计算机科学 ›› 2020, Vol. 47 ›› Issue (3): 292-297.doi: 10.11896/jsjkx.190200379
钟雅1,郭渊博1,刘春辉2,李涛1
ZHONG Ya1,GUO Yuan-bo1,LIU Chun-hui2,LI Tao1
摘要: 随着信息技术与互联网技术在企业组织中的广泛应用,企业安全面临着前所未有的挑战。大多数企业既面临着企业外部的攻击,也面临着内部人员的内部攻击。由于缺乏及时有效的检测手段,内部攻击对企业和组织造成的损害在一定程度上比外部攻击更加严重。在组织和企业内部,“人”是实施破坏行为的主体,是内部威胁检测中的主要研究对象。针对现有内部威胁检测中对内部员工完全隔离监管方法的相似威胁检测关联性低、检测效率低等问题,文中把研究重点从发现诱因转移到相似用户的聚类和监管上,以组织内的用户作为研究主体,提出了内部威胁检测中用户属性画像方法。该方法首先定义了画像相似度计算方法;然后,从用户性格、人格、过往经历、工作状态、遭遇的挫折等多方面着手,利用本体理论、标签式画像方法将多因素整合;最后,通过改进的K-Means算法实现用户聚类与分组管理,实现了潜在恶意用户共同监管的目的,减少了相似破坏多次发生的可能性。实验结果证明了所提方法的可行性,其为组织预防内部威胁提供了思路和方法。
中图分类号:
| [1]BISHOP M,GATES C.Defining the insider threat[C]∥Proceedings of the Cyber Security & Information Intelligence Research Workshop.2008. [2]PATZAKIS J.New incident response best practices:Patch and proceed is no longer acceptable incident response [J].Guidance Software,Pasadena,CA,Tech.Rep,2003(9):97-105. [3]WARKENTIN M,WILLISON R,JOHNSTON A C.The Role of Perceptions of Organizational Injustice and Techniques of Neutralization in Forming Computer Abuse Intentions[C]∥AMCIS 2011.Detroit,Michigan,USA:DBLP,2011. [4]PREDD J,PFLEEGER S L,HUNKER J,et al.Insiders behaving badly [J].IEEE Security & Privacy,2008,6(4):66-70. [5]CSO Magazine,U.S.Secret Service,CERT Division of the Software Engineering Institute,et al.2015 U.S.state of cybercrime survey [OL].https://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/2015-us-cybercrime-survey.pdf. [6]Verizon.2018 Data Breach Investigations Report [OL].ht- tps://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf.2018. [7]Dtex Systems.2018 insider threat intelligence report[OL].https://www.dtexsystems.com/2018-insider-threat-intelligence-report.2018. [8]LEGG P A,BUCKLEY O,GOLDSMITH M,et al. Automated insider threat detection system using user and role-based profile assessment[J].IEEE Systems Journal,2017,11(2):503-512. [9]GAMACHCHI A,SUN L,BOZTAS S.A Graph Based Framework for Malicious Insider Threat Detection[J].arXiv:1089.00141,2017. [10]NURSE J R C,BUCKLEY O,LEGG P A,et al.Understanding insider threat:A framework for characterising attacks[C]∥IEEE Security and Privacy Workshops.ACM,2014:214-228. [11]LIANG N.Characteristics of Malicious Insiders and Their Rela- tionships with Different Types of Malicious Attacks[D].Stillwater:Oklahoma State University,2017. [12]GUO Y B,LIU C H,KONG J,et al.Research on User Behavior Patterns Profiling in InsiderThreat Detection [J].Journal of China Institute of Communications,2018,39(12):145-154. [13]ABBESH,BOUKETTAYA S,GARGOURI F.Learning ontology from Big Data through MongoDB database[C]∥Computer Systems & Applications.IEEE,2016. [14]QIU R C,ANTONIK P.The Mathematical Foundations of Data Collection[M]∥Smart Grid using Big Data Analytics:A Random Matrix Theory Approach.2017. [15]JIA W Y.Research on personalized recommendation algorithm of agriculture information based on group users’portrait[D].Xianyang:Northwest A&F University.2017. [16]ZHANG Z P,TIAN S X,LIU H Q.Compositive Approach for Ontology Similarity Computation[J].Computer Science,2008,35(12):142-145. [17]SHI B,FANG L,YAN J,et al.Ontology-Based Measure of Semantic Similarity between Concepts[C]∥IEEE Computer Society.Xiamen,2009:109-112. [18]US-CERT.Insider Threat Tools[EB/OL].http://www.cert. org/insider-threat/tools/index.cfm,2014-10-20. [19]LUO Y G,LI X,JIANG T H,et al.Uyghur Lexicon Normalization Method Based on Word Vector[J].Computer Engineering,2018(2):220-225. |
