Analysis of Digital Footprints Associated with Cybersecurity Behavior Patterns of Users of University Information and Education Systems

Authors

  • Valerii Lakhno National University of Life and Environmental Sciences of Ukraine
  • Nurgazy Kurbaiyazov Kazakh National University named after Al-Farabi
  • Miroslav Lakhno National University of Life and Environmental Sciences of Ukraine
  • Olena Kryvoruchko State University of Trade and Economics
  • Alona Desyatko State University of Trade and Economics http://orcid.org/0000-0002-2284-3418
  • Svitlana Tsiutsiura State University of Trade and Economics
  • Mykola Tsiutsiura State University of Trade and Economics

Abstract

The analysis of digital footprints (DF) related to the cybersecurity (cyber risk) user behavior of university information and education systems (UIES) involves the study and evaluation of various aspects of activity in the systems. In particular, such analysis includes the study of typical patterns (patterns) of access to UIES, password usage, network activity, compliance with security policies, identification of anomalous behavior, and more. It is shown that user behavior in UIES is represented by sequences of actions and can be analyzed using the sequential analysis method. Such analysis will allow information security (IS) systems of UIES to efficiently process categorical data associated with sequential patterns of user actions. It is shown that analyzing sequential patterns of cyberthreatening user behavior will allow UIES IS systems to identify more complex threats that may be hidden in chains of actions, not just individual events. This will allow for more effective identification of potential threats and prevention of security incidents in the UIES. 

References

Bandara, I., Ioras, F., & Maher, K. (2014). Cyber security concerns in e-learning education. In ICERI2014 Proceedings (pp. 728-734). DOI: 10.13140/2.1.4451.3604.

Bongiovanni Ivano, The least secure places in the universe? A systematic literature review on information security management in higher education, Computers & Security, Volume 86, 2019, Pages 350-357, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2019.07.003.

Garrison, Chlotia & Ncube, C. (2010). Lessons Learned from University Data Breaches. Palmetto Business and Economic Review. 13. 27-37.

FireEye, Inc. Cyber tHreats to the Education Industry. White Paper. Library DFtalog, 2016. Available online: www.fireeye.com (accessed on January 28, 2021).

Yilmaz, Rustu & Yalman, Yıldıray. (2016). A Comparative Analysis of University Information Systems within the Scope of the Information Security Risks. TEM Journal. 5. 180-191. 10.18421/TEM52-10.

Adams, A.; Blanford, A. Security and Online Learning: To Protect and Prohibit. In Usability Evaluation of Online Learning Programs; UK: IDEA Publishing,, 2003; pp. 331-359.

Beaudin, K. (2017), The Legal Implications of Storing Student Data: Preparing for and Responding to Data Breaches. New Directions for Institutional Research, 2016: 37-48. https://doi.org/10.1002/ir.20202.

Beaudin, K. College and university data breaches: Regulating higher education cybersecurity under state and federal law. J. Coll. Univ. Law 2015, 41, 657-693.

Hussain, H.S.; Din, R.; Khidzir, N.Z.; Daud, K.A.M.; Ahmad, S. Risk and Threat via Online Social Network among Academia at Higher Education. Journal of Physics: Conference Series, Volume 1018, 1st International Conference on Big Data and Cloud Computing (ICoBiC) 2017 25–27 November 2017, Kuching, Sarawak, Malaysia, 012008. DOI 10.1088/1742-6596/1018/1/012008

Ulven, Joachim Bjørge, and Gaute Wangen. 2021. "A Systematic Review of Cybersecurity Risks in Higher Education" Future Internet 13, no. 2: 39. https://doi.org/10.3390/fi13020039

Diaz, A.; Sherman, A.T.; Joshi, A. Phishing in an Academic Community: A Study of User Susceptibility and Behavior. arXiv 2018, https://arxiv.org/pdf/1811.06078.pdf.

Cuchta, Tom & Blackwood, Brian & Devine, Thomas & Niichel, Robert & Daniels, Kristina & Lutjens, Caleb & Maibach, Sydney & Stephenson, Ryan. (2019). Human Risk Factors in Cybersecurity. In Proceedings of the 20th Annual SIG Conference on Information Technology Education, Tacoma, WA, USA, October 3-5, 2019; pp. 87-92. 10.1145/3349266.3351407.

Alexei, Arina & Alexei, Anatolie. (2021). Cyber Security Threat Analysis In Higher Education Institutions As A Result Of Distance Learning. International Journal of Scientific & Technology Research. Volume 10. 128-133.

