###

计算机系统应用英文版:2019,28(12):219-225

View/Add Comment 过刊浏览高级检索 HTML

←前一篇 | 后一篇→

码上扫一扫！

下载全文

信息系统内部威胁检测技术研究

王振辉¹, 王振铎², 姚全珠³

(1.西安翻译学院工程技术学院, 西安 710105;2.西安思源学院电子信息工程学院, 西安 710038;3.西安理工大学自动化与信息工程学院, 西安 710043)

Insider Threat Detection Technology of Information System

WANG Zhen-Hui¹, WANG Zhen-Duo², YAO Quan-Zhu³

(1.College of Engineering and Technology, Xi'an Fanyi University, Xi'an 710105, China;2.School of Electronic and Information Engineering, Xi'an Siyuan University, Xi'an 710038, China;3.Faculty of Automation and Information Engineering, Xi'an University of Technology, Xi'an 710048, China)

摘要

图/表

参考文献

相似文献

本文已被：浏览 1244次下载 2331次
Received:April 06, 2019 Revised:May 08, 2019

中文摘要: 针对企业信息系统中日益严重的内部威胁行为，特别是冒名登录、越权操作等行为，基于用户行为分析的技术，采用主客体混合的分层安全模型，建立了一种新的信息系统内部威胁检测框架.通过比较用户异常行为及主客体权限发现恶意内部威胁行为.应用正则表达式与混合加密算法保证检测准确性和日志安全性.从身份认证、访问控制、操作审计和行为阈值技术四个方面进行安全检测，对关键技术给出了详细介绍.实验证明该检测框架防止了内部人员破坏数据并提供响应和干预能力，提高了信息系统安全性.最后，展望了内部威胁检测技术发展趋势.

中文关键词: 信息系统内部威胁用户行为分析主体客体

Abstract:In view of the increasingly serious internal threat behaviors in enterprise information system, especially the behaviors such as pseudonym login and unauthorized operation, based on the technology of user behavior analysis, a layered security model with a mixture of subject and object is adopted to establish a new internal threat detection framework of information system. Malicious insider threat behavior is found by comparing the abnormal behavior of users and the authority of subject and object. Regular expression and mixed encryption algorithm are used to ensure the accuracy of detection and log security. Security detection is carried out from four aspects: identity authentication, access control, operation audit, and behavior threshold technology. The key technologies are introduced in detail. Experiments show that the proposed detection framework can prevent internal personnel from stealing data, provide response and intervention capabilities, and improve the security of information systems. Finally, the development trend of internal threat detection technology is prospected.

keywords: information system internal threat user behavior analysis subject object

文章编号： 中图分类号： 文献标志码：

基金项目:国家自然科学基金（61405157）；陕西省教育厅科研计划项目（12JK1055）；陕西省高级程序设计语言教学团队项目

Author Name	Affiliation	E-mail
WANG Zhen-Hui	College of Engineering and Technology, Xi'an Fanyi University, Xi'an 710105, China	9502wzh@163.com
WANG Zhen-Duo	School of Electronic and Information Engineering, Xi'an Siyuan University, Xi'an 710038, China
YAO Quan-Zhu	Faculty of Automation and Information Engineering, Xi'an University of Technology, Xi'an 710048, China

Author Name	Affiliation	E-mail
WANG Zhen-Hui	College of Engineering and Technology, Xi'an Fanyi University, Xi'an 710105, China	9502wzh@163.com
WANG Zhen-Duo	School of Electronic and Information Engineering, Xi'an Siyuan University, Xi'an 710038, China
YAO Quan-Zhu	Faculty of Automation and Information Engineering, Xi'an University of Technology, Xi'an 710048, China

引用文本：
王振辉,王振铎,姚全珠.信息系统内部威胁检测技术研究.计算机系统应用,2019,28(12):219-225
WANG Zhen-Hui,WANG Zhen-Duo,YAO Quan-Zhu.Insider Threat Detection Technology of Information System.COMPUTER SYSTEMS APPLICATIONS,2019,28(12):219-225