
The paper considers the task of insider detection in a group of analytics, who work with a data warehouse, presented as a raw table with a huge amount of attributes. The difference between a legal analyst and an insider is that an insider collects redundant data during his regular work to perform a threat. Therefore, in order to detect an insider, it is necessary to detect the fact of continuously collecting redundant data during a work cycle with a data warehouse. A mathematical model is defined. The author suggests to use statistical techniques with probability of false alarms equal to zero. The author found conditions, under which the power of statistical criteria reaches the value of 1 after a finite number of steps, which means that an insider can be detected definitely.
[+] References (9)
 General Services Administration. 22.10.2010. Retrieved 05.12.2011. Anomaly detection at multiple scales (ADAMS). 40 p. Available at: https://www.fbo.gov/download/ 2f6/2f6289e99a0c04942bbd89ccf242fb4c/DARPABAAll04_ ADAMS.pdf/ (accessed
April 1, 2017).
 Senator, T., D. Bader, E. Chow, et al. 2013. Detecting insider threats in a real corporate database of computer usage activity. 19 th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD). New York, NY: ACM. Available at: http://dl.acm.org/citation.cfm?id=2488213 (accessed April 1, 2017).
 Yu, R., X. He, andY. Liu. 2014. GLAD: Group anomaly detection in social media analysis. eprint arXiv:1410.1940. Available at: https://arxiv.org/abs/1410.1940 (accessed April 1, 2017).
 System G: Developed graph computing industry solutions. Available at: http:// systemg.research.ibm.com/solutions.html (accessed April 1, 2017).
 Bourbaki, N. 1971. Topologie generale. Paris: Hermann. 356 p.
 Prokhorov, Yu.V., and Yu. A. Rozanov. 1993. Teoriya veroyatnostey [Theory of probabilities]. Moscow: Nauka. 496 p.
 Grusho, A., N. Grusho, and E. Timonina. 2013. Consistent sequences of tests defined by bans. Optimization theory, decision making, and operation research applications. Springer proceedings in mathematics & statistics ser. New YorkHeidelberg DordrechtLondon: SpringerVerlag. 31:281291.
 Grusho, A., and E. Timonina. 2011. Prohibitions in discrete probabilistic statistical problems. Discrete Math. Appl. 21 (3):275281.
 Grusho, A., N. Grusho, and E. Timonina. 2015. Power functions of statistical criteria defined by bans. 29th European Conference on Modelling and Simulation Proceedings. Germany: Digitaldruck Pirrot GmbH. 617621.
[+] About this article
Title
POSSIBILITY OF INSIDER DETECTION BY STATISTICAL TECHNIQUES
Journal
Systems and Means of Informatics
Volume 27, Issue 2, pp 4147
Cover Date
20170530
DOI
10.14357/08696527170204
Print ISSN
08696527
Publisher
Institute of Informatics Problems, Russian Academy of Sciences
Additional Links
Key words
insider threat; anomaly detection; bans of probability measures; statistical criteria; power of criteria
Authors
E. A. Martyanov
Author Affiliations
M. V. Lomonosov Moscow State University, Faculty of Computational Mathematics and Cybernetics, GSP1, Leninskie Gory, Moscow 119991, Russian Federation
