Implementation and operation aspects of a system for detecting abnormally level of user activity

Abstract

The present paper discusses various aspects of embedding the intrusion detection system based on the personal adaptive behavior profile into the existing complex information system. The paper proposes the classification of types of access to the target information infrastructure in order to assess the feasibility of the established system integration. The criteria for evaluating the effectiveness of the implementation of the established system are also described. A method for calculating the dynamic threshold level of abnormality is proposed in the present research. The paper also considers a technique of adjusting the sensitivity of the system in case of abnormal user behavior. The paper describes the approach used for system scaling in case of an increase in the intensity of the incoming requests.