检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
出 处:《计算机学报》2016年第8期1555-1569,共15页Chinese Journal of Computers
基 金:国家"八六三"高技术研究发展计划项目基金(2013AA013204)资助
摘 要:内部用户行为分析是系统安全领域中一个重要的研究问题.近期的工作主要集中在用户单域行为的单一模式分析技术,同时依赖于领域知识和用户背景,不适用于多检测域场景.文中提出一种新的用户跨域行为模式分析方法.该方法能够分析用户行为的多元模式.此外,该方法是完全数据驱动的方法,不需要依赖相关领域知识和用户背景属性.最后作者基于文中的用户行为模式分析方法设计了一种面向内部攻击的检测方法.在实验中,作者使用文中方法分析了真实场景中的5种用户审计日志,实验结果验证了文中分析方法在多检测域场景中分析用户行为多元模式的有效性,同时文中检测方法优于两种已有方法:单域检测方法和基于单一行为模式的检测方法.User behavior analysis is an important problem in the system security research filed.Recently existing work mainly focused on the single pattern analysis of user single-domain behavior,which needed to rely on expert's knowledge and user background knowledge.Thus,these work were not suitable for user behavior pattern analysis in the multi-domain scenarios.In this paper,we proposed a novel method for the user cross-domain behavior analysis.Our method could identify multi-pattern of user cross-domain behavior.Moreover,our method was a completely data driven resolution which did not need any expert's knowledge and user background knowledge.At last,we also designed an insider attack detection method based on our user behavior analysis approach.In our experiment,we used our methods to analyze and detect five user audit logs in real environment.The experimental results showed that our user behavior analysis method was effective on the multi-pattern analysis of the user cross-domain behavior in the multi-domain scenarios,and our insider attack detection method was better than two existing solutions:a single-domain detection method and a single patterns based detection method.
关 键 词:内部威胁 多检测域 用户跨域行为分析 非负矩阵分解 高斯混合模型 机器学习
分 类 号:TP311[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.43