Analysis of Digital Footprints Associated with Cybersecurity Behavior Patterns of Users of University Information and Education Systems

Authors

  • Valerii Lakhno National University of Life and Environmental Sciences of Ukraine
  • Nurgazy Kurbaiyazov Kazakh National University named after Al-Farabi
  • Miroslav Lakhno National University of Life and Environmental Sciences of Ukraine
  • Olena Kryvoruchko State University of Trade and Economics
  • Alona Desyatko State University of Trade and Economics http://orcid.org/0000-0002-2284-3418
  • Svitlana Tsiutsiura State University of Trade and Economics
  • Mykola Tsiutsiura State University of Trade and Economics

Abstract

The analysis of digital footprints (DF) related to the cybersecurity (cyber risk) user behavior of university information and education systems (UIES) involves the study and evaluation of various aspects of activity in the systems. In particular, such analysis includes the study of typical patterns (patterns) of access to UIES, password usage, network activity, compliance with security policies, identification of anomalous behavior, and more. It is shown that user behavior in UIES is represented by sequences of actions and can be analyzed using the sequential analysis method. Such analysis will allow information security (IS) systems of UIES to efficiently process categorical data associated with sequential patterns of user actions. It is shown that analyzing sequential patterns of cyberthreatening user behavior will allow UIES IS systems to identify more complex threats that may be hidden in chains of actions, not just individual events. This will allow for more effective identification of potential threats and prevention of security incidents in the UIES. 

References

Bandara, I., Ioras, F., & Maher, K. (2014). Cyber security concerns in e-learning education. In ICERI2014 Proceedings (pp. 728-734). DOI: 10.13140/2.1.4451.3604.

Bongiovanni Ivano, The least secure places in the universe? A systematic literature review on information security management in higher education, Computers & Security, Volume 86, 2019, Pages 350-357, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2019.07.003.

Garrison, Chlotia & Ncube, C. (2010). Lessons Learned from University Data Breaches. Palmetto Business and Economic Review. 13. 27-37.

FireEye, Inc. Cyber tHreats to the Education Industry. White Paper. Library DFtalog, 2016. Available online: www.fireeye.com (accessed on January 28, 2021).

Yilmaz, Rustu & Yalman, Yıldıray. (2016). A Comparative Analysis of University Information Systems within the Scope of the Information Security Risks. TEM Journal. 5. 180-191. 10.18421/TEM52-10.

Adams, A.; Blanford, A. Security and Online Learning: To Protect and Prohibit. In Usability Evaluation of Online Learning Programs; UK: IDEA Publishing,, 2003; pp. 331-359.

Beaudin, K. (2017), The Legal Implications of Storing Student Data: Preparing for and Responding to Data Breaches. New Directions for Institutional Research, 2016: 37-48. https://doi.org/10.1002/ir.20202.

Beaudin, K. College and university data breaches: Regulating higher education cybersecurity under state and federal law. J. Coll. Univ. Law 2015, 41, 657-693.

Hussain, H.S.; Din, R.; Khidzir, N.Z.; Daud, K.A.M.; Ahmad, S. Risk and Threat via Online Social Network among Academia at Higher Education. Journal of Physics: Conference Series, Volume 1018, 1st International Conference on Big Data and Cloud Computing (ICoBiC) 2017 25–27 November 2017, Kuching, Sarawak, Malaysia, 012008. DOI 10.1088/1742-6596/1018/1/012008

Ulven, Joachim Bjørge, and Gaute Wangen. 2021. "A Systematic Review of Cybersecurity Risks in Higher Education" Future Internet 13, no. 2: 39. https://doi.org/10.3390/fi13020039

Diaz, A.; Sherman, A.T.; Joshi, A. Phishing in an Academic Community: A Study of User Susceptibility and Behavior. arXiv 2018, https://arxiv.org/pdf/1811.06078.pdf.

Cuchta, Tom & Blackwood, Brian & Devine, Thomas & Niichel, Robert & Daniels, Kristina & Lutjens, Caleb & Maibach, Sydney & Stephenson, Ryan. (2019). Human Risk Factors in Cybersecurity. In Proceedings of the 20th Annual SIG Conference on Information Technology Education, Tacoma, WA, USA, October 3-5, 2019; pp. 87-92. 10.1145/3349266.3351407.

