| 引用本文: |
-
刘杰,时金桥,张鹏,张闯,张浩亮,王学宾.基于行为分析的内部威胁检测综述[J].信息安全学报,已采用 [点击复制]
- liu jie,shi jin qiao,zhang peng,zhang chuang,zhang hao liang,wang xue bin.A Survey of Insider Threat Detection Based on Behavior Analysis[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 随着互联网时代的发展,内部威胁行为日益增加,通常会导致系统破坏、经济损失和信息泄露,对个人、组织和国家安全造成严重威胁,是许多企业和组织机构面临的安全挑战之一。内部威胁检测成为网络攻击检测的一种非常重要的手段,正变得越来越紧迫。该领域的研究人员提出了大量的内部威胁检测技术,尤其是随着人工智能的发展,基于行为分析的内部威胁检测技术成为该领域的主要研究内容。本文调研了大量相关文献,做了如下工作:首先,总结了内部人员和内部威胁的基本概念,内部威胁通常具备的行为及特征。然后,从数据来源、检测方法两个维度对已有工作进行分类,同时总结了相关的特征工程。接下来,在第2章分类基础上重点论述了不同的检测方法和技术发展主线。之后,论述了评估和度量方法及研究资源。最后,讨论了当前研究中面临的挑战并展望了未来的机会和前景。本文希望能为该领域的研究人员提供一些有价值的参考。 |
| 关键词: 内部威胁检测 异常检测 行为分析 网络空间安全 机器学习 深度学习 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2023.08.37 |
| 投稿时间:2021-07-15修订日期:2021-11-03 |
| 基金项目: |
|
| A Survey of Insider Threat Detection Based on Behavior Analysis |
|
liu jie1, shi jin qiao2, zhang peng1, zhang chuang1, zhang hao liang1, wang xue bin1
|
| (1.Institute of Information Engineering, Chinese Academy of Sciences;2.chool of Cyberspace Security, Beijing University of Posts and Telecommunications) |
| Abstract: |
| With the development of the Internet era, Insider threat are increasing, which usually lead to system damage, economic loss and information leakage, posing a serious threat to the security of individuals, organizations, and the country. It is one of the security challenges faced by many enterprises and organizations. Insider threat detection has become a very important means of network attack detection, and it is becoming more and more urgent. Researchers in this field have proposed a large number of insider threat detection technologies, especially with the development of artificial intelligence, insider threat detection technologies based on behavior analysis have become the main research content in this field. This paper investigates a large number of related literature and does the following work: First, it summarizes the basic concepts of insiders and insider threat, and the behaviors and characteristics of insider threat. Then, the existing work is classified from the two dimensions of data source and detection method, and the related feature engineering is summarized at the same time. Next, on the basis of classification in Chapter 2, different detection methods and main lines of technology development are discussed. Afterwards, the evaluation and measurement methods and research resources are discussed. Finally, the challenges faced in current research are discussed and future opportunities and prospects are prospected. This article hopes to provide some valuable references for researchers in this field. |
| Key words: insider threat detection anomaly detection behavior analysis cyberspace security machine learning deep learning |
