信息系统内部威胁检测技术研究  被引量：4

作　　者：王振辉[1] 王振铎[2] 姚全珠[3] WANG Zhen-Hui;WANG Zhen-Duo;YAO Quan-Zhu(College of Engineering and Technology,Xi’an Fanyi University,Xi’an 710105,China;School of Electronic and Information Engineering,Xi’an Siyuan University,Xi’an 710038,China;Faculty of Automation and Information Engineering,Xi’an University of Technology,Xi’an 710048,China)

机构地区：[1]西安翻译学院工程技术学院,西安710105 [2]西安思源学院电子信息工程学院,西安710038 [3]西安理工大学自动化与信息工程学院,西安710043

出　　处：《计算机系统应用》2019年第12期219-225,共7页Computer Systems & Applications

基　　金：国家自然科学基金(61405157);陕西省教育厅科研计划项目(12JK1055);陕西省高级程序设计语言教学团队项目~~

摘　　要：针对企业信息系统中日益严重的内部威胁行为,特别是冒名登录、越权操作等行为,基于用户行为分析的技术,采用主客体混合的分层安全模型,建立了一种新的信息系统内部威胁检测框架.通过比较用户异常行为及主客体权限发现恶意内部威胁行为.应用正则表达式与混合加密算法保证检测准确性和日志安全性.从身份认证、访问控制、操作审计和行为阈值技术四个方面进行安全检测,对关键技术给出了详细介绍.实验证明该检测框架防止了内部人员破坏数据并提供响应和干预能力,提高了信息系统安全性.最后,展望了内部威胁检测技术发展趋势.In view of the increasingly serious internal threat behaviors in enterprise information system,especially the behaviors such as pseudonym login and unauthorized operation,based on the technology of user behavior analysis,a layered security model with a mixture of subject and object is adopted to establish a new internal threat detection framework of information system.Malicious insider threat behavior is found by comparing the abnormal behavior of users and the authority of subject and object.Regular expression and mixed encryption algorithm are used to ensure the accuracy of detection and log security.Security detection is carried out from four aspects:identity authentication,access control,operation audit,and behavior threshold technology.The key technologies are introduced in detail.Experiments show that the proposed detection framework can prevent internal personnel from stealing data,provide response and intervention capabilities,and improve the security of information systems.Finally,the development trend of internal threat detection technology is prospected.

关 键 词：信息系统 内部威胁 用户行为分析 主体 客体 

分 类 号：TP309[自动化与计算机技术—计算机系统结构] F272[自动化与计算机技术—计算机科学与技术]