| [1] | 吴子仪, 李邵梅, 姜梦函, 张建朋. 基于自注意力模型的本体对齐方法 Ontology Alignment Method Based on Self-attention 计算机科学, 2022, 49(9): 215-220. https://doi.org/10.11896/jsjkx.210700190 |
| [2] | 王毅, 李政浩, 陈星. 基于用户场景的Android 应用服务推荐方法 Recommendation of Android Application Services via User Scenarios 计算机科学, 2022, 49(6A): 267-271. https://doi.org/10.11896/jsjkx.210700123 |
| [3] | 王省, 康昭. 基于光滑表示的半监督分类算法 Smooth Representation-based Semi-supervised Classification 计算机科学, 2021, 48(3): 124-129. https://doi.org/10.11896/jsjkx.200700078 |
| [4] | 陈迎仁, 郭莹楠, 郭享, 倪一涛, 陈星. 基于特征相似度计算的网页包装器自适应 Web Page Wrapper Adaptation Based on Feature Similarity Calculation 计算机科学, 2021, 48(11A): 218-224. https://doi.org/10.11896/jsjkx.210100230 |
| [5] | 徐守坤, 倪楚涵, 吉晨晨, 李宁. 基于YOLOv3的施工场景安全帽佩戴的图像描述 Image Caption of Safety Helmets Wearing in Construction Scene Based on YOLOv3 计算机科学, 2020, 47(8): 233-240. https://doi.org/10.11896/jsjkx.190600109 |
| [6] | 束云峰, 王中卿. 基于专利结构的中文专利摘要研究 Research on Chinese Patent Summarization Based on Patented Structure 计算机科学, 2020, 47(6A): 45-48. https://doi.org/10.11896/JsJkx.190500028 |
| [7] | 潘恒, 李景峰, 马君虎. 可抵御内部威胁的角色动态调整算法 Role Dynamic Adjustment Algorithm for Resisting Insider Threat 计算机科学, 2020, 47(5): 313-318. https://doi.org/10.11896/jsjkx.190800051 |
| [8] | 焦扬, 杨传颖, 石宝. 基于SVM相关反馈的鞋印图像检索算法 Relevance Feedback Method Based on SVM in Shoeprint Images Retrieval 计算机科学, 2020, 47(11A): 244-247. https://doi.org/10.11896/jsjkx.200400032 |
| [9] | 许飞翔,叶霞,李琳琳,曹军博,王馨. 基于SA-BP算法的本体概念语义相似度综合计算 Comprehensive Calculation of Semantic Similarity of Ontology Concept Based on SA-BP Algorithm 计算机科学, 2020, 47(1): 199-204. https://doi.org/10.11896/jsjkx.181202351 |
| [10] | 文俊浩,万园,曾骏,王喜宾,梁冠中. 光照度聚类和支持向量机在路灯节能控制策略中的应用 Application of Illumination Clustering and SVM in Energy-saving Control Strategy of Street Lamps 计算机科学, 2019, 46(7): 327-332. https://doi.org/10.11896/j.issn.1002-137X.2019.07.050 |
| [11] | 蒋华,武尧,王鑫,王慧娇. 改进K均值聚类的海洋数据异常检测算法研究 Study on Ocean Data Anomaly Detection Algorithm Based on Improved K-means Clustering 计算机科学, 2019, 46(7): 211-216. https://doi.org/10.11896/j.issn.1002-137X.2019.07.032 |
| [12] | 刘长齐, 邵堃, 霍星, 范冬阳, 檀结庆. 基于加权质量评价函数的K-means图像分割算法 K-means Image Segmentation Algorithm Based on Weighted Quality Evaluation Function 计算机科学, 2019, 46(6A): 158-160. |
| [13] | 侯媛媛, 何儒汉, 李敏, 陈佳. 结合卷积神经网络多层特征融合和K-Means聚类的服装图像检索方法 Clothing Image Retrieval Method Combining Convolutional Neural Network Multi-layerFeature Fusion and K-Means Clustering 计算机科学, 2019, 46(6A): 215-221. |
| [14] | 黄海燕, 刘晓明, 孙华勇, 杨志才. 聚类分析算法在不确定性决策中的应用 Application of Clustering Analysis Algorithm in Uncertainty Decision Making 计算机科学, 2019, 46(6A): 593-597. |
| [15] | 万家山, 陈蕾, 吴锦华, 高超. 基于KD-Tree聚类的社交用户画像建模 Persona Based Social User Modeling Using KD-Tree 计算机科学, 2019, 46(6A): 442-445. |
|
||
首页