Insider threat detection approach for tobacco industry based on heterogeneous graph embedding  

在线阅读下载全文

作  者:季琦 LI Wei PAN Bailin XUE Hongkai QIU Xiang JI Qi;LI Wei;PAN Bailin;XUE Hongkai;QIU Xiang(Hangzhou Cigarette Factory,China Tobacco Zhejiang Industrial Co.,Ltd.,Hangzhou 310024,P.R.China;Information Center,China Tobacco Zhejiang Industrial Co.,Ltd.,Hangzhou 310024,P.R.China;College of Information Engineering,Zhejiang University of Technology,Hangzhou 310014,P.R.China)

机构地区:[1]Hangzhou Cigarette Factory,China Tobacco Zhejiang Industrial Co.,Ltd.,Hangzhou 310024,P.R.China [2]Information Center,China Tobacco Zhejiang Industrial Co.,Ltd.,Hangzhou 310024,P.R.China [3]College of Information Engineering,Zhejiang University of Technology,Hangzhou 310014,P.R.China

出  处:《High Technology Letters》2024年第2期199-210,共12页高技术通讯(英文版)

基  金:Supported by the National Natural Science Foundation of China(No.62203390);the Science and Technology Project of China TobaccoZhejiang Industrial Co.,Ltd(No.ZJZY2022E004)。

摘  要:In the tobacco industry,insider employee attack is a thorny problem that is difficult to detect.To solve this issue,this paper proposes an insider threat detection method based on heterogeneous graph embedding.First,the interrelationships between logs are fully considered,and log entries are converted into heterogeneous graphs based on these relationships.Second,the heterogeneous graph embedding is adopted and each log entry is represented as a low-dimensional feature vector.Then,normal logs and malicious logs are classified into different clusters by clustering algorithm to identify malicious logs.Finally,the effectiveness and superiority of the method is verified through experiments on the CERT dataset.The experimental results show that this method has better performance compared to some baseline methods.

关 键 词:insider threat detection advanced persistent threats graph construction heterogeneous graph embedding 

分 类 号:TP309[自动化与计算机技术—计算机系统结构] F426.8[自动化与计算机技术—计算机科学与技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象