摘要
为检测信息系统中日益增加的内部威胁,针对审计日志中角色行为特征进行分析处理,提出一种基于角色异常行为挖掘的内部威胁检测方法。根据序列模式挖掘原理挖掘角色正常行为,使用KMP算法进行模式匹配,判断角色当前行为是否存在异常。实验数据表明,该方法可有效实现对角色正常行为的挖掘和对角色异常行为的检测,减少模式挖掘时间,在异常行为检测精确度上有所提高。
To detect the increasing internal threats in information systems,the behavioral characteristics of the audit log were analyzed and processed,an internal threat detection method based on role abnormal behavior mining was proposed.The normal behavior of characters based on the principle of sequential pattern mining was mined.The Knuth-Morris-Pratt(KMP)algorithm was used for pattern matching to determine whether the current behavior of the character was abnormal.Experimental data show that the proposed method can effectively realize the mining of the normal behavior of the character and the detection of the abnormal behavior of the character.At the same time,the time and the accuracy of abnormal behavior detection are improved.
作者
顾兆军
郭靖轩
GU Zhao-jun;GUO Jing-xuan(Information Security Evaluation Center,Civil Aviation University of China,Tianjin 300300,China;College of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China)
出处
《计算机工程与设计》
北大核心
2020年第10期2740-2746,共7页
Computer Engineering and Design
基金
国家自然科学基金项目(61601467、U1533104)
民航安全能力建设基金项目(PDSA2018079、PDSA2018082)
中央高校基本科研业务费中国民航大学专项基金项目(3122018D031)。
