摘要
近年来,以系统破坏、信息窃取以及电子欺诈为主的内部攻击因为隐蔽性强、破坏性大的特点对个人与企业,甚至国家安全造成了严重威胁。因此十分有必要关注内部威胁已有的研究成果与发展趋势。本文分析了内部威胁的特征,提出基于信任理论的形式化定义。同时将当前内部威胁研究热点归结为内部威胁模型研究、主观要素研究、客观要素研究及其它研究四个领域,分别介绍各个领域的研究状况,并对每个领域的研究进展进行归纳和分析。通过分析内部威胁已有案例以及当前研究进展,针对现有研究不足提出新型内部威胁检测系统,并展望未来的关键技术。
In recent years, insider attack including information system sabotage, information theft and electronic fraud has been great threats to individuals, business and state security, resulting from strong concealment and destructiveness. Therefore we should pay more attention to insider threat's current research findings and evolution trends. In this paper we analyze the features of insider threat and define insider threat formally based on the trust theory. Meanwhile we divide the insider threat researches into four fields: model research, subjective factors, objective factors and other research while analyzing each field in detail. Based on the analysis of cases and deficiency of current researches we develop the Open Hybrid Insider Threat Detection System and predict possible evolution trends of insider threat. Finally we suggest possible countermeasures against insider threat.
出处
《信息安全学报》
2016年第3期21-36,共16页
Journal of Cyber Security
关键词
内部威胁
内部审计
异常检测
网络安全
系统破坏
信息窃取
电子欺诈
综述
insider threat
internal audit
anomaly detection
cyber security
system sabotage
information theft
electronic deception
survey
