Saint-Petersburg, Russian Federation
The work sets the task of identifying insider activities in organizations that lead to threats to in-formation security, one of the first steps of which should be a review of scientific publications in the subject area and identifying the main characteristics of insiders. The purpose of the work is to systema-tize the main characteristics of insiders used in the work of the corresponding methods; For this pur-pose, the following scientific methods were used: review of scientific publications, identification of in-sider characteristics, their analysis and systematization. The novelty of the research is determined by the fact that, in contrast to individual groups of features used by existing methods for detecting insiders, this work presents their set of 15 elements, suitable for the entire set of solutions; namely the following: greed, biography, psychology, personality, switching, predispositional, professional (working), abnormal behavior, dissemination of information, file changes, collection of information (redundant), telephone conversations, loyalty, physiognomy, illegal actions. The theoretical significance lies in the fact that a single set of insider attributes has been obtained, including all private ones used in existing methods. The practical significance lies in obtaining the characteristics of insiders, on the basis of which a unified meta-method can be built, taking into account the advantages of existing ones.
information security, insider, organization, review, systematization, signs
1. Buinevich M. V., Vasilyeva I. N., Vorobyov T. M., Gnidenko I. G., Egorova I. V., Enikeeva L. A, etc. Information protection in computer systems: monograph. – St. Petersburg: SPGEU, 2017. – 163 p. – ISBN 978-5-7310-4070-9. – EDN YLGBGO.
2. Utkin O.V., Vlasov D.S., Ilyin A.V., Efremenkov E.Yu. Methodology for assessing the activities of an official of the Central Control Center of the Ministry of Emergency Situations of Russia // Personnel training in the system of warning and liquidation of consequences of emergency situations: materials of international scien-tific- practical conference, St. Petersburg, June 1, 2017. – St. Petersburg: St. Petersburg University of the State Fire Service of the Ministry of Emergency Situations of Russia, 2017. – pp. 227–228. – EDN XXYGLJ.
3. Vlasov D. S. Tasks of building a system for ensuring information security of a standard object of the Ministry of Emergency Situations of Russia // Current problems of information telecommunications in science and education: Collection of scientific articles of the V international scientific-technical and scientific-methodological conference, St. Petersburg, March 10–11, 2016 of the year. Volume 1. – St. Petersburg: St. Pe-tersburg State University of Telecommunications. prof. M.A. Bonch-Bruevich, 2016. – pp. 281-285. – EDN WZILPD.
4. Izrailov K. E. Analysis of the state of affairs in the field of software security // Current problems of in-formation telecommunications in science and education: II International Scientific, Technical and Scientific Methodological Conference, St. Petersburg, February 27–28, 2013. – St. Petersburg: St. Petersburg State Univer-sity of Telecommunications named after. prof. M.A. Bonch-Bruevich, 2013. – pp. 874-877. – EDN SMCVQZ.
5. Buinevich M.V., Shcherbakov O.V., Vladyko A.G., Izrailov K.E. Architectural vulnerabilities of tele-communication network models // Scientific and analytical journal "Bulletin of the St. Petersburg University of the State Fire Service of the Ministry of Emergency Situations of Russia". – 2015. – No. 4. – P. 86-93. – EDN VHNSTB.
6. Mescheryakov S., Shchemelinin D., Izrailov K., Pokussov V. Digital cloud environment: present chal-lenges and future forecast // Future Internet. – 2020. – Vol. 12, No. 5. – P. 82. – DOIhttps://doi.org/10.3390/FI12050082. – EDN HSNQNI.
7. Buinevich M.V., Izrailov K.E. Categorical synthesis and technological analysis of options for safe im-port substitution of software for telecommunication devices // Information technologies and telecommunications. – 2016. – T. 4, No. 3. – P. 95-106. – EDN XXDTSN.