Fertik, M., & Thompson, D. (2015). The reputation economy: How to optimize your digital footprint in a world where your reputation is your most valuable asset. Hachette UK.

France Belanger, Robert E. Crossler, Dealing with digital traces: Understanding protective behaviors on mobile devices, The Journal of Strategic Information Systems, Volume 28, Issue 1, 2019, Pages 34-49, ISSN 0963-8687, https://doi.org/10.1016/j.jsis.2018.11.002.

Gregory Vial, Reflections on quality requirements for digital trace data in IS research, Decision Support Systems, Volume 126, 2019, 113133, ISSN 0167-9236, https://doi.org/10.1016/j.dss.2019.113133.

Mary-Jane Sule, Marco Zennaro, Godwin Thomas, Cybersecurity through the lens of Digital Identity and Data Protection: Issues and Trends, Technology in Society, Volume 67, 2021, 101734, ISSN 0160-791X, https://doi.org/10.1016/j.techsoc.2021.101734.

Curtotti, D., Nocerino, W., & Pallante, C. (2023, September). University of Foggia: Promoting an Interdisciplinary Path in Security Issues, from the Crime Scene to Cyber Security. In IAI ACADEMIC CONFERENCE PROCEEDINGS (p. 21).

Kureychik, V. V., Bova, V. V., & Kravchenko, Yu. A. (2020). Metod poiska posledovatelnykh patternov povedeniya polzovateley v internet-prostranstve. Izvestiya Yuzhnogo federalnogo universiteta. Tekhnicheskie nauki, (4 (214)), 6-21.

Martin Husák, Jaroslav Kašpar, Elias Bou-Harb, and Pavel Čeleda. 2017. On the Sequential Pattern and Rule Mining in the Analysis of Cyber Security Alerts. In Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES '17). Association for Computing Machinery, New York, NY, USA, Article 22, 1–10. https://doi.org/10.1145/3098954.3098981

Anna L. Buczak, Daniel S. Berman, Sean W. Yen, Lanier A. Watkins, Lien T. Duong, and Jeffrey S. Chavis. 2017. Using sequential pattern mining for common event format (CEF) cyber data. In Proceedings of the 12th Annual Conference on Cyber and Information Security Research (CISRC '17). Association for Computing Machinery, New York, NY, USA, Article 2, 1–4. https://doi.org/10.1145/3064814.3064822

M. Hossain, A. H. M. S. Sattar and M. K. Paul, "Market Basket Analysis Using Apriori and FP Growth Algorithm," 2019 22nd International Conference on Computer and Information Technology (ICCIT), Dhaka, Bangladesh, 2019, pp. 1-6, doi: 10.1109/ICCIT48885.2019.9038197.

Wedyan, Suzan. (2014). Review and Comparison of Associative Classification Data Mining Approaches. International Journal of Computer, Information, Systems and Control Engineering, 2014, Vol. 8, pp. 34-45. DOI: 10.5281/zenodo.1336440.

Fournier-Viger, P., Wu, CW., Tseng, V.S. (2013). Mining Maximal Sequential Patterns without Candidate Maintenance. In: Motoda, H., Wu, Z., Cao, L., Zaiane, O., Yao, M., Wang, W. (eds) Advanced Data Mining and Applications. ADMA 2013. Lecture Notes in Computer Science(), vol 8346. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-53914-5_15.

Lakhno, V., Akhmetov, B., Smirnov, O., Chubaievskyi, V., Khorolska, K., Bebeshko, B. (2023). Selection of a Rational Composition of İnformation Protection Means Using a Genetic Algorithm. In: Rajakumar, G., Du, KL., Vuppalapati, C., Beligiannis, G.N. (eds) Intelligent Communication Technologies and Virtual Mobile Networks. Lecture Notes on Data Engineering and Communications Technologies, vol 131. Springer, Singapore. https://doi.org/10.1007/978-981-19-1844-5_2

Lakhno, V. et al. (2023). The Model of Server Virtualization System Protection in the Educational Institution Local Network. In: Shakya, S., Papakostas, G., Kamel, K.A. (eds) Mobile Computing and Sustainable Informatics. Lecture Notes on Data Engineering and Communications Technologies, vol 166. Springer, Singapore. https://doi.org/10.1007/978-981-99-0835-6_33

B. Bebeshko, K. Khorolska and A. Desiatko, "Analysis and Modeling of Price Changes on the Exchange Market Based on Structural Market Data," 2021 IEEE 8th International Conference on Problems of Infocommunications, Science and Technology (PIC S&T), Kharkiv, Ukraine, 2021, pp. 151-156, doi: 10.1109/PICST54195.2021.9772208.

