浏览全部资源
扫码关注微信
基于业务过程挖掘的内部威胁检测系统
Business process mining based insider threat detection system
- 通信学报 2016年37卷第Z1期 页码:180-188
- 作者机构:
1. 解放军信息工程大学网络空间安全学院,河南 郑州 450001
2. 数学工程与先进计算国家重点实验室,江苏 无锡 214000
- 作者简介:
[ "朱泰铭(1991-),男,湖北荆州人,解放军信息工程大学硕士生,主要研究方向为大数据分析、内部威胁检测。" ]
[ "郭渊博(1975-),男,陕西周至人,解放军信息工程大学教授、博士生导师,主要研究方向为大数据安全、态势感知。" ]
[ "琚安康(1995-),男,河南新乡人,解放军信息工程大学硕士生,主要研究方向为多步网络攻击检测、威胁情报。" ]
[ "马骏(1981-),男,山西阳泉人,解放军信息工程大学讲师,主要研究方向为物联网安全、大数据安全。" ]
- 基金信息:国家自然科学基金资助项目(61202515)
DOI:10.11959/j.issn.1000-436x.2016265
中图分类号: TP391-
网络出版日期:2016-10,
纸质出版日期:2016-10-25
- 稿件说明:
移动端阅览
朱泰铭, 郭渊博, 琚安康, 等. 基于业务过程挖掘的内部威胁检测系统[J]. 通信学报, 2016,37(Z1):180-188.
Tai-ming ZHU, Yuan-bo GUO, An-kang JU, et al. Business process mining based insider threat detection system[J]. Journal on communications, 2016, 37(Z1): 180-188.
朱泰铭, 郭渊博, 琚安康, 等. 基于业务过程挖掘的内部威胁检测系统[J]. 通信学报, 2016,37(Z1):180-188. DOI: 10.11959/j.issn.1000-436x.2016265.
Tai-ming ZHU, Yuan-bo GUO, An-kang JU, et al. Business process mining based insider threat detection system[J]. Journal on communications, 2016, 37(Z1): 180-188. DOI: 10.11959/j.issn.1000-436x.2016265.
摘要
当前的入侵检测系统更多针对的是外部攻击者,但有时内部人员也会给机构或组织的信息安全带来巨大危害。现有的内部威胁检测方法通常未将人员行为和业务活动进行结合,威胁检测率有待提升。从内部威胁的实施方和威胁对系统业务的影响这2个方面着手,提出基于业务过程挖掘的内部威胁检测系统模型。首先通过对训练日志的挖掘建立系统业务活动的正常控制流模型和各业务执行者的正常行为轮廓,然后在系统运行过程中将执行者的实际操作行为与预建立的正常行为轮廓进行对比,并加以业务过程的控制流异常检测和性能异常检测,以发现内部威胁。对各种异常行为进行了定义并给出了相应的检测算法,并基于ProM平台进行实验,结果证明了所设计系统的有效性。
Abstract
Current intrusion detection systems are mostly for detecting external attacks
but sometimes the internal staff may bring greater harm to organizations in information security.Traditional insider threat detection methods of-ten do not combine the behavior of people with business activities
making the threat detection rate to be improved.An insider threat detection system based on business process mining from two aspects was proposed
the implementation of insider threats and the impact of threats on system services.Firstly
the normal control flow model of business ac-tivities and the normal behavior profile of each operator were established by mining the training log.Then
the actual behavior of the operators was compared with the pre-established normal behavior contours during the operation of the system
which was supplemented by control flow anomaly detection and performance anomaly detection of business processes
in order to discover insider threats.A variety of anomalies were defined and the corresponding detection algorithms were given.Experiments were performed on the ProM platform.The results show the designed system is effective.
关键词
Keywords
references
PARVEEN P , THURAISINGHAM B . Unsupervised incremental sequence learning for insider threat detection[C]//2012 IEEE Interna-tional Conference on Intelligence and Security Informatics (ISI) . 2012 : 141 - 143 .
AALST W M P , MEDEIROS A K A . Process mining and security:detecting anomalous process executions and checking process con-formance [J ] . Electronic Notes in Theoretical Computer Science , 2005 , 121 : 3 - 21 .
AALST W , WEIJTERS T , MARUSTER L . Workflow mining:Dis-covering process models from event logs [J ] . IEEE Transactions on Knowledge and Data Engineering , 2004 , 16 ( 9 ): 1128 - 1142 .
WEN L , WANG J , SUN J . Detecting implicit dependencies between tasks from event logs [J ] . Frontiers of WWW Research and Develop-ment-APWeb 2006 , 2006 : 591 - 603 .
WEIJTERS A , RIBEIRO J T S . Flexible heuristics miner (FHM)[C]//2011 IEEE Symposium on Computational Intelligence and Data Min-ing (CIDM) . 2011 : 310 - 317 .
WEIJTERS A J M M , VAN der AALST W M P . Rediscovering work-flow models from event-based data using little thumb [J ] . Integrated Computer-Aided Engineering , 2013 , 10 ( 2 ): 151 - 162 .
DONGEN B F , AALST W M P . Multi-phase process mining:Aggre-gating instance graphs into EPCs and Petri nets[C]//PNCWB 2005 Workshop . 2015 : 35 - 58 .
VAN DONGEN B F , VAN der AALST W M P . Multi-phase process mining:Building instance graphs[C]//Conceptual Modeling-ER 2004 . 2004 : 362 - 376 .
DE MEDEIROS A K A , WEIJTERS A . Genetic process mining[C]//26th International Conference on Applications and Theory of Petri Nets . 2005 .
AALST W M P , DONGEN B F , GÜNTHER C W , et al . ProM:the process mining toolkit [J ] . BPM (Demos) , 2009 , 489 : 31 .
ANDERSON R H , BOZEK T , LONGSTAFF T , et al . Research on mitigating the insider threat to information systems-# 2 [R ] . Rand Na-tional Defense Research Inst Santa Monica CA , 2000 .
SPITZNER L . Honeypots:catching the insider threat[C]//19th Com-puter Security Applications Conference . 2003 : 170 - 179 .
HU N , BRADFORD P G , LIU J . Applying role based access control and genetic algorithms to insider threat detection[C]//The 44th Annual Southeast Regional Conference . 2006 : 790 - 791 .
BISHOP M , ENGLE S , PEISERT S , et al . We have met the enemy and he is us[C]//The 2008 Workshop on New Security Paradigms . 2009 : 1 - 12 .
GREITZER F L , FRINCKE D A . Combining traditional cyber security audit data with psychosocial data:towards predictive modeling for in-sider threat mitigation[C]//Insider Threats in Cyber Security . 2010 : 85 - 113 .
BRDICZKA O , LIU J , PRICE B , et al . roactive insider threat detec-tion through graph learning and psychological context[C]//2012 IEEE Symposium on Security and Privacy Workshops (SPW) . 2012 : 142 - 149 .
PARVEEN P , EVANS J , THURAISINGHAM B , et al . Insider threat detection using stream mining and graph mining[C]//2011 IEEE Third International Conference on Privacy,Security,Risk and Trust (PAS-SAT) and 2011 IEEE Third Inernational Conference on Social Com-puting (SocialCom) . 2011 : 1102 - 1110 .
BURATTIN A , SPERDUTI A . PLG:a framework for the generation of business process models and their execution logs[C]//Business Process Management Workshops . 2011 : 214 - 219 .
0
浏览量
739
下载量
0
CSCD
- 网络PDF下载
- XML下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
AI问答
鸿云智能
中文
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies
- 总访问量:151733 今日访问量:2