基于机器学习的商业数据安全风险防范研究  被引量：3

作　　者：马光华[1] 高铁梁[1] 马晨晖 MA Guanghua;GAO Tieliang;MA Chenhui(Key Laboratory of Data Analysis and Financial Risk Prediction,Xinxiang University,Xinxiang 453003,Henan)

机构地区：[1]新乡学院企业财务风险预测及商务数据智能分析重点实验室,河南新乡453003

出　　处：《管理学刊》2023年第1期70-83,共14页Journal of Management

基　　金：2019年河南省哲学社会科学规划项目(2019BJJ053);河南省科技厅软科学项目(232400412081)。

摘　　要：大数据时代下的恶意软件数量的快速增长已经给商业数据安全带来了巨大的风险挑战,使得软件恶意行为识别和风险评估及管理成了商业数据风险防范的重要课题。从信息学的角度提出一种基于机器学习的恶意行为检测方案来应对数据风险识别,从管理学的角度提出了商业数据风险评估和风险管理方案。在这个综合信息学和管理学的方案中,数据风险识别方案采用融合了特征选择的贝叶斯方案进行分类训练和风险识别,风险评估利用因子乘积法去判断风险等级,风险管理通过企业和国家层面的管理手段去降低风险产生的概率。论文集成了包括风险识别、风险评估和风险管理在内的一套综合方案来进行商业数据风险防范。实验和案例分析证明,所提的方案在技术层面上能提高风险识别率,在管理方案上能有效确定风险等级和提高风险攻击代价。The rapid growth of the number of malware in the era of big data has brought huge risk challenges to commercial data security, making software malicious behavior identification, risk assessment and management a huge challenge to commercial data risk prevention. This paper proposes a malicious behavior detection scheme based on machine learning to deal with data risk identification from the perspective of Informatics, and proposes a commercial data risk assessment and risk management scheme from the perspective of management. In this integrated informatics and management scheme, the data risk identification scheme adopts the Bayesian scheme integrating feature selection for classification training and risk identification. Risk assessment uses the factor product method to judge the risk level. Risk management reduces the probability of risk through management means at the enterprise and national levels. This paper integrates a set of comprehensive schemes of risk identification, risk assessment and risk management to prevent business data risk. Experiments and case analysis show that the proposed scheme can improve the risk identification rate at the technical level, effectively determine the risk level and improve the risk attack cost in the management scheme.

关 键 词：信息增益 贝叶斯 N元模型 商业数据安全 风险防控 

分 类 号：C931[经济管理—管理学]