On probabilistic estimates of the validity of empirical conclusions

The work focuses on some features of data analysis in insider search problems. The possibilities of using different approaches to describe the diagnosis of insider actions in the analysis of large empirical data are discussed. In tasks of this type, it is necessary to establish (predict, diagnose, etc.) the presence or the absence of target properties in any users from a given set. The assessment of the correctness of plausible reasoning is checked on the basis of estimates of the probabilities of the random appearance of the found laws in the simplest probabilistic models. The examples discussed show at what ratios of parameters it is possible to effectively identify correlations between events with which insiders can be identified. Two methods of controlling relations between parameters are indicated, allowing to obtain content information. The first method is based on dividing the observation period at the intervals during which the desired correlation may appear. The second method relates to the ways to reduce the set of users that could potentially become insiders, i. e., the authors are talking about the formation of clusters in which probabilistic estimates become operational. The desired relationships between the parameters for finding correlations can be determined using limit theorems in the series scheme.