РОЗРОБКАМОДЕЛІ ФОРМАЛІЗАЦІЇ ПРОЦЕСУ ВИЯВЛЕННЯ ІНСАЙДЕРСЬКИХ КІБЕРЗАГРОЗ У БАНКАХ: ОНТОЛОГІЧНИЙ ПІДХІД

Abstract

The article is devoted to developing an ontological model of the formalization of detecting insider cyber threats for banking institutions. This model's general requirements and criteria, elements and stages of construction were defined. As part of the model implementation, the structure of classes, relationships between them, characteristics of rules and restrictions, states of objects, temporal and spatial aspects, and aspects of authentication, access control, encryption and other areas of cyber security were proposed. In the modern realities of constantly growing cyber threats, developing effective means of their detection and countermeasures becomes a critical task for ensuring the cyber security of banking systems. The specificity of banking, where sensitive financial information is at constant risk, makes this problem particularly relevant. This is especially felt when solving tasks related to abuse of trust by internal users, so identifying insider threats becomes a significant challenge for banks. The difficulty of their detection is determined by several factors, such as the internal privileges of individuals with access to confidential information, as well as various traffic and intrusion methods. Therefore, this article aims to create a model for formalising the process of detecting insider cyber threats in banks based on an ontological approach. The development of an ontological model seeks to analyse and standardise knowledge about insider threats to improve the possibilities of their timely detection and reduce the reaction time to security events. Applying such an approach allows us to systematise and standardise knowledge about insider threats, defining relationships between concepts and objects in this context. As part of the research goal, the general requirements and criteria, elements and stages of building an ontological model of the formalisation of the process of detecting insider cyber threats in banks were determined. The structure of classes, relationships between them, characterisation of rules and restrictions, states of objects, temporal and spatial aspects, and aspects of authentication, access control, encryption and other areas of cyber security were proposed. The developed model is designed to solve the problems of identification, analysis and response to insider threats in the banking sector, contributing to increasing cyber security and responsibility in this crucial sector.