无感状态下基于行为本体的手机用户信息安全能力评估方法

麦丞程; 陈波; 周嘉坤; 于泠

doi:10.11959/j.issn.1000-436x.2016262

您当前的位置：

首页 >

文章列表页 >

无感状态下基于行为本体的手机用户信息安全能力评估方法

学术论文 | 更新时间：2024-06-05

- 无感状态下基于行为本体的手机用户信息安全能力评估方法
- Evaluation method for information security capability of mobile phone user based on behavior ontology under unconscious condition
- 通信学报 2016年37卷第Z1期页码：156-167
- 作者机构：
  
  1. 南京师范大学计算机科学与技术学院，江苏南京 210023
  2. 江苏省大规模复杂系统数值模拟重点实验室，江苏南京 210023
- 作者简介：
  
  [ "麦丞程（1990-），男，江苏南京人，南京师范大学硕士生，主要研究方向为移动安全、信息安全行为等。" ]
  [ "陈波（1972-），男，江苏南通人，南京师范大学教授、硕士生导师，主要研究方向为移动安全、社会计算等。" ]
  [ "周嘉坤（1992-），男，江苏南通人，南京师范大学硕士生，主要研究方向为安全人因分析、移动安全等。" ]
  [ "于泠（1971-），女，江苏金坛人，南京师范大学副教授，主要研究方向为信息安全、社会计算。" ]
- 基金信息：
  
  “赛尔网络”下一代互联网技术创新基金资助项目(2016-61);江苏省教育科学“十二五”规划重点基金资助项目(B-a/2013/01/013);中国学位与研究生教育学会研究课题基金资助项目(B1-2015Y11-026);江苏省高等教育教学改革重点课题基金资助项目(2015JSJG034)
- DOI：10.11959/j.issn.1000-436x.2016262
  中图分类号： TP391
- 网络出版日期：2016-10，
  
  纸质出版日期：2016-10-25
- 稿件说明：
移动端阅览
麦丞程, 陈波, 周嘉坤, 等. 无感状态下基于行为本体的手机用户信息安全能力评估方法[J]. 通信学报, 2016,37(Z1):156-167.

Cheng-cheng MAI, Bo CHEN, Jia-kun ZHOU, et al. Evaluation method for information security capability of mobile phone user based on behavior ontology under unconscious condition[J]. Journal on communications, 2016, 37(Z1): 156-167.
麦丞程, 陈波, 周嘉坤, 等. 无感状态下基于行为本体的手机用户信息安全能力评估方法[J]. 通信学报, 2016,37(Z1):156-167. DOI： 10.11959/j.issn.1000-436x.2016262.

Cheng-cheng MAI, Bo CHEN, Jia-kun ZHOU, et al. Evaluation method for information security capability of mobile phone user based on behavior ontology under unconscious condition[J]. Journal on communications, 2016, 37(Z1): 156-167. DOI： 10.11959/j.issn.1000-436x.2016262.

摘要

提出了一种基于安全行为本体的员工安全行为检测方法。通过在用户无感状态下的真实手机使用行为采集，解决了安全行为的真实性问题；通过建立手机用户的静态和动态安全行为本体，对用户的通话、短信、网络与App应用等行为进行形式化描述，制定了不安全行为判定规则和行为关联规则；借鉴攻击图的概念，提出了一种基于行为关联图的不安全行为检测算法，发掘不安全行为路径。进一步，提出了信息安全能力评估的胜任力模型，实现了从员工信息安全行为的定性检测到能力的定量评估的过程。实验表明，该方法能够有效检测出用户不安全行为路径，得到安全能力值。

Abstract

A security capacity assessment method based on security behavior ontology

was proposed to collect users' be-havior data from their smartphones under unconscious condition to solve the problem of detecting mobile phone users' real existing insecure behaviors.A security behavior ontology was set up for formalizing the phone

message

network and App behavior data of mobile phone users and relevant rules were also set down for determining and associating inse-cure actions.Referring to the notion of attack graph

an insecure behavior detection algorithm was proposed based on behavior association graph for analyzing the paths of insecure behaviors dynamically.Furthermore

a competency model of information security capability assessment was presented for realizing the quantitative evaluation of information secu-rity capability of users.The experiment results prove the effectiveness of present competency model for insecure behavior path detection and security ability assessment.

