Computer Science ›› 2020, Vol. 47 ›› Issue (3): 292-297.doi: 10.11896/jsjkx.190200379

• Information Security • Previous Articles     Next Articles

User Attributes Profiling Method and Application in Insider Threat Detection

ZHONG Ya1,GUO Yuan-bo1,LIU Chun-hui2,LI Tao1   

  1. (Cryptography Engineering Institute, Information Engineering University, Zhengzhou 450001, China)1;
    (Unit 61213 of The Chinese People’s Liberation Army, Linfen, Shanxi 041000, China)2
  • Received:2019-02-28 Online:2020-03-15 Published:2020-03-30
  • About author:ZHONG Ya,born in 1995,postgra-duate.Her main research interests include insider threat detection and anomaly detection. GUO Yuan-bo,born in 1975,Ph.D,professor,is member of China Computer Federation.His main research interests include network attack and defense confrontation.
  • Supported by:
    This work was supported by the National Natural Science Foundation of China (61501515).

Abstract: With the widely use of information technology and Internet technology in enterprise organizations,enterprise information security faces unprecedented challenges.Most companies are faced with both external and internal attacks.Due to the lack of timely and effective detection methods,the damage caused by internal attacks is more serious.As the conductor of malicious behaviors in organization and enterprise,human is the research object in insider threat detection.Aiming at the low correlation and low detection efficiency of the similar threat detection for the existing insider threat detection method,user attributes profiling method was proposed.In this paper,users in the organization were taken as the research subject,and the clustering and supervision of similar users were mainly studied.Firstly,the method of calculating the similarity of portraits is defined.Then,the ontology theory and tabular portrait method were used to integrate multiple factors,such as user personality,personality,past expe-rience,working status,and setbacks.Similar users are clustered and managed in group by improved K-Means method,achieving the purpose of joint supervision on potential malicious ones,which reduces the possibility of similar damage occurring.Experimental results show that the proposed method is feasible and makes a way to combat the insider threat.

Key words: Enterprise security, Insider threat, User profiling, Group management, Similarity calculation, K-Means

CLC Number: 

  • TP391
[1]BISHOP M,GATES C.Defining the insider threat[C]∥Proceedings of the Cyber Security & Information Intelligence Research Workshop.2008.
[2]PATZAKIS J.New incident response best practices:Patch and proceed is no longer acceptable incident response [J].Guidance Software,Pasadena,CA,Tech.Rep,2003(9):97-105.
[3]WARKENTIN M,WILLISON R,JOHNSTON A C.The Role of Perceptions of Organizational Injustice and Techniques of Neutralization in Forming Computer Abuse Intentions[C]∥AMCIS 2011.Detroit,Michigan,USA:DBLP,2011.
[4]PREDD J,PFLEEGER S L,HUNKER J,et al.Insiders behaving badly [J].IEEE Security & Privacy,2008,6(4):66-70.
[5]CSO Magazine,U.S.Secret Service,CERT Division of the Software Engineering Institute,et al.2015 U.S.state of cybercrime survey [OL].
[6]Verizon.2018 Data Breach Investigations Report [OL].ht- tps://
[7]Dtex Systems.2018 insider threat intelligence report[OL].
[8]LEGG P A,BUCKLEY O,GOLDSMITH M,et al. Automated insider threat detection system using user and role-based profile assessment[J].IEEE Systems Journal,2017,11(2):503-512.
[9]GAMACHCHI A,SUN L,BOZTAS S.A Graph Based Framework for Malicious Insider Threat Detection[J].arXiv:1089.00141,2017.
[10]NURSE J R C,BUCKLEY O,LEGG P A,et al.Understanding insider threat:A framework for characterising attacks[C]∥IEEE Security and Privacy Workshops.ACM,2014:214-228.
[11]LIANG N.Characteristics of Malicious Insiders and Their Rela- tionships with Different Types of Malicious Attacks[D].Stillwater:Oklahoma State University,2017.
[12]GUO Y B,LIU C H,KONG J,et al.Research on User Behavior Patterns Profiling in InsiderThreat Detection [J].Journal of China Institute of Communications,2018,39(12):145-154.
[13]ABBESH,BOUKETTAYA S,GARGOURI F.Learning ontology from Big Data through MongoDB database[C]∥Computer Systems & Applications.IEEE,2016.
[14]QIU R C,ANTONIK P.The Mathematical Foundations of Data Collection[M]∥Smart Grid using Big Data Analytics:A Random Matrix Theory Approach.2017.
[15]JIA W Y.Research on personalized recommendation algorithm of agriculture information based on group users’portrait[D].Xianyang:Northwest A&F University.2017.
[16]ZHANG Z P,TIAN S X,LIU H Q.Compositive Approach for Ontology Similarity Computation[J].Computer Science,2008,35(12):142-145.
[17]SHI B,FANG L,YAN J,et al.Ontology-Based Measure of Semantic Similarity between Concepts[C]∥IEEE Computer Society.Xiamen,2009:109-112.
[18]US-CERT.Insider Threat Tools[EB/OL].http://www.cert. org/insider-threat/tools/index.cfm,2014-10-20.
[19]LUO Y G,LI X,JIANG T H,et al.Uyghur Lexicon Normalization Method Based on Word Vector[J].Computer Engineering,2018(2):220-225.
[1] XU Shou-kun, NI Chu-han, JI Chen-chen, LI Ning. Image Caption of Safety Helmets Wearing in Construction Scene Based on YOLOv3 [J]. Computer Science, 2020, 47(8): 233-240.
[2] PAN Heng, LI Jing feng, MA Jun hu. Role Dynamic Adjustment Algorithm for Resisting Insider Threat [J]. Computer Science, 2020, 47(5): 313-318.
[3] RAO Meng,MIAO Duo-qian,LUO Sheng. Rough Uncertain Image Segmentation Method [J]. Computer Science, 2020, 47(2): 72-75.
[4] JIAO Yang, YANG Chuan-ying, SHI Bao. Relevance Feedback Method Based on SVM in Shoeprint Images Retrieval [J]. Computer Science, 2020, 47(11A): 244-247.
[5] YAO Li-shuang, LIU Dan, PEI Zuo-fei, WANG Yun-feng. Real-time Network Traffic Prediction Model Based on EMD and Clustering [J]. Computer Science, 2020, 47(11A): 316-320.
[6] LI Gui-hui,LI Jin-jiang,FAN Hui. Image Denoising Algorithm Based on Adaptive Matching Pursuit [J]. Computer Science, 2020, 47(1): 176-185.
[7] XU Fei-xiang,YE Xia,LI Lin-lin,CAO Jun-bo,WANG Xin. Comprehensive Calculation of Semantic Similarity of Ontology Concept Based on SA-BP Algorithm [J]. Computer Science, 2020, 47(1): 199-204.
[8] JIANG Hua,WU Yao,WANG Xin,WANG Hui-jiao. Study on Ocean Data Anomaly Detection Algorithm Based on Improved K-means Clustering [J]. Computer Science, 2019, 46(7): 211-216.
[9] WEN Jun-hao,WAN Yuan,ZENG Jun,WANG Xi-bin,LIANG Guan-zhong. Application of Illumination Clustering and SVM in Energy-saving Control Strategy of Street Lamps [J]. Computer Science, 2019, 46(7): 327-332.
[10] LIU Chang-qi, SHAO Kun, HUO Xing, FAN Dong-yang, TAN Jie-qing. K-means Image Segmentation Algorithm Based on Weighted Quality Evaluation Function [J]. Computer Science, 2019, 46(6A): 158-160.
[11] HOU Yuan-yuan, HE Ru-han, LI Min, CHEN Jia. Clothing Image Retrieval Method Combining Convolutional Neural Network Multi-layerFeature Fusion and K-Means Clustering [J]. Computer Science, 2019, 46(6A): 215-221.
[12] HUANG Hai-yan, LIU Xiao-ming, SUN Hua-yong, YANG Zhi-cai. Application of Clustering Analysis Algorithm in Uncertainty Decision Making [J]. Computer Science, 2019, 46(6A): 593-597.
[13] WU Yi-fan, CUI Yan-peng, HU Jian-wei. Alert Processing Method Based on Hierarchical Clustering [J]. Computer Science, 2019, 46(4): 203-209.
[14] JIN Xu, WANG Lei, SUN Guo-zi, LI Hua-kang. Under-sampling Method for Unbalanced Data Based on Centroid Space [J]. Computer Science, 2019, 46(2): 50-55.
[15] HU Chuang, YANG Geng, BAI Yun-lu. Clustering Algorithm in Differential Privacy Preserving [J]. Computer Science, 2019, 46(2): 120-126.
Full text



