基于深度学习的用户和实体行为分析技术  

User and Entity Behavior Analysis Technology Based on Deep Learning

在线阅读下载全文

作  者:白雪[1,2] 章帅 房礼国 BAI Xue;ZHANG Shuai;FANG Liguo(Information Engineering University,Zhengzhou 450001,China;Unit 32081,Beijing 100093,China)

机构地区:[1]信息工程大学,河南郑州450001 [2]32081部队,北京100093

出  处:《信息工程大学学报》2024年第6期697-702,709,共7页Journal of Information Engineering University

基  金:国家自然科学基金(61602513)。

摘  要:针对大数据环境中内部攻击行为难以有效防范的问题,在深入研究用户和实体行为分析(UEBA)技术的基础上,提出基于深度学习的用户和实体行为分析方案,并结合相关数据集进行实验分析。首先利用UEBA技术,构建单位员工和系统设备的正常活动基线、用户行为模式画像;其次使用基于深度学习的多网络模型架构,实现对内部员工窃取敏感数据、账号盗用攻击和针对Web业务系统API的异常访问请求的精准检测和异常评分。实验结果表明:单个网络模型中多层感知器的准确度最高,循环神经网络次之,径向基函数网络相对较差;相比单个网络模型,结合3个神经网络模型的多网络模型准确度有了一定的提升,误判率更低,具有一定的实际运用意义。To address the challenge of effectively preventing internal attacks in big data environments,a deep learning-based user and entity behavior analysis(UEBA)solution is proposed,building on in-depth research of user and entity behavior analysis techniques.The solution involves conducting ex-perimental analysis using relevant datasets.Firstly,UEBA technology is utilized to establish a baseline of normal activities for employees and system devices,creating user behavior pattern profiles.Sec-ondly,a multi-network model architecture based on deep learning is implemented to accurately detect internal threats such as sensitive data theft,account misuse,and anomalous access requests targeting Web service API.The experimental results indicate that the multi-layer perceptron within a single net-work model achieves the highest accuracy,followed by recurrent neural networks,while the radial ba-sis function network performs relatively poorly.Furthermore,the accuracy of the multi-network model,which combines three neural network models,shows a significant improvement over single network models,with a lower false positive rate,making it practically significant for real-world applications.

关 键 词:内部攻击 深度学习 用户和实体行为分析 用户行为模式画像 多网络模型 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象