8. Buinevich M.V., Vlasov D.S. Comparative review of methods for identifying insiders in information systems // Informatization and Communication. – 2019. – No. 2. – P. 83-91. – DOIhttps://doi.org/10.34219/2078-8320-2019-10-2-83-91. – EDN GCIDKY.
9. Pimenov A.P., Butikov Z.E. Analysis of methods and algorithms for searching for insiders in a com-puter network // Modeling and analysis of complex technical and technological systems: collection of articles of the International Scientific and Practical Conference, Magnitogorsk, December 01, 2018. – Magnitogorsk: Lim-ited Liability Company “Aeterna”, 2018. – pp. 15-19. – EDN YQQIGL.
10. Buinevich M. V., Izrailov K. E. A generalized model of static analysis of program code based on machine learning in relation to the problem of searching for vulnerabilities // Informatization and Communica-tion. – 2020. – No. 2. – P. 143-152. – DOIhttps://doi.org/10.34219/2078-8320-2020-11-2-143-152. – EDN ISHFGR.
11. Buinevich M. V., Izrailov K. E. Analytical modeling of the operation of program code with vulnera-bilities // Issues of cybersecurity. – 2020. – No. 3(37). – P. 2-12. – DOIhttps://doi.org/10.21681/2311-3456-2020-03-02-12. – EDN CQFGPI.
12. Koroleva E. V., Zharova O. Yu. Application of facial recognition technology to prevent insider at-tacks // Electronic journal: science, technology and education. – 2019. – No. 4(27). – pp. 58-63. – EDN WFCLDK.
13. Tereshkin M.V. Combating internal threats. identifying an insider in a bank // Theoretical and ap-plied issues of integrated security: materials of the I International Scientific and Practical Conference, St. Peters-burg, March 28, 2018. – St. Petersburg: Petrovskaya Academy of Sciences and Arts, 2018. – P. 198-200. – EDN XNKPVJ.
14. Khlestova D. R., Popov K. G. Tools for searching for insiders // Current problems of social, econom-ic and information development of modern society: All-Russian scientific and practical conference dedicated to the 100th anniversary of the birth of the first rector of the Bashkir State University Chanbarisov Shaikhulla Kha-bibullovich , Ufa, May 20, 2016 / Bashkir State University. Volume Part 2. - Ufa: Limited Liability Company "Aeterna", 2016. - P. 169-172. – EDN WLHVGH.
15. Spafford E. Tripwire: Pioneering Integrity Scanning for Cybersecurity // In proceedings of Annual Computer Security Applications Conference, 5–9 December 2022, Austin, Texas. 2022. URL: https://api.semanticscholar.org/CorpusID:254520122.Vedeneyev V. S., Bychkov I. V. Sredstva poiska insay-derov v korporativnykh informatsi-onnykh sistemakh // Bezopasnost' informatsionnykh tekhnologiy. 2014. T. 21. № 1. S. 9–13.
16. Vedeneev V. S., Bychkov I. V. Tools for searching for insiders in corporate information systems // Security of information technologies. – 2014. – T. 21, No. 1. – P. 9-13. – EDN TOLNST.
17. Kudryavtsev D. A., Kuznetsov M. V., Svetlichnaya M. A. Development of a micro-expression recognition module “Face Mode” to increase the reliability of identifying an insider // Infocommunication tech-nologies. – 2013. – T. 11, No. 2. – P. 87-90. – EDN RVMIVZ.
18. Snegurov A.V., Kravchenko A.D., Tkachenko E.A. An approach to increasing the efficiency of iden-tifying insiders while ensuring the information security of an organization // East European Journal of Advanced Technologies. – 2011. – T. 2, No. 9(50). – pp. 17-20. – EDN OMSNQW.
19. Savenkov P. A., Tregubov P. S. Search for behavioral anomalies in the activities of employees using spatial clustering methods based on density // News of Tula State University. Technical science. – 2020. – No. 9. – P. 250-259. – EDN AFTSKZ.
