摘要
针对企业信息系统中的内部威胁行为,特别是内部用户的资源滥用行为,提出了一种基于中间件的实时检测框架,并定义了安全功能和相应组件,通过比较用户身份权限和异常操作行为发现恶意内部威胁行为.将对象序列化技术与传统密码技术相结合实现用户实名登录,保证操作防抵赖性.从根本上防止了恶意内部人员获取非法数据并提供检测功能,提高了信息系统的安全性.
In view of the enterprise information system of insider threat behavior, especially internal user resource abuse, proposes a framework for real time detection based middleware and define the security function and the corresponding components, found out the malicious insider threat behavior by comparison of user identity and authority and the abnormal operation behavior. At the same time, object serialization technology and traditional cryptography technology combined with the realization of the user login name, to ensure the operation of non-repudiation. Fundamentally prevent malicious insiders to obtain illegal data and provide the detection function, improve the security of the information system.
作者
王振铎
王振辉
姚全珠
杨玉峰
WANG Zhen-duo WANG Zhen-hui YAO Quan-zhu YANG Yu-feng(School of Electronic & information, Xi'an Siyuan University, Xi'an 710038, China School of Technology and Engineering, Xi'an Fanyi University, Xi'an 710105, China School of Automation and Information Engineering, Xi'an University of Technology, Xi'an 710048, China)
出处
《数学的实践与认识》
北大核心
2017年第19期84-91,共8页
Mathematics in Practice and Theory
基金
国家自然科学基金(61405157)
西安思源学院2017年度自然科学研究课题资助
关键词
内部威胁
异常行为
中间件
模型
insider threat
abnormal behavior
middleware
model