[1] LEI Li-hui and WANG Jing. Parallelization of LTL Model Checking Based on Possibility Measure[J]. Computer Science, 2018, 45(4): 71 -75 .
[2] SUN Qi, JIN Yan, HE Kun and XU Ling-xuan. Hybrid Evolutionary Algorithm for Solving Mixed Capacitated General Routing Problem[J]. Computer Science, 2018, 45(4): 76 -82 .
[3] ZHANG Jia-nan and XIAO Ming-yu. Approximation Algorithm for Weighted Mixed Domination Problem[J]. Computer Science, 2018, 45(4): 83 -88 .
[4] WU Jian-hui, HUANG Zhong-xiang, LI Wu, WU Jian-hui, PENG Xin and ZHANG Sheng. Robustness Optimization of Sequence Decision in Urban Road Construction[J]. Computer Science, 2018, 45(4): 89 -93 .
[5] SHI Wen-jun, WU Ji-gang and LUO Yu-chun. Fast and Efficient Scheduling Algorithms for Mobile Cloud Offloading[J]. Computer Science, 2018, 45(4): 94 -99 .
[6] ZHOU Yan-ping and YE Qiao-lin. L1-norm Distance Based Least Squares Twin Support Vector Machine[J]. Computer Science, 2018, 45(4): 100 -105 .
[7] LIU Bo-yi, TANG Xiang-yan and CHENG Jie-ren. Recognition Method for Corn Borer Based on Templates Matching in Muliple Growth Periods[J]. Computer Science, 2018, 45(4): 106 -111 .
[8] GENG Hai-jun, SHI Xin-gang, WANG Zhi-liang, YIN Xia and YIN Shao-ping. Energy-efficient Intra-domain Routing Algorithm Based on Directed Acyclic Graph[J]. Computer Science, 2018, 45(4): 112 -116 .
[9] CUI Qiong, LI Jian-hua, WANG Hong and NAN Ming-li. Resilience Analysis Model of Networked Command Information System Based on Node Repairability[J]. Computer Science, 2018, 45(4): 117 -121 .
[10] WANG Zhen-chao, HOU Huan-huan and LIAN Rui. Path Optimization Scheme for Restraining Degree of Disorder in CMT[J]. Computer Science, 2018, 45(4): 122 -125 .