Alexei, Arina & Alexei, Anatolie. (2021). Cyber Security Threat Analysis In Higher Education Institutions As A Result Of Distance Learning. International Journal of Scientific & Technology Research. Volume 10. 128-133.

Fertik, M., & Thompson, D. (2015). The reputation economy: How to optimize your digital footprint in a world where your reputation is your most valuable asset. Hachette UK.

France Belanger, Robert E. Crossler, Dealing with digital traces: Understanding protective behaviors on mobile devices, The Journal of Strategic Information Systems, Volume 28, Issue 1, 2019, Pages 34-49, ISSN 0963-8687, https://doi.org/10.1016/j.jsis.2018.11.002.

Gregory Vial, Reflections on quality requirements for digital trace data in IS research, Decision Support Systems, Volume 126, 2019, 113133, ISSN 0167-9236, https://doi.org/10.1016/j.dss.2019.113133.

Mary-Jane Sule, Marco Zennaro, Godwin Thomas, Cybersecurity through the lens of Digital Identity and Data Protection: Issues and Trends, Technology in Society, Volume 67, 2021, 101734, ISSN 0160-791X, https://doi.org/10.1016/j.techsoc.2021.101734.

Curtotti, D., Nocerino, W., & Pallante, C. (2023, September). University of Foggia: Promoting an Interdisciplinary Path in Security Issues, from the Crime Scene to Cyber Security. In IAI ACADEMIC CONFERENCE PROCEEDINGS (p. 21).

Kureychik, V. V., Bova, V. V., & Kravchenko, Yu. A. (2020). Metod poiska posledovatelnykh patternov povedeniya polzovateley v internet-prostranstve. Izvestiya Yuzhnogo federalnogo universiteta. Tekhnicheskie nauki, (4 (214)), 6-21.

Martin Husák, Jaroslav Kašpar, Elias Bou-Harb, and Pavel Čeleda. 2017. On the Sequential Pattern and Rule Mining in the Analysis of Cyber Security Alerts. In Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES '17). Association for Computing Machinery, New York, NY, USA, Article 22, 1–10. https://doi.org/10.1145/3098954.3098981

Anna L. Buczak, Daniel S. Berman, Sean W. Yen, Lanier A. Watkins, Lien T. Duong, and Jeffrey S. Chavis. 2017. Using sequential pattern mining for common event format (CEF) cyber data. In Proceedings of the 12th Annual Conference on Cyber and Information Security Research (CISRC '17). Association for Computing Machinery, New York, NY, USA, Article 2, 1–4. https://doi.org/10.1145/3064814.3064822

M. Hossain, A. H. M. S. Sattar and M. K. Paul, "Market Basket Analysis Using Apriori and FP Growth Algorithm," 2019 22nd International Conference on Computer and Information Technology (ICCIT), Dhaka, Bangladesh, 2019, pp. 1-6, doi: 10.1109/ICCIT48885.2019.9038197.

Wedyan, Suzan. (2014). Review and Comparison of Associative Classification Data Mining Approaches. International Journal of Computer, Information, Systems and Control Engineering, 2014, Vol. 8, pp. 34-45. DOI: 10.5281/zenodo.1336440.

Fournier-Viger, P., Wu, CW., Tseng, V.S. (2013). Mining Maximal Sequential Patterns without Candidate Maintenance. In: Motoda, H., Wu, Z., Cao, L., Zaiane, O., Yao, M., Wang, W. (eds) Advanced Data Mining and Applications. ADMA 2013. Lecture Notes in Computer Science(), vol 8346. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-53914-5_15.

