Internal Threat Detection Based on Nave Bayesian Theory

doi:10.3969/j.issn.1006-2475.2017.07.019

Abstract

Abstract: Compared with the external threats of information system, the internal threat attack of information system is more subtle and more difficult to be discovered. In this paper, the concept and the three common characteristics of internal threats are researched. In view of the general rules of user command operation, a new detection method of internal threat is proposed based on Nave Bayesian using the open security data set called S-M. This method can detect the internal threat attack with mixed operation behavior in the users. This detection method greatly improves the accuracy rate of internal threat detection and decreases the false alarm rate, so that the idea of machine learning has been widely applied in the field of internal threat detection.


Key words: internal threats, S-M data set, Nave Bayesian, machine learning

CLC Number:

TP309.2

GUO Xiao-ming1,2, SUN Dan1,2. Internal Threat Detection Based on Nave Bayesian Theory[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2017.07.019.

References

［1］杨光,马建刚,于爱民,等. 内部威胁检测研究［J］. 信息安全学报, 2016,1(3):21-36.
［2］Lane T, Brodley C E. An empirical study of two approaches to sequence learning for anomaly detection［J］. Machine Learning, 2003,51(1):73-107.
［3］孙诚,姚丹霖. 一种基于角色的内部威胁检测方法［C］// 中国电子学会第十五届信息论学术年会暨第一届全国网络编码学术年会论文集（上册）. 2008.
［4］Chaoji V, Hoonlor A, Szymanski B. Recursive data mining for author and role identification［C］//Proceedings of the 3th Annual Information Assurance Workshop. 2008:53-62.
［5］Szymanski B, Zhang Y Q. Recursive data mining for masquerade detection and author identification［C］//Proceedings of the 5th IEEE System, Man and Cybernetics Information Assurance Workshop. 2004.424-431.
［6］张锐. 基于文件访问行为的内部威胁异常检测模型研究［D］. 北京：北京交通大学, 2015.
［7］崔鹏. 基于操作网的内部威胁检测模型研究［D］. 长沙：国防科学技术大学， 2009.
［8］文雨,王伟平,孟丹. 面向内部威胁检测的用户跨越行为模式挖掘［J］. 计算机学报， 2016,39(8):1555-1569.
［9］田新广,程学旗,陈小娟,等. 面向Unix和Linux平台的网络用户伪装入侵检测［J］. 计算机科学与探索， 2010,4(6):500-510.
［10］黄铁,张奋. 基于隐马尔可夫模型的内部威胁检测方法［J］. 计算机工程与设计， 2010,31(5):965-968.
［11］胡海峰,周改云,刘云霞. 基于过往入侵特征分析潜在网络威胁检测仿真［J］. 计算机仿真， 2016,33(2):322-325.
［12］林志兴,林劼. 基于PSA模型的用户伪装攻击检测技术［J］. 三明学院学报， 2014,31(6):36-40.
［13］孙丹. 基于贝叶斯理论的Web服务器识别技术研究［D］. 成都：四川大学, 2014.
［14］陆远蓉. 使用数据挖掘攻击Weka［J］. 电脑知识与技术， 2008,1(6):988-990.
［15］郑世明,苗壮,宋自林,等. WEKA环境下基于模糊理论的聚类算法［J］. 解放军理工大学学报（自然科学版）， 2012,13(1):22-26.

[1]	JIA Xiao-yao, . Breast Cancer Prediction and Feature Analysis Model Based on CatBoost and SHAP [J]. Computer and Modernization, 2023, 0(10): 32-38.
[2]	ZHANG Yun, BAI Kai-feng, WANG Xing, CANG Tian, ZHOU Tong, DUAN Jin-wen, SU Han. Review of Electricity Theft Detection in Smart Grid Environment [J]. Computer and Modernization, 2023, 0(03): 60-65.
[3]	SHI Zhi-wei, WU Zhi-feng, ZHANG Zhe. Stock Volatility Prediction of LightGBM-GRU Model under Corrective Learning Strategy [J]. Computer and Modernization, 2023, 0(01): 95-102.
[4]	GUAN Yun-peng, LIU Yu-long. Categorical Data Clustering Based on Extraction of Associations from Co-association Matrix [J]. Computer and Modernization, 2022, 0(11): 1-8.
[5]	LENG Tao , . A Survey of Encrypted Traffic Classification Based on Deep Learning [J]. Computer and Modernization, 2021, 0(08): 112-120.
[6]	DENG Zi-yun , . A Screening Method of Machine Learning Model for Auxiliary Diagnosis [J]. Computer and Modernization, 2021, 0(03): 88-93.
[7]	GUO Xin, CHEN Ying, ZHANG Ming-huan, ZHANG Xuan, PAN Shu-ming, TANG Lu-jia. Analysis and Prediction of Training Effects of National Disaster Life Support Course with Machine Learning Methods [J]. Computer and Modernization, 2020, 0(12): 61-66.
[8]	CHEN Ping-ping, GENG Xiao-ran, ZOU Min, TAN Ding-ying. Analysis of Text Sentiment Orientation Based on Machine Learning [J]. Computer and Modernization, 2020, 0(03): 77-.
[9]	MA Ji-ke, YIN Fei, ZHU Yong-jin, DOU Long-long, LI Jian. A Semi-supervised Learning Method for Operating State Identification of #br# Energy Measurement Devices [J]. Computer and Modernization, 2020, 0(03): 82-.
[10]	ZHAO Qi1,2, JIANG Chao-hui1,2, ZHOU Xue-mei1,2, SONG Zi-hua1,2. A Covert Tunnel Based on HTTP Protocol and Its Detection Method [J]. Computer and Modernization, 2019, 0(06): 16-.
[11]	SUN Xiao-chuan, LU Tian-liang. Application of Data Weighting Optimization Based on Clustering in Crime Prediction [J]. Computer and Modernization, 2019, 0(06): 55-.
[12]	LIU Bin, ZHANG Ji-cong. MRP Classification Algorithms Comparison and Semantic Paradigm Analysis [J]. Computer and Modernization, 2018, 0(11): 88-.
[13]	LIANG Dong, YANG Yong-quan, WEI Zhi-qiang. Information Extraction of Web Pages Based on Support Vector Machine [J]. Computer and Modernization, 2018, 0(09): 21-.
[14]	BAI Jun-ze, YANG Hong-li, ZHANG Biao. Importance Analysis for Android Permission Groups [J]. Computer and Modernization, 2018, 0(08): 102-.
[15]	LI Peng-peng， FAN Hui-min. Research on Improvement of Feature Weights in Text Classification [J]. Computer and Modernization, 2018, 0(02): 66-.