摘要
内部威胁已成为企业数据泄露的主要渠道,如何检测和预防内部威胁成为互联网+环境下的一个重要课题。按照"事前预防、事中控制、事后治理"的安全策略,使用系统动态学梳理攻击过程,对由访问控制系统、异常行为分析系统和审计追踪技术构成的三层安全体系结构进行了分析,提出了基于中间件技术的内部威胁实时检测模型,在对三层安全体系结构的核心优化技术处理的基础上,提出了基于主体和客体混合分层模型的预防和检测策略。研究表明,使用基于中间件的混合分层模型比单一模型提高了内部威胁的检测准确率、降低了误报率。
Insider threat has become the main way of enterprise data leakage, how to detect and prevent insider threat has become an important issue in web+ environment. According to "advanced prevention, things in control and afterwards audit" of security policy, using system dynamics to comb the attack process, three layer security architecture composed of access control system, abnormal be- havior analysis system and audit tracking system are analyzed, put forward insider threat detection model based on middleware tech- nology, on the basis of the core of the three layer security architecture optimization technology for the treatment of proposed based on subject and object hierarchical mixture model of strategies for prevention and detection. The results show that using the hybrid hierar- chical model improves the insider threat detection accuracy and reduce the rate of false positives than that of the single model.
作者
王振铎
王振辉
姚全珠
Wang Zhenduo Wang Zhenhui Yao Quanzhu(School of Electronic and Information Engineering, Xi'an Siyuan University, Xi'an 710038, China School of Technology and Engineering, Xi'an Fanyi University, Xi'an 710105, China School of Automation and Information Engineering, Xi'an University of Technology, Xi'an 710048, China)
出处
《计算机与应用化学》
CAS
2017年第1期13-18,共6页
Computers and Applied Chemistry
基金
国家自然科学基金资助项目(61405157)
陕西省教育厅科研计划项目(12JK1055)
关键词
内部威胁
异常行为
中间件
模型
insider threat
abnormalbehavior
middleware
model
