Computer Science ›› 2020, Vol. 47 ›› Issue (3): 292-297.doi: 10.11896/jsjkx.190200379

• Information Security • Previous Articles     Next Articles

User Attributes Profiling Method and Application in Insider Threat Detection

ZHONG Ya1,GUO Yuan-bo1,LIU Chun-hui2,LI Tao1   

  1. (Cryptography Engineering Institute, Information Engineering University, Zhengzhou 450001, China)1;
    (Unit 61213 of The Chinese People’s Liberation Army, Linfen, Shanxi 041000, China)2
  • Received:2019-02-28 Online:2020-03-15 Published:2020-03-30
  • About author:ZHONG Ya,born in 1995,postgra-duate.Her main research interests include insider threat detection and anomaly detection. GUO Yuan-bo,born in 1975,Ph.D,professor,is member of China Computer Federation.His main research interests include network attack and defense confrontation.
  • Supported by:
    This work was supported by the National Natural Science Foundation of China (61501515).

Abstract: With the widely use of information technology and Internet technology in enterprise organizations,enterprise information security faces unprecedented challenges.Most companies are faced with both external and internal attacks.Due to the lack of timely and effective detection methods,the damage caused by internal attacks is more serious.As the conductor of malicious behaviors in organization and enterprise,human is the research object in insider threat detection.Aiming at the low correlation and low detection efficiency of the similar threat detection for the existing insider threat detection method,user attributes profiling method was proposed.In this paper,users in the organization were taken as the research subject,and the clustering and supervision of similar users were mainly studied.Firstly,the method of calculating the similarity of portraits is defined.Then,the ontology theory and tabular portrait method were used to integrate multiple factors,such as user personality,personality,past expe-rience,working status,and setbacks.Similar users are clustered and managed in group by improved K-Means method,achieving the purpose of joint supervision on potential malicious ones,which reduces the possibility of similar damage occurring.Experimental results show that the proposed method is feasible and makes a way to combat the insider threat.

Key words: Enterprise security, Group management, Insider threat, K-Means, Similarity calculation, User profiling

CLC Number: 

