摘要
内部人员威胁会对企业和组织造成重大损失,内部威胁检测对于维护企业信息安全是必要的。概述了基于用户行为日志的内部威胁检测的一般思路和难点,介绍了常见的用户行为日志数据集和预处理方法,分析了内部威胁检测机制的评估指标和常见的内部威胁检测技术,最后给出未来的内部威胁检测研究的发展方向。
Insider threat will cause great losses to enterprises and organizations,and the detection of insider threat is necessary to maintain the information security of enterprises.This paper summarizes the general ideas and difficulties of insider threat detection based on user behavior log,introduces the common data sets and preprocessing methods of user behavior log,analyzes the evaluation indicators of insider threat detection mechanism and common insider threat detection technologies,and finally gives the future development direction of internal threat detection research.
作者
张有
王开云
张春瑞
邓妙然
Zhang You;Wang Kaiyun;Zhang Chunrun;Deng Miaoran(Institude of Computer Application,Chinese Academy of Engineering Physics,Mianyang,Sichuan 621900,China)
出处
《计算机时代》
2020年第9期45-49,共5页
Computer Era
关键词
内部威胁检测
行为日志
信息安全
异常检测
insider threat detection
behavior log
information security
anomaly detection
