摘要
伴随企业业务的不断扩增和电子化发展,企业自身数据和负载数据都开始暴增。然而,作为企业核心资产之一的内部数据,却面临着日益严峻的安全威胁。越来越多以周期长、频率低、隐蔽强为典型特征的非明显攻击绕过传统安全检测方法,对大量数据造成损毁。对此,根据用户、实体、行为关联,提出整合可以反映用户行为基线的各类数据,提取几种最能反映用户异常的基础特征,利用XGBoost的特征选择策略与FCM聚类算法结合,通过异常打分,定位异常风险最大的一批用户。结果显示,新提出的异常检测算法有着82%以上的准确率,以及86%以上的召回率。
With the continuous expansion and electronic development of enterprise business,the enterprise's own data and load data are being to explode.However,internal data,as one of the core assets of the enterprise,is facing increasingly serious se-curity threats.More and more non-obvious attacks,typically characterized by long cycles,low frequency,and strong concealment,bypass traditional security detection methods and cause damage to large amounts of data.According to the relationship between us-ers,entities and behaviors,it is proposed to integrate various data that can reflect user behavior baselines,extract several basic fea-tures that can best reflect user anomalies,and combine the feature selection strategy of XGBoost with the FCM clustering algorithm to score and locate a group of users with the greatest risk of abnormality.The results show that the newly proposed anomaly detection algorithm has an accuracy rate of over 82%and a recall rate of over 86%.
作者
王江立
段蔚
黄逸飞
李鑫
WANG Jiangli;DUAN Wei;HUANG Yifei;LI Xin(Wuhan Center of Geological Survey,China Geological Survey,Wuhan 430205;School of Computer Science and Artificial Intelligence,Wuhan University of Technology,Wuhan 430063)
出处
《计算机与数字工程》
2024年第3期757-760,785,共5页
Computer & Digital Engineering