20. Puzankov A. M. Systems of behavioral analysis (User and Entity Behavior Analytics, UEBA) // General theoretical and sectoral problems of science and ways to solve them: Collection of articles based on the results of the International Scientific and Practical Conference, Volgograd, May 28, 2019. Volume 1. – Volgo-grad: Agency for International Research, 2019. – pp. 70-73. – EDN ARKZPE.
21. Polyanichko M. A. Identification of insider threats in transport organizations // Intelligent technolo-gies in transport. – 2018. – No. 3(15). – pp. 33-37. – EDN YRMQPJ.
22. Kornienko A. A., Polyanichko M. A. Method for detecting insider activity in an organization // Pro-gram systems and computational methods. – 2019. – No. 1. – P. 30-41. – DOIhttps://doi.org/10.7256/2454-0714.2019.1.29048. – EDN ZUPYEX.
23. Polyanichko M. A., Punanova K. V. Main problems of practical application of a human-oriented ap-proach to ensuring information security // Fundamental and applied developments in the field of technical and physical and mathematical sciences: a collection of scientific articles based on the results of the third interna-tional round table , Kazan, July 31, 2018. – Kazan: Limited Liability Company “CONVERT”, 2018. – pp. 57-60. – EDN UVBLME.Mart'yanov Ye. A. Vozmozhnost' vyyavleniya insaydera statisticheskimi metodami // Si-stemy i sredstva informatiki. 2017. T. 27. № 2. S. 41–47.
24. Veprev S. B., Goncharov P. I. Hidden method for identifying leaks of insider information // Bulletin of the Russian New University. Series: Complex systems: models, analysis and control. – 2014. – No. 4. – P. 152-155. – EDN TNUGXX.
25. Martyanov E. A. Possibility of identifying an insider using statistical methods // Systems and means of informatics. – 2017. – T. 27, No. 2. – P. 41-47. – DOIhttps://doi.org/10.14357/08696527170204. – EDN YPJBAZ.
26. Belov S.V., Sadykova U.V. Development of an information system for identifying potential violators of information security based on psychodiagnostic techniques // Electronic network polythematic journal "Scien-tific works of KubSTU". – 2018. – No. 3. – P. 106-115. – EDN OSWTTH.
27. Kabanov A. S., Los A. B. Reasons, prevention and methods of counteracting insider activity // Busi-ness Security. – 2016. – No. 3. – P. 28-35. – EDN WFVZAL.
28. Polyanichko M. A. Indicators of personal predisposition to insider activity // International scientific research journal. – 2018. – No. 10-1(76). – pp. 43-46. – DOIhttps://doi.org/10.23670/IRJ.2018.76.10.008. – EDN YLRSUP.
29. Polyanichko M. A. An approach to assessing information security risks based on determining the rel-evance of insider threats // Regional informatics and information security: Collection of proceedings, St. Peters-burg, October 23–25, 2019. Volume Issue 7. - St. Petersburg: Regional public organization "St. Petersburg Soci-ety of Informatics, Computer Science, Communication and Control Systems", 2019. - P. 111-114. – EDN QZP-YWQ.
30. Garanin N. B. Identification of insiders in the system of ensuring information security of an enter-prise // Regional resources - effective use: XV Annual Scientific Conference of Students of the Financial and Technology Academy: Collection of materials, Korolev, April 22, 2015. Volume Part 1. - Korolev: Limited Lia-bility Company "Scientific Consultant", 2015. - P. 59-64. – EDN TZNQAL.
31. Peskova O. Yu., Timkova O. Yu., Timkov A.E. Instant messaging programs and insider attacks // In-formation counteraction to terrorist threats. – 2014. – No. 23. – P. 132-142. – EDN THAWVZ.
32. Kotenko I., Izrailov K., Buinevich M. Static Analysis of Information Systems for IoT Cyber Security: A Survey of Machine Learning Approaches // Sensors. – 2022. – Vol. 22, No. 4. – DOIhttps://doi.org/10.3390/s22041335. – EDN XEOLHD.