关键词

Keywords

references

DHINGRA M . Legal issues in secure implementation of bring your own device (BYOD) [J ] . Procedia Computer Science , 2016 , 78 : 179 - 184 .

Intel Security . Report of threat prediction in 2016 from McAfee labs [R/OL ] . http://www.mcafee.com/cn/resources/reports/rp-threats-predictions-2016.pdf http://www.mcafee.com/cn/resources/reports/rp-threats-predictions-2016.pdf , 2016 - 06 - 10 .

Symantec . Internet security threat report [R/OL ] . https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf , 2016 - 0 7 - 13 .

Wikipedia . Hillary clinton email controversy [R/OL ] . https://en.wikipedia.org/wiki/Hillary_Clinton_email_controversy https://en.wikipedia.org/wiki/Hillary_Clinton_email_controversy , 2016 - 0 7 - 17 .

SARI P K , TRIANASARI N . Information security awareness meas-urement with confirmatory factor analysis[C]// International Sympo-sium on Technology Management and Emerging Technologies,2014 . ISTMET 2014.IEEE , 2014 : 218 - 223 .

NGOQO B , FLOWERDAY S V . Information security behaviour profiling framework (ISBPF) for student mobile phone users [J ] . Computers ＆ Security , 2015 , 3 : 132 - 142 .

陈波，朱汉，刘亚尚 . 个人信息安全素养评测手机软件开发 [J ] . 信息安全与技术， 2014 , 5 ( 10 ): 50 - 55 .

CHEN B , ZHU H , LIU Y S . Mobile software development for evalua-tion of personal information security literacy [J ] . Information Security and Technology , 2014 , 5 ( 10 ): 50 - 55 .

Naval Postgraduate School . The center for information systems secu-rity studies and research,CyberCIEGE scenario development tool user's guide [R/OL ] . http://cisr.nps.edu/cyberciege/downloads/sdt.pdf http://cisr.nps.edu/cyberciege/downloads/sdt.pdf . 2010 - 0 04 - 17 .

WARD R , BEYER B . Beyondcorp:a new approach to enterprise security [J ] . The Magazine of USENIX ＆ SAGE , 2014 , 39 ( 6 ): 6 - 11 .

DONNER M . Toward a security ontology [J ] , IEEE Security and Pri-vacy , 2003 , 1 ( 3 ): 6 - 7 .

RAZZAQ A , ANWAR Z , AHMAD H F , et al . Ontology for attack detection:an intelligent approach to Web application security [J ] . Computers ＆ Security , 2014 , 45 : 124 - 146 .

EKELHART A , KIESLING E , GRILL B , et al . Integrating attacker behavior in IT security analysis:a discrete-event simulation ap-proach [J ] . Information Technology and Management , 2015 , 16 ( 3 ): 221 - 233 .

BRAHMI I , BRAHMI H , YAHIA S B . A multi-agents intrusion de-tection system using ontology and clustering techniques[M]// Com-puter Science and Its Applications . Springer International Publishing , 2015 : 381 - 393 .

MUNDIE D , MCINTIRE D M . An ontology for malware analysis[C]//International Conference on Availability,Reliability and Security,IEEE , 2013 : 556 - 558 .

SOLIC K , OCEVCIC H , GOLUB M . The information systems' secu-rity level assessment model based on an ontology and evidential rea-soning approach [J ] . Computers ＆ Security , 2015 , 55 : 100 - 112 .

MOULISWARAN S C , KUNMARC A , CHANDRASEKAR C . In-ter-domain role based access control using ontology[C]// International Conference on Advances in Computing,Communications and Infor-matics,2015 , 2015 : 2027 - 2032 .

CHUN S A , GELLER J . Developing a pedagogical cybersecurity ontology[M]//Data Management Technologies and Applications . Springer International Publishing , 2014 : 117 - 135 .

MCCLELLAND C D . Testing for competence rather than for intelli-gence [J ] . American Psychologist , 1973 , 28 ( 1 ): 1 - 24 .

PRAHALAD C K , HAMEL G . The core competence of the corpora-tion [J ] . Harvard Business Review , 1990 , 68 ( 3 ): 79 - 91 .

浏览量

563

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于深度学习的域名查询行为向量空间嵌入

基于流感知的复杂网络应用识别模型