期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种实时内部威胁模型建立方法 被引量:3

Method for building the real time insider threat model
下载PDF
导出
摘要 利用系统访问控制关系,定义了主体、客体两个偏序结构和二者间的映射关系,建立了分层映射内部威胁模型.采用层次分析法从主客体两方面对分层映射模型的内部威胁特征进行分解量化,并利用二者间的映射关系实现了对系统内部威胁的全面实时评估.克服了原有模型不能同时定量定性分析内部威胁的缺陷,提高了量化的准确性和客观性.实验结果表明,分层映射内部威胁模型能够实时、有效地评估系统的内部安全威胁,为进一步实现内部威胁感知建立了基础. Partial orders of subjects and of objects in the system and mapping relationship between them are defined by using the access control relationship. On this basis, a hierarchy-mapping based insider threat model is developed. The analytic hierarchy process is used to decompose and quantify the insider threat features of subjects and objects in the model. Then full real time assessment is obtained by using the mapping between subjects and objects. Compared with other models, this model improves the precision and objectivity of the quantization by the combination of qualitative and quantitative analysis. Experimental results show that the hierarchy-mapping based insider threat model can effectively assess the insider threat in real-time and can be used to build the insider threat sense system.
作者 张红斌 裴庆祺 马建峰
机构地区 西安电子科技大学计算机网络与信息安全教育部重点实验室 河北科技大学信息科学与工程学院
出处 《西安电子科技大学学报》 EI CAS CSCD 北大核心 2009年第1期80-86,共7页 Journal of Xidian University
基金 “863”项目资助(2007AA01Z429,2007AA01Z405) 国家自然科学基金重点项目资助(60633020) 国家自然基金资助(60573036,60702059,60503012,60803150) 陕西省“13115”科技创新工程重大科技专项资助(2007ZDKG-56)
关键词 映射 内部威胁 评估 主体 客体 mapping insider threat assessment subject object
分类号 TN915.04 [电子电信—通信与信息系统]
  • 相关文献

参考文献8

  • 1Schultz E. A Framework for Understanding and Predicting Insider Attacks[J]. Computer and Security, 2002, 21(6): 526-531.
  • 2Wood B. An Insider Threat Model for Adversary Simulation[C]//The Proceedings of a Workshop with Title "Esearch on Mitigating the Insider Threat to Information Systems". Arlington: Rand, 2000: 41-48.
  • 3Parker D B. Fighting Computer Crime: a New Framework for Protecting Information[R]. New York: John Wiley and Sons, 1998.
  • 4Park J S, Ho S M. Composite Role-based Monitoring (CRBM) for Countering Insider Threats[C]//Proceedings of the Second Symposium on Intelligence and Security Informatics. Berlin: Springer, 2004: 201-213.
  • 5Ray I, Petolsapassit N. Using Attack Trees to Identify Malicious Attacks from Authorized Insiders[C]//Proeeedings of the 10th European Symposium on Research in Computer Security. Berlin: Springer, 2005: 231-246.
  • 6Satty T L. The Analytic Hierarchy Proeess[M]. New York: McGraw-Hill, 1980.
  • 7Birget J-C, Zou X, Noubir G, et al. Hierarchy-based Access Control in Distributed Environments[C]//Proceedings of 2001 IEEE International Conference on Communications. Helsinki: IEEE, 2001: 229-233.
  • 8陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法[J].软件学报,2006,17(4):885-897. 被引量:342

二级参考文献1

共引文献341

同被引文献27

  • 1Schultz E. A Framework for Understanding and Predicting Insider Attacks [J] . Computer and Security, 2002, 21(6): 526-531.
  • 2Greitzer F L, Moore A P, Cappelli D M, et al. Combating the Insider Cyber Threat [J]. IEEE Security and Privacy, 2008, 6(1): 61-64.
  • 3Lee W, Stolfo S, Chan P, et al. Real Time Data Mining-based Intrusion Detection[C]//Proceedings of the 2001 DARPA Information Survivability Conference and Exposition I] . Los Alamito: IEEE Computer Society, 2001: 89-100.
  • 4Singhal A. Data Warehousing and Data Mining Techniques for Computer Security[M] New York: Springer-Verlag, 2006: 83-103.
  • 5Ertoz L, Eilertson E, Lazarevic A, et al. MINDS-Minnesota Intrusion Detection System[C]//Next Generation Data Mining. New York: MIT/AAAI Press, 2004: 65-86.
  • 6Buford J, Lewis L, Jakobson G. Insider Threat Detection Using Situation-aware MAS [C] //Proceedings of the llth International Conference on Information Fusion. Piscataway: IEEE Press, 2008.
  • 7Wang Hui, Liu Shufen, Zhang Xinjia. A Prediction Model of Insider Threat Based on Multi-agent [C]//Proceedings of the 1st International Symposium on Pervasive Computing and Applications. Piscataway: IEEE Computer Society, 2006: 273-278.
  • 8Anderson D, f,unt T, Javitz H, et al, Detecting Unusual Program Behavior Using the Statistical Component of the Next Generation Intrusion Detection Expert System (NIDES) [R/OL]. [2012-10-07]. http://www, sdl. sri. com/papers/ 5sri/5sri. pdf.
  • 9Santos E, Nguyen H, Yu F, et al. Intent-driven Insider Threat Detection in Intelligence Analyses[C]//Proceedings of the IEEE/WIC/ACM International Conference on Intelligent Agent Technology. Piscataway: IEEE Computer Society, 2008: 345-349.
  • 10Mathew S, Upadhyaya S, Ha D, et al. Insider Abuse Comprehension through Capability Acquisition Graphs [C]// Proceedings of the 11th International Conference on Information Fusion. Piscataway: IEEE Computer Society, 2008: 4632279.

引证文献3

二级引证文献11

西安电子科技大学学报
2009年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部