Devising an approach to the identification of system users by their behavior using machine learning methods

Authors

DOI:

https://doi.org/10.15587/1729-4061.2022.259099

Keywords:

information protection, user identification, behavior model, machine learning methods

Abstract

One of the biggest reasons that lead to violations of the security of companies’ services is obtaining access by the intruder to the legitimate accounts of users in the system. It is almost impossible to fight this since the intruder is authorized as a legitimate user, which makes intrusion detection systems ineffective. Thus, the task to devise methods and means of protection (intrusion detection) that would make it possible to identify system users by their behavior becomes relevant. This will in no way protect against the theft of the data of the accounts of users of the system but will make it possible to counteract the intruders in cases where they use this account for further hacking of the system. The object of this study is the process of protecting system users in the case of theft of their authentication data. The subject is the process of identifying users of the system by their behavior in the system. This paper reports a functional model of the process of ensuring the identification of users by their behavior in the system, which makes it possible to build additional means of protecting system users in the case of theft of their authentication data. The identification model takes into consideration the statistical parameters of user behavior that were obtained during the session. In contrast to the existing approaches, the proposed model makes it possible to provide a comprehensive approach to the analysis of the behavior of users both during their work (in a real-time mode) and after the session is over (in a delayed mode). An experimental study on the proposed approach of identifying users by their behavior in the system showed that the built patterns of user behavior using machine learning methods demonstrated an assessment of the quality of identification exceeding 0.95

Author Biographies

Vitalii Martovytskyi, Kharkiv National University of Radio Electronics

PhD, Associate Professor

Department of Electronic Computers

Оleksandr Sievierinov, Kharkiv National University of Radio Electronics

PhD, Associate Professor

Department of Information Technology Security

Oleksii Liashenko, Kharkiv National University of Radio Electronics

PhD, Associate Professor

Department of Electronic Computers

Yuri Koltun, Kharkiv National University of Radio Electronics

PhD, Associate Professor

Department of Information and Network Engineering

Serhii Liashenko, State Biotechnological University

Doctor of Technical Sciences, Professor

Department of Life Safety

Viktor Kis, State Biotechnological University

PhD, Associate Professor

Department of Mechatronics and Mashine Elements

Vladyslav Sukhoteplyi, Ivan Kozhedub Kharkiv National Air Force University

Senior Instructor

Department of Radioelectronic Systems of Control Points of Air Forces

Andrii Nosyk, National Теchnical University "Kharkiv Polytechnic Institute"

