Russian Federation
The relevance of insider threat detection stems from the growing number of attacks by authorized users, which are difficult to identify using traditional security measures. User and Entity Behavior Analytics (UEBA) systems offer a solution based on analyzing employees' digital footprints; however, there is no methodology for selecting data sources that balances detection completeness and computational costs. The article presents a classification of digital footprint sources into five groups: access metadata, action metadata, network flows, content, and behavioral biometrics. A proposed metric–the informativeness-to-extraction-complexity index–enables quantitative evaluation of the feasibility of using each data type. Experiments on the CMU-CERT r4.2 dataset showed that the maximum index (3.56) is achieved with network flows, while email content analysis provides an 8.3% improvement in detection quality but has a low index (0.41) due to high computational cost.
UEBA, digital footprint, insider threats, behavior analysis, machine learning, feature informativeness, CMU-CERT
1. IBM Security. Otchet o stoimosti utechek dannyh za 2024 god // Korporaciya IBM. – 2024. – 76 s. – URL: https://www.ibm.com/security/data-breach (data obrascheniya: 15.02.2026).
2. Padiet P. Analiz zlonamerennyh insayderskih ugroz celostnosti dannyh: Doktorskaya dissertaciya. – Avstraliya: Universitet Charl'za Sterta, 2024. – 210 s.
3. Sheluhin O.I. Analiz metodov vyyavleniya redkoy anomal'noy aktivnosti pol'zovateley v informacionnyh sistemah // Mezhdunarodnyy vestnik Dona. – 2025. – № 1. – URL: http://www.ivdon.ru/ru/magazine/archive/n1y2026/10690 (data obrascheniya: 15.02.2026).
4. Ostanina E.A., Pokolodina E.V. Cifrovoy sled: ponyatie, istochniki, metody sbora i analiza // Otkrytoe obrazovanie. – 2024. – T. 28, № 3. – S. 24–33.
5. Nassir N.F.M., Rauf U.F.A., Zaynol Z., Gani K.A. Metody prognozirovaniya insayderskih ugroz: sistematicheskiy obzor // Tehnologicheskie gorizonty: Vesennie novosti prikladnyh nauk i tehnologiy. – Cham: Springer Nature, 2024. – S. 119-126.
6. Saponova A.V. Integraciya oprosnyh dannyh i cifrovyh sledov v sociologicheskih issledovaniyah: vozmozhnosti i ogranicheniya: dis. ... kand. nauk. – M., 2025. – 152 s.
7. Ma V., Rastogi N. DANTE: prognozirovanie insayderskoy ugrozy s pomosch'yu LSTM na osnove sistemnyh zhurnalov // Materialy 19-y Mezhdunarodnoy konferencii IEEE 2020 po doveriyu, bezopasnosti i konfidencial'nosti v vychislitel'noy tehnike i kommunikaciyah (TrustCom). – IEEE, 2020. – S. 1151-1156. DOI: https://doi.org/10.1109/TrustCom50675.2020.00153
8. Model' obnaruzheniya vnutrennih ugroz na osnove CNN-LSTM // Mezhdunarodnaya konferenciya 2025 goda po elektricheskoy avtomatizacii i iskusstvennomu intellektu (ICEAAI). – IEEE, 2025. – S. 985-990.
9. Ulanov K.A. Metriki kachestva dannyh // Molodoy uchenyy. – 2024. – № 20 (519). – S. 17–19.
10. Barracuda Networks. Issledovanie pokazyvaet global'noe snizhenie zatrat na utechku dannyh // Blog Barracuda. – 2025. – 2 sentyabrya. – URL: https://blog.barracuda.com/2025/09/02/survey-global-decline-data-breach-costs (data obrascheniya: 15.02.2026).
11. Chon D., Chon U., Kim T., No A., Chhve Dzh. Teoretiko–informacionnaya ocenochnaya metrika dlya sil'nogo otucheniya // Preprint arXiv arXiv: 2405.17878. - 2024.
12. Roberts S. U. Testy kontrol'nyh kart, osnovannye na geometricheskih skol'zyaschih srednih // Tehnometriya. – 1959. – Tom 1, № 3. – S. 239-250. DOI: https://doi.org/10.1080/00401706.1959.10489860
13. Lindauer B. Nabor dannyh dlya proverki insayderskih ugroz // Universitet Karnegi-Mellona. – 2020. – URL: https://kilthub.cmu.edu/articles/dataset/Insider_Threat_Test_Dataset/12841247/1 (data obrascheniya: 15.02.2026).
14. Lyu F.T., Tin K.M., Chzhou Z.H. Izolirovannyy les // Vos'maya mezhdunarodnaya konferenciya IEEE po intellektual'nomu analizu dannyh 2008 goda. – IEEE, 2008. – S. 413-422.
15. Lin D. Ob'yasnena sistema ocenki povedeniya pol'zovateley i organizaciy v analitike povedeniya // Blog Exabeam. – 2017. – URL: https://www.exabeam.com/blog/ueba/a-user-and-entity-behavior-analytics-scoring-system-explained/ (data obrascheniya: 15.02.2026).