Lakhno, V., Akhmetov, B., Smirnov, O., Chubaievskyi, V., Khorolska, K., Bebeshko, B. (2023). Selection of a Rational Composition of İnformation Protection Means Using a Genetic Algorithm. In: Rajakumar, G., Du, KL., Vuppalapati, C., Beligiannis, G.N. (eds) Intelligent Communication Technologies and Virtual Mobile Networks. Lecture Notes on Data Engineering and Communications Technologies, vol 131. Springer, Singapore. https://doi.org/10.1007/978-981-19-1844-5_2

Lakhno, V. et al. (2023). The Model of Server Virtualization System Protection in the Educational Institution Local Network. In: Shakya, S., Papakostas, G., Kamel, K.A. (eds) Mobile Computing and Sustainable Informatics. Lecture Notes on Data Engineering and Communications Technologies, vol 166. Springer, Singapore. https://doi.org/10.1007/978-981-99-0835-6_33

B. Bebeshko, K. Khorolska and A. Desiatko, "Analysis and Modeling of Price Changes on the Exchange Market Based on Structural Market Data," 2021 IEEE 8th International Conference on Problems of Infocommunications, Science and Technology (PIC S&T), Kharkiv, Ukraine, 2021, pp. 151-156, doi: 10.1109/PICST54195.2021.9772208.

Mathew, Alex. (2023). The Power of Cybersecurity Data Science in Protecting Digital Footprints. Cognizance Journal of Multidisciplinary Studies. 3. 1-4. 10.47760/cognizance.2023.v03i02.001.

Mazhar, Tehseen & Talpur, Dhani Bux & Hanif, Saba & Ullah, Inam & Adhikari, Deepak & Anwar, M.. (2023). Analysis of Cybersecurity Issues and Solutions in Education. 10.1201/9781003369042-5.

V. Lakhno, V. Malyukov, B. Akhmetov, B. Yagaliyeva, O. Kryvoruchko and A. Desiatko, "University Distributed Computer Network Vulnerability Assessment," 2023 IEEE International Conference on Smart Information Systems and Technologies (SIST), Astana, Kazakhstan, 2023, pp. 141-144, doi: 10.1109/SIST58284.2023.10223501.

B.S. Akhmetov, V. Lakhno, B.B. Akhmetov, A. Zhilkishbayev, N. Izbasova, O. Kryvoruchko, A. Desiatko, Application of a Genetic Algorithm for the Selection of the Optimal Composition of Protection Tools of the Information and Educational System of the University, Procedia Computer Science, Volume 215, 2022, Pages 598-607, ISSN 1877-0509, https://doi.org/10.1016/j.procs.2022.12.062.

Buriachok, V., Korshun, N., Zhyltsov, O., Sokolov, V., Skladannyi, P. (2023). Implementation of Active Cybersecurity Education in Ukrainian Higher School. In: Faure, E., Danchenko, O., Bondarenko, M., Tryus, Y., Bazilo, C., Zaspa, G. (eds) Information Technology for Education, Science, and Technics. ITEST 2022. Lecture Notes on Data Engineering and Communications Technologies, vol 178. Springer, Cham. https://doi.org/10.1007/978-3-031-35467-0_32

Khorolska, K., Bebeshko, B., Desiatko, A., & Lazorenko, V. (2021). 3D models classification with use of convolution neural network. Paper presented at the CEUR Workshop Proceedings, 3179 25-34. http://ceur-ws.org/Vol-3179/Paper_3.pdf

Khorolska, K., Lazorenko, V., Bebeshko, B., Desiatko, A., Kharchenko, O., Yaremych, V. (2022). Usage of Clustering in Decision Support System. In: Raj, J.S., Palanisamy, R., Perikos, I., Shi, Y. (eds) Intelligent Sustainable Systems. Lecture Notes in Networks and Systems, vol 213. Springer, Singapore. https://doi.org/10.1007/978-981-16-2422-3_49

Bandara, Indrachapa & Ioras, Florin. (2022). Higher education strategy to reduce an organization's digital carbon footprint derived from cybersecurity policies. 10.21125/edulearn.2022.2209.

Hakimi, Musawer & Quchi, Mohammad Mustafa & Fazil, Abdul Wajid. (2024). Human factors in cybersecurity: an in depth analysis of user centric studies. Jurnal Ilmiah Multidisiplin Indonesia (JIM-ID). 3. 20-33. 10.58471/esaprom.v3i01.3832.

Mincewicz, Wojciech. (2023). Education in the field of cybersecurity at universities in poland. Zeszyty Naukowe SGSP. 86. 117-125. 10.5604/01.3001.0053.7149.

