Development of the analyzing system for user’s actions in the informational environment

Abstract

The main topic of the article is the analysis of user actions in a computer system and the development of a monitoring system for anomalous user actions in the information environment. To develop the system, the mathematical apparatus of fuzzy logic was used. The main advantage of information environment monitoring systems based on the theory of fuzzy sets is the ability to take into account most of the development scenarios while describing schemes for analysing flows of the information environment, as well as to track a large number of computer parameters. In the course of the study, it was revealed that the actions of intruders differ from the behaviour of ordinary users. As a result, the authors propose a developed system for monitoring anomalous user actions in the information environment, which is based on the analysis of event logs. A system operation requires an accumulation of information (audit files, data on login time and session duration, data on file deletion, etc.), on the basis of which a standard (template) of normal user behaviour is created. Then, the user’s behaviour is compared with the standard, and when anomalies are detected, the system signals deviations. This algorithm makes it possible to track a large number of user parameters to determine unauthorised access.