PhD, Senior Researcher

Department of Multimedia Information Technologies and Systems

Dmytro Konov, Ivan Kozhedub Kharkiv National Air Force University

Researcher

Research Laboratory

Dmytro Yevstrat, Simon Kuznets Kharkiv National University of Economics

PhD, Associate Professor

Department of Information Systems

References

  1. Lutsenko, I. (2016). Principles of cybernetic systems interaction, their definition and classification. Eastern-European Journal of Enterprise Technologies, 5 (2 (83)), 37–44. doi: https://doi.org/10.15587/1729-4061.2016.79356
  2. The cyber-threat landscape: The digital rush left many exposed. Available at: https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/library/2021-digital-trust-insights/cyber-threat-landscape.html
  3. The Identity Theft Resource Center’s Inaugural 2021 Business Aftermath Report Shows the Impacts Identity Crimes Have on Small Businesses. Available at: https://www.idtheftcenter.org/post/the-identity-theft-resource-centers-inaugural-2021-business-aftermath-report-shows-the-impacts-identity-crimes-have-on-small-businesses/
  4. Ghafur, S., Kristensen, S., Honeyford, K., Martin, G., Darzi, A., Aylin, P. (2019). A retrospective impact analysis of the WannaCry cyberattack on the NHS. Npj Digital Medicine, 2 (1). doi: https://doi.org/10.1038/s41746-019-0161-6
  5. Gohwong, S. G. (2019). The State of the Art of Cryptography-Based Cyber-Attacks. International Journal of Crime, Law and Social Issues, 6 (2). doi: https://doi.org/10.2139/ssrn.3546334
  6. Tetskyi, A. (2018). The method of selecting measures to protect the web application against attacks. Advanced Information Systems, 2 (4), 114–118. doi: https://doi.org/10.20998/2522-9052.2018.4.19
  7. Khan, F., Kim, J. H., Mathiassen, L., Moore, R. (2021). Data breach management: an integrated risk model. Information & Management, 58 (1), 103392. doi: https://doi.org/10.1016/j.im.2020.103392
  8. Alemu, B., Kumar, R., Sinwar, D., Raghuwanshi, G. (2021). Fingerprint Based Authentication Architecture for Accessing Multiple Cloud Computing Services using Single User Credential in IOT Environments. Journal of Physics: Conference Series, 1714 (1), 012016. doi: https://doi.org/10.1088/1742-6596/1714/1/012016
  9. Beer, M. I., Hassan, M. F. (2017). Adaptive security architecture for protecting RESTful web services in enterprise computing environment. Service Oriented Computing and Applications, 12 (2), 111–121. doi: https://doi.org/10.1007/s11761-017-0221-1
  10. Hussain, M. I., He, J., Zhu, N., Sabah, F., Zardari, Z. A., Hussain, S., Razque, F. (2021). AAAA: SSO and MFA Implementation in Multi-Cloud to Mitigate Rising Threats and Concerns Related to User Metadata. Applied Sciences, 11 (7), 3012. doi: https://doi.org/10.3390/app11073012
  11. Gavrylenko, S., Chelak, V., Vassilev, V. (2018). Malicious software identification system provision on the basis of context-free grammars. Advanced Information Systems, 2 (2), 101–105. doi: https://doi.org/10.20998/2522-9052.2018.2.17
  12. Xing, L., Deng, K., Wu, H., Xie, P., Gao, J. (2019). Behavioral Habits-Based User Identification Across Social Networks. Symmetry, 11 (9), 1134. doi: https://doi.org/10.3390/sym11091134
  13. Wen, X., Peng, Z., Huang, S., Wang, S., Yu, P. S. (2021). MISS: A Multi-user Identification Network for Shared-Account Session-Aware Recommendation. Lecture Notes in Computer Science, 228–243. doi: https://doi.org/10.1007/978-3-030-73200-4_15
  14. Yang, Y. (Catherine). (2010). Web user behavioral profiling for user identification. Decision Support Systems, 49 (3), 261–271. doi: https://doi.org/10.1016/j.dss.2010.03.001
  15. Billings, S. A. (1980). Identification of nonlinear systems–a survey. IEE Proceedings D Control Theory and Applications, 127 (6), 272. doi: https://doi.org/10.1049/ip-d.1980.0047
  16. Su, X., Yan, X., Tsai, C.-L. (2012). Linear regression. Wiley Interdisciplinary Reviews: Computational Statistics, 4 (3), 275–294. doi: https://doi.org/10.1002/wics.1198
  17. LaValley, M. P. (2008). Logistic Regression. Circulation, 117 (18), 2395–2399. doi: https://doi.org/10.1161/circulationaha.106.682658
  18. Kramer, O. (2013). K-Nearest Neighbors. Intelligent Systems Reference Library, 13–23. doi: https://doi.org/10.1007/978-3-642-38652-7_2
  19. Quinlan, J. R. (1986). Induction of decision trees. Machine Learning, 1 (1), 81–106. doi: https://doi.org/10.1007/bf00116251
  20. SVMLight. Support Vector Machine. Available at: https://www.cs.cornell.edu/people/tj/svm_light/
  21. Zell, A. (1994). Simulation Neuronaler Netze. Chap. 5.2. Addison-Wesley.
  22. Martovytskyi, V., Ruban, I., Sievierinov, O., Nosyk, A., Lebediev, V. (2020). Mathematical Model of User Behavior in Computer Systems. 2020 IEEE International Conference on Problems of Infocommunications. Science and Technology (PIC S&T). doi: https://doi.org/10.1109/picst51311.2020.9467944
  23. Ruban, I. V., Martovytskyi, V. O., Kovalenko, A. A., Lukova-Chuiko, N. V. (2019). Identification in Informative Systems on the Basis of Users’ Behaviour. 2019 IEEE 8th International Conference on Advanced Optoelectronics and Lasers (CAOL). doi: https://doi.org/10.1109/caol46282.2019.9019446
  24. Ruban, I., Martovytskyi, V., Lukova-Chuiko, N. (2018). Approach to Classifying the State of a Network Based on Statistical Parameters for Detecting Anomalies in the Information Structure of a Computing System. Cybernetics and Systems Analysis, 54 (2), 302–309. doi: https://doi.org/10.1007/s10559-018-0032-1
  25. Ruban, I., Martovytskyi, V., Lukova-Chuiko, N. (2016). Designing a monitoring model for cluster super–computers. Eastern-European Journal of Enterprise Technologies, 6 (2 (84)), 32–37. doi: https://doi.org/10.15587/1729-4061.2016.85433
  26. Kahn, G., Loiseau, Y., Raynaud, O. (2016). A tool for classification of sequential data. ECAI 2016 (Workshop FCA4AI). Available at: https://hal.archives-ouvertes.fr/hal-02024913/document
  27. Dia, D., Kahn, G., Labernia, F., Loiseau, Y., Raynaud, O. (2020). A closed sets based learning classifier for implicit authentication in web browsing. Discrete Applied Mathematics, 273, 65–80. doi: https://doi.org/10.1016/j.dam.2018.11.016

Downloads

Published

2022-06-30

How to Cite

Martovytskyi, V., Sievierinov О., Liashenko, O., Koltun, Y., Liashenko, S., Kis, V., Sukhoteplyi, V., Nosyk, A., Konov, D., & Yevstrat, D. (2022). Devising an approach to the identification of system users by their behavior using machine learning methods . Eastern-European Journal of Enterprise Technologies, 3(3 (117), 23–34. https://doi.org/10.15587/1729-4061.2022.259099

Issue

Vol. 3 No. 3 (117) (2022): Control processes

Section

Control processes

License

Copyright (c) 2022 Vitalii Martovytskyi, Оleksandr Sievierinov, Oleksii Liashenko, Yuri Koltun, Serhii Liashenko, Viktor Kis, Vladyslav Sukhoteplyi, Andrii Nosyk, Dmytro Konov, Dmytro Yevstrat

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.