Abstract
The article presents a clustering method for identifying file impacts used in information se-curity incidents investigation. The proposed method is based on application of k-means cluster-ization algorithm with adapted automatic optimal cluster number determination algorithm. Precisely defined clusters amount allows to group data to describe file impacts. The article dis-cusses preparation process of input data obtained from $UsnJrnl volume changes log records, as well as the algorithm for identifying complex file impacts based on the search for relation-ships between clusters. The proposed clustering method has a pronounced automated charac-ter, which allows a specialist that carries out an information security incident investigation to speed up the process of identifying and eliminating the consequences of an incide
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have