摘要
信息系统不仅面临着外部攻击的威胁,同时也面临着来自系统内部的威胁。本文针对系统内部攻击,首先对信息系统的内部威胁和内部攻击进行简要阐述和分析。基于用户操作行为的一般规律,提出几种检测模型,通过对比检测结果找出检测效果好的检测模型。基于SEA公开数据集,采用词袋、TF-IDF、词汇表以及N-Gram几种方法进行特征提取,使用不同的机器学习算法建立检测模型,包括XGBoost算法、隐式马尔可夫和多层感知机(MLP)。结果显示:测试样本采用词袋+N-Gram特征模型和XGBoost学习算法的精确率和召回率较高,检测效果最好。
Information system not only faces the threat of external attack,but also faces the threat from the internal system.In this paper,aiming at the internal attacks of the system,the internal threats and internal attacks of the information system are briefly described and analyzed.Based on the general rules of user’s operation behavior,this paper proposes several detection models,and finds out a good detection model by comparing the detection results.Based on SEA open data set,feature extraction uses several methods,such as word bag,TF-IDF,vocabulary and N-Gram,and uses different machine learning algorithms to build detection model,including XGBoost algorithm,implicit Markov and multi-layer perceptron(MLP).The results show that the accuracy and recall rate of the test samples using the word bag+N-Gram feature model and XGBoost learning algorithm are high,and the detection effect is the best.
作者
陈明帅
吴克河
CHEN Ming-shuai;WU Ke-he(School of Control and Computer Engineering, North China Electric Power University, Beijing 102206, China)
出处
《计算机与现代化》
2021年第1期56-60,共5页
Computer and Modernization
基金
国家电网总部科技项目(SGGR0000XTJS1900905)。
关键词
内部攻击检测
极端梯度提升决策树
多层感知机
隐式马尔可夫
internal attack detection
XGBoost(extreme gradient boosting)
MLP(multi-layer perceptron)
implicit Markov
