Безопасность информационных технологий (Oct 2016)
DEVELOPMENT OF INFORMATION SECURITY INSIDER THREAT CLASSIFICATION USING INCIDENT CLUSTERING
Abstract
Effective information security insider threat countermeasure requires knowledge and understanding of actual insider threats and methods of their realization. The article represents analysis of existing insider threat’s and intruder’s classifications. This analysis elicited an absence of comprehensive and consistent classification nowadays. Basing of this outcome a method of insider threat classification development using clustering of incidents was introduced. For this purpose an insider incident database was created and filled with 500 open source incidents. For determination of classification criterions and criterions of result estimation an analysis of gathered statistics was carried out. Using modeling framework IBM SPSS Modeler incident clustering was conducted basing on the following algorithms: k-means, two-step clustering algorithm, Cohonen self-organizing maps. Basing on incident clustering an information security insider threat classification was developed.