DATA MINING THE USER’S ENVIRONMENT IN THE PROBLEM OF REMOTE CONTROL DETECTION
The aim of the work is to improve the detection algorithms for remote control of a user session. Object of study – a system for detecting remote control of a user’s computer. The subject of the study is data mining algorithms collected using tools and monitoring tools as part of the client side of the web application on the browser side, designed to analyze changes in the patterns of dynamic biometric features in the case of remote control. The approaches to detecting a remote connection are analyzed. The structure of the remote access detection system with a modern approach to the collection and analysis of the user environment in combination with machine learning methods has been developed. The experimental part of the work is based on an analysis of the user environment database, collected specifically for testing the software implementation of the developed algorithms. 16 different options for remote connection from an attacker to a user’s device were considered. The obtained sample included 178 measurements with a different number of time intervals between intermediate points of the mouse cursor path. The highest efficiency was shown by the random forest classification algorithm with a group of features consisting of time intervals between mouse cursor movement events. The share of correct predictions was 93% on test data.
Keywords:intelligent analysis, user environment analysis, antifraud system, cyber fraud, remote access.