Mathew, Alex. (2023). The Power of Cybersecurity Data Science in Protecting Digital Footprints. Cognizance Journal of Multidisciplinary Studies. 3. 1-4. 10.47760/cognizance.2023.v03i02.001.

Mazhar, Tehseen & Talpur, Dhani Bux & Hanif, Saba & Ullah, Inam & Adhikari, Deepak & Anwar, M.. (2023). Analysis of Cybersecurity Issues and Solutions in Education. 10.1201/9781003369042-5.

V. Lakhno, V. Malyukov, B. Akhmetov, B. Yagaliyeva, O. Kryvoruchko and A. Desiatko, "University Distributed Computer Network Vulnerability Assessment," 2023 IEEE International Conference on Smart Information Systems and Technologies (SIST), Astana, Kazakhstan, 2023, pp. 141-144, doi: 10.1109/SIST58284.2023.10223501.

B.S. Akhmetov, V. Lakhno, B.B. Akhmetov, A. Zhilkishbayev, N. Izbasova, O. Kryvoruchko, A. Desiatko, Application of a Genetic Algorithm for the Selection of the Optimal Composition of Protection Tools of the Information and Educational System of the University, Procedia Computer Science, Volume 215, 2022, Pages 598-607, ISSN 1877-0509, https://doi.org/10.1016/j.procs.2022.12.062.

Buriachok, V., Korshun, N., Zhyltsov, O., Sokolov, V., Skladannyi, P. (2023). Implementation of Active Cybersecurity Education in Ukrainian Higher School. In: Faure, E., Danchenko, O., Bondarenko, M., Tryus, Y., Bazilo, C., Zaspa, G. (eds) Information Technology for Education, Science, and Technics. ITEST 2022. Lecture Notes on Data Engineering and Communications Technologies, vol 178. Springer, Cham. https://doi.org/10.1007/978-3-031-35467-0_32

Khorolska, K., Bebeshko, B., Desiatko, A., & Lazorenko, V. (2021). 3D models classification with use of convolution neural network. Paper presented at the CEUR Workshop Proceedings, 3179 25-34. http://ceur-ws.org/Vol-3179/Paper_3.pdf

Khorolska, K., Lazorenko, V., Bebeshko, B., Desiatko, A., Kharchenko, O., Yaremych, V. (2022). Usage of Clustering in Decision Support System. In: Raj, J.S., Palanisamy, R., Perikos, I., Shi, Y. (eds) Intelligent Sustainable Systems. Lecture Notes in Networks and Systems, vol 213. Springer, Singapore. https://doi.org/10.1007/978-981-16-2422-3_49

Bandara, Indrachapa & Ioras, Florin. (2022). Higher education strategy to reduce an organization's digital carbon footprint derived from cybersecurity policies. 10.21125/edulearn.2022.2209.

Hakimi, Musawer & Quchi, Mohammad Mustafa & Fazil, Abdul Wajid. (2024). Human factors in cybersecurity: an in depth analysis of user centric studies. Jurnal Ilmiah Multidisiplin Indonesia (JIM-ID). 3. 20-33. 10.58471/esaprom.v3i01.3832.

Mincewicz, Wojciech. (2023). Education in the field of cybersecurity at universities in poland. Zeszyty Naukowe SGSP. 86. 117-125. 10.5604/01.3001.0053.7149.

Biloshchytskyi, A., Tsiutsiura, S., Kuchansky, A., Serbin, O., Tsiutsiura, M., Biloshchytska, S., & Faizullin, A. (2022). Development of mathematical models of the project-vector space of educational environments. Eastern-European Journal of Enterprise Technologies, 5(4(119), 50–61. https://doi.org/10.15587/1729-4061.2022.266262

A. Peleschyshyn, R. Korzh, O. Trach and M. Tsiutsiura, "Building of Information Activity Management System of Higher Educational Establishment in the Social Environments of the Internet," 2019 3rd International Conference on Advanced Information and Communications Technologies (AICT), Lviv, Ukraine, 2019, pp. 58-61, doi: 10.1109/AIACT.2019.8847912.

R. Korzh, A. Peleshchyshyn, O. Trach and M. Tsiutsiura, "Analysis of the integrity and completeness of the higher education institution informational image coverage," 2019 IEEE 14th International Conference on Computer Sciences and Information Technologies (CSIT), Lviv, Ukraine, 2019, pp. 48-50, doi: 10.1109/STC-CSIT.2019.8929759.

Additional Files

Published

2024-07-18

Issue

Section

Cryptography and Cybersecurity