摘要
相比信息系统外部威胁攻击,信息系统内部威胁攻击更具隐蔽性,更难被发现并进行阻断。本文介绍内部威胁的概念及内部威胁常见的3个特征。针对用户命令操作行为具有普遍规律性,利用公开的安全数据集S-M数据集,提出一种基于朴素贝叶斯理论的内部威胁检测方法。该方法能够将混入用户中带有攻击操作行为命令的内部威胁检测出来,大大提高了内部威胁检测正确率,降低了误报率,使机器学习思想在内部威胁检测领域得到了广泛的应用。
Compared with the external threats of information system, the interual threat attack of information system is more subtle and more difficult to be discovered. In this paper, the concept and the three common characteristics of internal threats are re- searched. In view of the general rules of user command operation, a new detection method of internal threat is proposed based on Na'~ve Bayesian using the open security data set called S-M. This method can detect the internal threat attack with mixed operation behavior in the users. This detection method greatly improves the accuracy rate of internal threat detection and decreases the false alarm rate, so that the idea of machine learning has been widely applied in the field of internal threat detection.
出处
《计算机与现代化》
2017年第7期101-106,共6页
Computer and Modernization
基金
江西省科研院所基础设施配套项目(20151BBA13040)
