Abstract
One of the reasons for the implementation of information security threats in organizations is the insider activity of its employees. There is a big challenge to detect stego-insiders-employees who create stego-channels to secretly receive malicious information and transfer confidential information across the organization’s perimeter. Especially presently, with great popularity of wireless sensor networks (WSNs) and Internet of Things (IoT) devices, there is a big variety of information that could be gathered and processed by stego-insiders. Consequently, the problem arises of identifying such intruders and their transmission channels. The paper proposes an approach to solving this problem. The paper provides a review of the related works in terms of insider models and methods of their identification, including techniques for handling insider attacks in WSN, as well methods of embedding and detection of stego-embeddings. This allows singling out the basic features of stego-insiders, which could be determined by their behavior in the network. In the interests of storing these attributes of user behavior, as well as storing such attributes from large-scale WSN, a hybrid NoSQL database is created based on graph and document-oriented approaches. The algorithms for determining each of the features using the NoSQL database are specified. The general scheme of stego-insider detection is also provided. To confirm the efficiency of the approach, an experiment was carried out on a real network. During the experiment, a database of user behavior was collected. Then, user behavior features were retrieved from the database using special SQL queries. The analysis of the results of SQL queries is carried out, and their applicability for determining the attribute is justified. Weak points of the approach and ways to improve them are indicated.
Highlights
The widespread use of the Internet and modern computer technologies sharply poses the problem of ensuring information security, both at the level of individual organizations and the whole country [1]
Typical secure transmission methods based on cryptography turn out to be less effective, since the very fact of encrypting traffic is highly suspicious for any security system
Its popularity is largely determined by the fact that it is not subject to the restrictions that most countries in the world impose on the development of their own cryptography methods
Summary
The widespread use of the Internet and modern computer technologies sharply poses the problem of ensuring information security, both at the level of individual organizations and the whole country [1]. It is important to note such a feature of WSNs as the large volume, variety and “multi-purpose” of the transmitted information and its use in critical (from the point of view of information security) infrastructure, which obviously increases the interest of violators In this regard, the development and study of methods for revealing hidden channels of interaction based on steganography methods created by insiders of organizations, as well as the subsequent provision of the integrity of the controlled environment is an actual task.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
