DEVELOPMENT OF BAYESIAN NETWORKS FOR A DECISION SUPPORT SYSTEM DURING INTERNAL CYBER THREATS ANALYSIS
DOI:
https://doi.org/10.28925/2663-4023.2024.25.103117Keywords:
cloud services, informational security, internal violators, Bayes networkAbstract
Today, cloud computing has become an important technological paradigm that has become widely implemented in the activities of modern organizations, including in Ukraine. The transition to cloud services (CS) allows companies to increase efficiency, flexibility and competitiveness, as well as to optimize operational costs and risks related to information security (IS). Cloud technologies ensure the availability, scalability and reliability of corporate software applications and systems, which contributes to their widespread use in the modern business environment. At the same time, the use of CS creates new challenges and threats to IS, among which internal violators occupy a prominent place. Internal IS threats can pose the greatest danger to companies. These can be both intentional actions by disloyal employees and unintentional mistakes by honest employees. Insider attackers can have direct access to sensitive information and systems, making it difficult to detect and counter these threats. Effective internal threat risk management requires a comprehensive approach that includes technical, organizational, and personnel security measures. This work is an attempt to develop a method for early detection of such violators based on the application of Bayesian networks. The classification of internal intruders proposed in the study and the identified indicators of their activity constitute a new approach to the analysis and detection of IS threats in the cloud environment. The implementation of the learning model in Python and GeNIe Modeler demonstrates the possibility of creating effective intrusion detection tools that can complement existing DLP systems. The use of modern development and modeling tools makes this work relevant and innovative in the field of protecting cloud services from internal information security threats. Further research involves detailing the proposed method, as well as the analysis of other mathematical approaches that can be used to solve the task, with an assessment of the results of their application.
Downloads
References
Novaes Neto, N., Madnick, S., de Paula, M. G., & Malara Borges, N. (2020). A case study of the capital one data breach. http://dx.doi.org/10.2139/ssrn.3542567
Bodie, M. T. (2022). The Law of Employee Data: Privacy, Property, Governance. Ind. Lj, 97.
Microsoft: Lapsus$ Used Employee Account to Steal Source Code. (n. d.). https://threatpost.com/microsoft-lapsus-compromised-one-employees-account/179048/
Verizon confirms data of 6 million customers was leaked. (n. d.). https://www.washingtonpost.com/business/economy/verizon-confirms-data-of-6-million-customers-was-leaked/2017/07/13/f9340746-67d4-11e7-8eb5-cbccc2e7bfbf_story.html
Tesla sues ex-employee for hacking, theft, and leaking to the press. (n. d.). https://www.theverge.com/2018/6/20/17484030/tesla-sues-employee-hacking-theft-leaking
Nearly 7 Million Dropbox Passwords Have Been Hacked. (n. d.). https://www.businessinsider.com/dropbox-hacked-2014-10
NASA says was hacked 13 times last year. (n. d.). https://www.reuters.com/article/us-nasa-cyberattack-idUKTRE8211G320120303/
Agrafiotis, I., Erola, A., Goldsmith, M., & Creese, S. (2016). A tripwire grammar for insider threat detection. In Proc. of the 8th ACM CCS International Workshop on Managing Insider Security Threats (MIST’16), 105–108.
Agrafiotis, I., Nurse, J. R., Buckley, O., Legg, P., Creese, S., & Goldsmith, M. (2015). Identifying attack patterns for insider threat detection. Computer Fraud & Security, 2015(7), 9–17.
Eberle, W., Graves, J., & Holder, L. (2010). Insider threat detection using a graph-based approach. Journal of Applied Security Research, 6(1), 32–81.
Cappelli, D. M., Moore, A. P., & Trzeciak, R. F. (2012). The CERT guide to insider threats: how to prevent, detect, and respond to information technology crimes (Theft, Sabotage, Fraud). Addison-Wesley.
Brdiczka, O., Liu, J., Price, B., Shen, J., Patil, A., Chow, R., Bart, E., & Ducheneaut, N. (2012). Proactive insider threat detection through graph learning and psychological context. In Proc. of the 2012 IEEE Symposium on Security and Privacy Workshops (SPW’12), 142–149.
Bishop, M., & Gates, C. (2008). Defining the insider threat. In Proc. of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead (CSIIRW’08).
Nechipurenko, K.O. (n. d.). Ways to identify insiders in the enterprise. topical issues of cybersecurity.
Lewellen, T., Moore, A. P., Cappelli, D. M., Trzeciak, R. F., Spooner, D., & Weiland, R. M. (2012). Spotlight on: Insider threat from trusted business partners. version 2: Updated and revised. Technical report, CERT Coordination Center, Software Engineering Institute, Carnegie Mellon University.
Weiland, R. M., Moore, A. P., Cappelli, D. M., Trzeciak, R. F., & Spooner D. (2010). Spotlight on: Insider threat from trusted business partners. CERT Program.
Zgurovsky, M. Z., Bidyuk, P. I., Terentyev, O. M., & Prosyankina-Zharova, T. I. (2015). Bayesian networks in decision support systems. Edelweiss Publishing House LLC.
Bidyuk, P. I., Terentyev, O. M., & Konovaluk, M. M. (2010). Bayesian networks in data mining technologies. Scientific works [of the Petro Mohyla Black Sea State University]. Ser: Computer Technologies, 134(121), 6–16.
Shevchenko, S. M., Zhdanova, Y. D., Skladanny, P. M., & Boyko, S. V. (2022). Insiders and insider information: essence, threats, activities and legal responsibility. Electronic professional scientific publication “Cybersecurity: Education, Science, Technology”, 15(3), 175-185.
Akhmetov, B., Akhanova, M., Lakhno, V., Ydyryshbayeva, M., Yagaliyeva, B., Baiganova, A., & Tashimova, A. (2021). Application of bayesian networks in the decision support system during the analysis of cyber threats. Journal of Theoretical and Applied Information Technology, 99(4), 884–893.
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Андрій Глазунов
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.