Abstract:
The paper considers the task of insider detection in a group of analytics, who work with a data warehouse, presented as a raw table with a huge amount of attributes. The difference between a legal analyst and an insider is that an insider collects redundant data during his regular work to perform a threat. Therefore, in order to detect an insider, it is necessary to detect the fact of continuously collecting redundant data during a work cycle with a data warehouse. A mathematical model is defined. The author suggests to use statistical techniques with probability of false alarms equal to zero. The author found conditions, under which the power of statistical criteria reaches the value of 1 after a finite number of steps, which means that an insider can be detected definitely.
Keywords:insider threat; anomaly detection; bans of probability measures; statistical criteria; power of criteria.
Fulltext:
PDF file (185 kB)