信息网络安全 ›› 2017, Vol. 17 ›› Issue (3): 27-32.doi: 10.3969/j.issn.1671-1122.2017.03.005

• • 上一篇    下一篇

基于角色行为模式挖掘的内部威胁检测研究

李殿伟1, 何明亮2(), 袁方3   

  1. 1. 海军参谋部,北京 100841
    2. 92529部队,浙江台州 317600
    3. 海军工程大学信息安全系,湖北武汉 430033
  • 收稿日期:2016-12-15 出版日期:2017-03-20 发布日期:2020-05-12
  • 作者简介:

    作者简介:李殿伟(1965—),男,河南,高级工程师,硕士,主要研究方向为信息安全、维修保障;何明亮(1988—),男,湖北,硕士,主要研究方向为信息安全;袁方(1988—),男,湖北,硕士研究生,主要研究方向为信息安全。

  • 基金资助:
    湖北省自然科学基金[2015CF867]

Research on Insider Threat Detection Based on Role Behavior Pattern Mining

Dianwei LI1, Mingliang HE2(), Fang YUAN3   

  1. 1. Naval Staff, Beijing 100841, China
    2. No.92529 Troops of PLA, Taizhou Zhejiang 317600, China
    3. Information Security Department, Naval University of Engineering, Wuhan Hubei 430033, China
  • Received:2016-12-15 Online:2017-03-20 Published:2020-05-12

摘要:

针对信息系统内部威胁难于检测的问题,文章将访问控制与数据挖掘相结合,设计了一种基于角色行为模式挖掘的内部威胁检测模型,提出了一种基于用户角色行为准则、行为习惯与实际操作行为匹配的内部威胁预警方法。信息系统中每一个操作使用人员和运维管理人员都有自己的职责,表现在系统使用上就是各个用户都有自己所扮演的角色,而每种角色都有自己的行为准则和行为习惯。文章根据系统规范抽取角色行为准则,同时采用数据挖掘技术从系统日志和应用软件日志中提取用户行为习惯和日常操作,通过检测用户实际行为与角色行为准则和行为习惯的背离程度,实现了内部威胁预警。

关键词: 信息系统, 角色, 行为模式, 数据挖掘, 威胁检测

Abstract:

Aiming at the problem that the internal threat of information system is difficult be detected, this paper combined access control and data mining, design an internal threat detection model based on role behavior pattern mining. This paper proposes an internal threat warning method based on user roles code of conduct, behavior habit and actual operation behavior matching. Each operation personnel in information systems and operations management personnel have their own responsibility. Performance is the individual users in the system application have its own role, and each role has its own code of conduct and behavior. The method in this paper is to extract the user behavior habit and daily operation from the system log and the application software log by using the data mining technology according to the system specification, and achieves the internal threat warning by detecting the deviation degree from the actual behavior and user roles code of conduct and the behavior habit.

Key words: information system, role, behavior patterns, data mining, threat detection

中图分类号: