检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:李志 宋礼鹏[1] LI Zhi;SONG Lipeng(Research Institute of Big Data and Network Security,School of Big Data,North University of China,Taiyuan 030051,China)
机构地区:[1]中北大学大数据学院大数据与网络安全研究所,太原030051
出 处:《计算机工程》2020年第4期135-142,150,共9页Computer Engineering
基 金:国家自然科学基金(61772478)。
摘 要:用户在计算机上的行为直接体现在与应用窗口的交互过程中.针对内网安全问题,从应用窗口的使用角度出发,对用户行为进行研究.搭建完全自由的内网环境,采集与分析用户在应用窗口上的行为数据,提取面向异常用户检测与用户变化行为识别的行为特征.通过样本均值分布特性和K-S检验验证了不同用户使用应用窗口的行为存在显著差异,并结合欧氏距离与置信区间,构建异常行为检测算法.实验结果表明,该算法能够有效检测异常用户与识别用户变化行为,准确率分别高达97.4%和94.5%,对于内部威胁防御具有重要作用.User behavior on a computer is directly reflected in the interactions with application windows.To address intranet security issues,research on user behavior is conducted from the perspective of the use of application windows.A completely free intranet environment is built,and user behavior data on application windows is collected and analyzed.On this basis,two kinds of behavior features of the use of application windows are extracted,which solve abnormal user detection and user change behavior recognition respectively.By using the sample mean distribution features and K-S test,it is verified that there are significant differences in the behavior of different users using application windows.Then,an abnormal behavior detection algorithm is constructed by combining Euclidean distance and confidence interval.Experimental results show that the algorithm can detect abnormal users and identify changed user behavior with a high accuracy.The accuracy rates are 97.4%and 94.5%respectively,which has practical application significance for preventing internal threats.
关 键 词:内网安全 应用窗口 用户行为 异常检测 欧氏距离
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.145