无感状态下基于行为本体的手机用户信息安全能力评估方法

Evaluation method for information security capability of mobile phone user based on behavior ontology under unconscious condition

提出了一种基于安全行为本体的员工安全行为检测方法。通过在用户无感状态下的真实手机使用行为采集,解决了安全行为的真实性问题;通过建立手机用户的静态和动态安全行为本体,对用户的通话、短信、网络与App应用等行为进行形式化描述,制定了不安全行为判定规则和行为关联规则;借鉴攻击图的概念,提出了一种基于行为关联图的不安全行为检测算法,发掘不安全行为路径。进一步,提出了信息安全能力评估的胜任力模型,实现了从员工信息安全行为的定性检测到能力的定量评估的过程。实验表明,该方法能够有效检测出用户不安全行为路径,得到安全能力值。

A security capacity assessment method based on security behavior ontology, was proposed to collect users' behavior data from their smartphones under unconscious condition to solve the problem of detecting mobile phone users' real existing insecure behaviors. A security behavior ontology was set up for formalizing the phone, message, network and App behavior data of mobile phone users and relevant rules were also set down for determining and associating insecure actions. Referring to the notion of attack graph, an insecure behavior detection algorithm was proposed based on behavior association graph for analyzing the paths of insecure behaviors dynamically. Furthermore, a competency model of information security capability assessment was presented for realizing the quantitative evaluation of information security capability of users. The experiment results prove the effectiveness of present competency model for insecure behavior path detection and security ability assessment.