Biloshchytskyi, A., Tsiutsiura, S., Kuchansky, A., Serbin, O., Tsiutsiura, M., Biloshchytska, S., & Faizullin, A. (2022). Development of mathematical models of the project-vector space of educational environments. Eastern-European Journal of Enterprise Technologies, 5(4(119), 50–61. https://doi.org/10.15587/1729-4061.2022.266262

A. Peleschyshyn, R. Korzh, O. Trach and M. Tsiutsiura, "Building of Information Activity Management System of Higher Educational Establishment in the Social Environments of the Internet," 2019 3rd International Conference on Advanced Information and Communications Technologies (AICT), Lviv, Ukraine, 2019, pp. 58-61, doi: 10.1109/AIACT.2019.8847912.

R. Korzh, A. Peleshchyshyn, O. Trach and M. Tsiutsiura, "Analysis of the integrity and completeness of the higher education institution informational image coverage," 2019 IEEE 14th International Conference on Computer Sciences and Information Technologies (CSIT), Lviv, Ukraine, 2019, pp. 48-50, doi: 10.1109/STC-CSIT.2019.8929759.

Additional Files

Published

2024-07-18

Issue

Vol. 70 No. 3 (2024)

Section

Cryptography and Cybersecurity

License

Copyright (c) 2024 International Journal of Electronics and Telecommunications

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

1. License

The non-commercial use of the article will be governed by the Creative Commons Attribution license as currently displayed on https://creativecommons.org/licenses/by/4.0/.

2. Author’s Warranties

The author warrants that the article is original, written by stated author/s, has not been published before, contains no unlawful statements, does not infringe the rights of others, is subject to copyright that is vested exclusively in the author and free of any third party rights, and that any necessary written permissions to quote from other sources have been obtained by the author/s. The undersigned also warrants that the manuscript (or its essential substance) has not been published other than as an abstract or doctorate thesis and has not been submitted for consideration elsewhere, for print, electronic or digital publication.

3. User Rights

Under the Creative Commons Attribution license, the author(s) and users are free to share (copy, distribute and transmit the contribution) under the following conditions: 1. they must attribute the contribution in the manner specified by the author or licensor, 2. they may alter, transform, or build upon this work, 3. they may use this contribution for commercial purposes.

4. Rights of Authors

Authors retain the following rights:

- copyright, and other proprietary rights relating to the article, such as patent rights,

- the right to use the substance of the article in own future works, including lectures and books,

- the right to reproduce the article for own purposes, provided the copies are not offered for sale,

- the right to self-archive the article

- the right to supervision over the integrity of the content of the work and its fair use.

5. Co-Authorship

If the article was prepared jointly with other authors, the signatory of this form warrants that he/she has been authorized by all co-authors to sign this agreement on their behalf, and agrees to inform his/her co-authors of the terms of this agreement.

6. Termination

This agreement can be terminated by the author or the Journal Owner upon two months’ notice where the other party has materially breached this agreement and failed to remedy such breach within a month of being given the terminating party’s notice requesting such breach to be remedied. No breach or violation of this agreement will cause this agreement or any license granted in it to terminate automatically or affect the definition of the Journal Owner. The author and the Journal Owner may agree to terminate this agreement at any time. This agreement or any license granted in it cannot be terminated otherwise than in accordance with this section 6. This License shall remain in effect throughout the term of copyright in the Work and may not be revoked without the express written consent of both parties.

7. Royalties

This agreement entitles the author to no royalties or other fees. To such extent as legally permissible, the author waives his or her right to collect royalties relative to the article in respect of any use of the article by the Journal Owner or its sublicensee.

8. Miscellaneous

The Journal Owner will publish the article (or have it published) in the Journal if the article’s editorial process is successfully completed and the Journal Owner or its sublicensee has become obligated to have the article published. Where such obligation depends on the payment of a fee, it shall not be deemed to exist until such time as that fee is paid. The Journal Owner may conform the article to a style of punctuation, spelling, capitalization and usage that it deems appropriate. The Journal Owner will be allowed to sublicense the rights that are licensed to it under this agreement. This agreement will be governed by the laws of Poland.

By signing this License, Author(s) warrant(s) that they have the full power to enter into this agreement. This License shall remain in effect throughout the term of copyright in the Work and may not be revoked without the express written consent of both parties.