摘要
近年来,大型企业内部敏感信息泄露事件频繁发生,对企业的安全运作带来了巨大的负面影响。其中多数原因涉及内部人员的违规操作,而在大型企业复杂的信息系统中,人员违规操作记录数据往往被淹没在海量的看似正常的数据中,难以通过有效的技术手段及时甄别。文章研究了基于大数据的日志分析架构,将各系统的日志数据汇集至大数据平台,根据预设的数据分析逻辑进行关联分析,得到用户异常行为数据集。根据筛选后的数据,可以作进一步的风险识别与响应。
Sensitive data leakage of large enterprises happens more and more frequently in recent years. This brings huge negative effect to the security of enterprise operation. Insider users’ misbehavior is mostly involved in data leakage. However, it is usually intractable to identify malicious actions among massive ‘seemingly’ normal data in large-scale information systems. In this paper,study a framework of system log analysis based on big data technics. By integrating log data of different application systems to a uniform big data platform and analyzing them correlatively based on some predesigned logic, can get a data set of users’ misbehavior.Furthermore, can perform risk assessment according to this misbehavior data set.
作者
陆勇
孙加萌
LU Yong;SUN Jiameng(Nanjing Research Institute of Electronics Technology,Nanjing 210039,China)
关键词
大数据分析
人员异常行为
企业信息安全
big data analyse
user misbehavior
enterprise information security
