Currently, there are a large number of mechanisms for protecting computer systems, one of the directions is the creation of systems that respond to possible threats to the information security of the enterprise. Since according to statistics, a large number of information-related crimes are committed by employees of enterprises, monitoring of user actions in the information environment is a particularly important and relevant issue. The main advantages of such monitoring systems are the ability to represent arbitrary parameter values in the form of analytics of specified values, the ability to take into account a large number of development scenarios, the ability to use this system when making decisions, when describing schemes for analyzing information flows, and also to track a large number of computer parameters. In order to respond to information security incidents in a timely manner, it is important to develop a system that also takes into account the interrelationship of user actions. The authors of this paper hypothesized that the user's actions in a computer system are interrelated with each other, that is, if a user performs suspicious actions in a separate monitored parameter, then with a greater degree of confidence, we can say that this user will perform suspicious actions in another monitored parameter. Correlation analysis is necessary for possible reduction of the number of iterations during the program operation, which in the future allows to speed up the analysis of user actions in the information environment. In order to study the statistical relationship of the parameters, the authors found a mathematical measure of correlation - the correlation coefficient (Pearson correlation coefficient) for the studied parameters. Based on the analysis, fuzzy rules were formulated, on the basis of which a system for monitoring user actions in the information environment is built. In this development, a term such as reference user behavior is introduced. Any deviation from this "standard" is considered as a suspicious action and requires a timely response to a possible incident.

1. Averkin A.N. Nechetkie povedencheskie modeli prinyatiya reshenii c uchetom irratsional'nosti povedeniya cheloveka [Fuzzy behavioral decision-making modelbased on human irrational behavior]. Nauchnye trudy Vol'nogo ekonomicheskogo obshchestva Rossii = Scientific works of the Free Economic Society of Russia, 2014, vol. 186, pp. 153–158.

2. Baev A.V. Gacenko O.Yu. Samonov A.V. Programmnyi kompleks upravleniya dostupom USB-ustroistv k avtomatizirovannym rabochim mestam [The software complex access control USB devices to automated workstations]. Voprosy kiberbezopasnosti = Cybersecurity Issues, 2020, no. 1 (35), pp. 52–61. Available at: http://cyberrus.com/wp-content/uploads/2020/03/52-61-135-20_6.-Baev.pdf (accessed 31.05.2021).

3. Cinque M., Della Corte R., Pecchia A. Contextual filtering and prioritization of computer application logs for security situational awareness. Future Generation Computer Systems, 2020, vol. 111, pp. 668–680. DOI: 10.1016/j.future.2019.09.005.

4. Ilin I., Gudkov K. [Analysis of the disadvantages of artificial neural networks and methods for minimizing them]. Materialy X Mezhdunarodnoi studencheskoi nauchnoi konferentsii "Studencheskii nauchnyi forum – 2018" [Materials of the X International Student Scientific Conference "Student Scientific Forum 2018"]. (In Russian). Available at: http://scienceforum.ru/2018/article/2018000271 (accessed 31.05.2021).

5. Jonathan V., Yingbo S., Salem M.B., Shlomo H., Salvatore S. Active authentication using file system decoys and user behavior modeling: results of a large scale study. Computers and Security, 2019, vol. 87, p. 101412. Available at: https://www.sciencedirect.com/science/article/pii/S0167 404 818311258 (accessed 31.05.2021).

6. Karpova N.E., Panfilova I.E. Ensuring the safety of information processes in sociotechnical systems based on an analysis of the behavioral characteristics of a person as a subject of such a system. 2019 XXI International Conference Complex Systems: Control and Modeling Problems (CSCMP), Samara, Russia, 2019, pp. 751–753.

7. Mendel J.M. Uncertain rule-based fuzzy logic systems: introduction and new directions. Upper Saddle River, NJ, Prentice-Hall, 2001. 555 p.

8. Zadeh L.A. Fuzzy sets. Information and Control, 1965, vol. 8 (3), pp. 338–353.

9. Prade H. A computional approach to approximate and plausible reasoning with applications to expert systems. IEEE Transactions on Pattern Analysis and Machine Intelligence, 1985, vol. 7 (3), pp. 260–283.

10. Nozaki K., Morisawa T., Ishibuchi H. Adjusting membership functions in fuzzy rule–based classification systems. 3rd European Congress on Intelligent Techniques and Soft Computing, EUFIT '95, Aachen, Germany, 1995, vol. 1, pp. 615–619.

11. Jang J.-S.R. ANFIS: adaptive-network-based fuzzy inference system.// IEEE Transactions on Systems, Man, and Cybernetics, 1993, vol. 23 (3), pp. 665–685.

12. Chang W.-J., Sun C.-C. Constrained fuzzy controller design of discrete Takagi–Sugeno fuzzy models. Fuzzy Sets and Systems, 2003, vol. 133, pp. 37–55.

13. Oh S.-K., Pedrycz W., Parka H.-S. Hybrid identification in fuzzy-neural networks. Fuzzy Sets and Systems, 2003, vol. 138, pp. 399–426.

14. Buckley J.J., Eslami E., Hayashi Y. Solving fuzzy equations using neural nets. Fuzzy Sets and Systems, 1997, vol. 86, pp. 271–278.

15. Joo Y.H., Hwang H.S., Kim K.B., Woo K.B. Fuzzy system modeling by fuzzy partition and GA hybrid schemes. Fuzzy Sets and Systems, 1997, vol. 86, pp. 279–288.

16. Wang L.-X. Universal approximation by hierarchical fuzzy systems. Fuzzy Sets and Systems, 1998, vol. 93, pp. 223–230.

17. Friedman M., Ming M., Kandel A. Fuzzy linear systems. Fuzzy Sets and Systems, 1998, vol. 96, pp. 201–209.