  • TP391
[1]BISHOP M,GATES C.Defining the insider threat[C]∥Proceedings of the Cyber Security & Information Intelligence Research Workshop.2008.
[2]PATZAKIS J.New incident response best practices:Patch and proceed is no longer acceptable incident response [J].Guidance Software,Pasadena,CA,Tech.Rep,2003(9):97-105.
[3]WARKENTIN M,WILLISON R,JOHNSTON A C.The Role of Perceptions of Organizational Injustice and Techniques of Neutralization in Forming Computer Abuse Intentions[C]∥AMCIS 2011.Detroit,Michigan,USA:DBLP,2011.
[4]PREDD J,PFLEEGER S L,HUNKER J,et al.Insiders behaving badly [J].IEEE Security & Privacy,2008,6(4):66-70.
[5]CSO Magazine,U.S.Secret Service,CERT Division of the Software Engineering Institute,et al.2015 U.S.state of cybercrime survey [OL].https://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/2015-us-cybercrime-survey.pdf.
[6]Verizon.2018 Data Breach Investigations Report [OL].ht- tps://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf.2018.
[7]Dtex Systems.2018 insider threat intelligence report[OL].https://www.dtexsystems.com/2018-insider-threat-intelligence-report.2018.
[8]LEGG P A,BUCKLEY O,GOLDSMITH M,et al. Automated insider threat detection system using user and role-based profile assessment[J].IEEE Systems Journal,2017,11(2):503-512.
[9]GAMACHCHI A,SUN L,BOZTAS S.A Graph Based Framework for Malicious Insider Threat Detection[J].arXiv:1089.00141,2017.
[10]NURSE J R C,BUCKLEY O,LEGG P A,et al.Understanding insider threat:A framework for characterising attacks[C]∥IEEE Security and Privacy Workshops.ACM,2014:214-228.
[11]LIANG N.Characteristics of Malicious Insiders and Their Rela- tionships with Different Types of Malicious Attacks[D].Stillwater:Oklahoma State University,2017.
[12]GUO Y B,LIU C H,KONG J,et al.Research on User Behavior Patterns Profiling in InsiderThreat Detection [J].Journal of China Institute of Communications,2018,39(12):145-154.
[13]ABBESH,BOUKETTAYA S,GARGOURI F.Learning ontology from Big Data through MongoDB database[C]∥Computer Systems & Applications.IEEE,2016.
[14]QIU R C,ANTONIK P.The Mathematical Foundations of Data Collection[M]∥Smart Grid using Big Data Analytics:A Random Matrix Theory Approach.2017.
[15]JIA W Y.Research on personalized recommendation algorithm of agriculture information based on group users’portrait[D].Xianyang:Northwest A&F University.2017.
[16]ZHANG Z P,TIAN S X,LIU H Q.Compositive Approach for Ontology Similarity Computation[J].Computer Science,2008,35(12):142-145.
[17]SHI B,FANG L,YAN J,et al.Ontology-Based Measure of Semantic Similarity between Concepts[C]∥IEEE Computer Society.Xiamen,2009:109-112.
[18]US-CERT.Insider Threat Tools[EB/OL].http://www.cert. org/insider-threat/tools/index.cfm,2014-10-20.
[19]LUO Y G,LI X,JIANG T H,et al.Uyghur Lexicon Normalization Method Based on Word Vector[J].Computer Engineering,2018(2):220-225.
[1] WU Zi-yi, LI Shao-mei, JIANG Meng-han, ZHANG Jian-peng. Ontology Alignment Method Based on Self-attention [J]. Computer Science, 2022, 49(9): 215-220.
[2] WANG Yi, LI Zheng-hao, CHEN Xing. Recommendation of Android Application Services via User Scenarios [J]. Computer Science, 2022, 49(6A): 267-271.
[3] CHEN Ying-ren, GUO Ying-nan, GUO Xiang, NI Yi-tao, CHEN Xing. Web Page Wrapper Adaptation Based on Feature Similarity Calculation [J]. Computer Science, 2021, 48(11A): 218-224.
[4] XU Shou-kun, NI Chu-han, JI Chen-chen, LI Ning. Image Caption of Safety Helmets Wearing in Construction Scene Based on YOLOv3 [J]. Computer Science, 2020, 47(8): 233-240.
[5] PAN Heng, LI Jing feng, MA Jun hu. Role Dynamic Adjustment Algorithm for Resisting Insider Threat [J]. Computer Science, 2020, 47(5): 313-318.
[6] RAO Meng,MIAO Duo-qian,LUO Sheng. Rough Uncertain Image Segmentation Method [J]. Computer Science, 2020, 47(2): 72-75.
[7] JIAO Yang, YANG Chuan-ying, SHI Bao. Relevance Feedback Method Based on SVM in Shoeprint Images Retrieval [J]. Computer Science, 2020, 47(11A): 244-247.
[8] YAO Li-shuang, LIU Dan, PEI Zuo-fei, WANG Yun-feng. Real-time Network Traffic Prediction Model Based on EMD and Clustering [J]. Computer Science, 2020, 47(11A): 316-320.
[9] LI Gui-hui,LI Jin-jiang,FAN Hui. Image Denoising Algorithm Based on Adaptive Matching Pursuit [J]. Computer Science, 2020, 47(1): 176-185.
[10] XU Fei-xiang,YE Xia,LI Lin-lin,CAO Jun-bo,WANG Xin. Comprehensive Calculation of Semantic Similarity of Ontology Concept Based on SA-BP Algorithm [J]. Computer Science, 2020, 47(1): 199-204.
[11] JIANG Hua,WU Yao,WANG Xin,WANG Hui-jiao. Study on Ocean Data Anomaly Detection Algorithm Based on Improved K-means Clustering [J]. Computer Science, 2019, 46(7): 211-216.
[12] WEN Jun-hao,WAN Yuan,ZENG Jun,WANG Xi-bin,LIANG Guan-zhong. Application of Illumination Clustering and SVM in Energy-saving Control Strategy of Street Lamps [J]. Computer Science, 2019, 46(7): 327-332.
[13] HUANG Hai-yan, LIU Xiao-ming, SUN Hua-yong, YANG Zhi-cai. Application of Clustering Analysis Algorithm in Uncertainty Decision Making [J]. Computer Science, 2019, 46(6A): 593-597.
[14] LIU Chang-qi, SHAO Kun, HUO Xing, FAN Dong-yang, TAN Jie-qing. K-means Image Segmentation Algorithm Based on Weighted Quality Evaluation Function [J]. Computer Science, 2019, 46(6A): 158-160.
[15] HOU Yuan-yuan, HE Ru-han, LI Min, CHEN Jia. Clothing Image Retrieval Method Combining Convolutional Neural Network Multi-layerFeature Fusion and K-Means Clustering [J]. Computer Science, 2019, 46(6A): 215-221.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!