Internal threat detection system based on mining of business process model and detection method thereof

A model mining and business process technology, which is applied in transmission systems, unstructured text data retrieval, special data processing applications, etc., can solve problems such as rarely considering the security of business activities, business system exceptions, leakage, etc.

Active Publication Date: 2016-12-07
THE PLA INFORMATION ENG UNIV
View PDF3 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, most business systems usually only consider how to ensure the normal realization of business functions at the beginning of design, and seldom consider the security of business activities, so they are very vulnerable to intentional or unintentional threats from insiders, making the business system abnormal , business activities cannot be carried out normally, and even lead to the destruction and leakage of key business data in serious cases
Traditional insider threat detection methods usually only consider the audit records of personnel behavior, and fail to combine personnel behavior and business activities for modeling, so the threat detection rate of existing methods needs to be improved

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Internal threat detection system based on mining of business process model and detection method thereof
  • Internal threat detection system based on mining of business process model and detection method thereof
  • Internal threat detection system based on mining of business process model and detection method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0048] Embodiment one, see figure 1 As shown, an internal threat detection system based on business process model mining includes a model mining module, an anomaly detection module, and an anomaly analysis and threat identification module. Process model mining, in which the business process model includes the business control flow model, business performance model, and executor behavior model; the anomaly detection module detects logical anomalies in the event logs generated in real time during business operation based on the mined business process model , Abnormal business performance and abnormal behavior of executors; the abnormal analysis and threat identification module analyzes the detection results of the abnormal detection module, identifies and outputs internal threats suffered by the system.

[0049] Use the event log recorded under the normal operation of the business system as the data source to mine the business process model, and obtain the control flow model, p...

Embodiment 2

[0050] Embodiment two, see figure 1 As shown, it is basically the same as Embodiment 1, except that: the model mining module includes a training log acquisition unit, a business control flow model mining unit, a business performance model mining unit, and an executive behavior model mining unit,

[0051] Among them, the training log acquisition unit filters the event logs of each business process in the business system according to the type of business to be mined, and filters the logs by specifying legal start and end events to obtain the training logs. The training log information includes the Multiple event sequences generated during business execution, the task name, timestamp, executor, and execution status corresponding to each event;

[0052] The business control flow model mining unit uses the training log to mine the business control flow model, and the business control flow model information includes the logical structure information between business events;

[005...

Embodiment 3

[0059] Embodiment three, see figure 2 As shown, a detection method of an internal threat detection system based on business process model mining includes the following steps:

[0060]Step 1. According to the event log of each business event in the business system, filter and screen according to the business type, propose records in the event log that are irrelevant to the mined business type, and specify the start event and end event of the business, obtain the training log, and mine through the process Methods The business control flow model mining is carried out on the training log, and according to the business control flow model and the training log, the business performance model mining and the executor behavior model mining are respectively carried out through statistical analysis methods, in which the business control flow model information includes the information between business events The logical structure information of the training log information includes multip...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an internal threat detection system based on mining of a business process model and a detection method thereof. The detection system comprises a model mining module, an abnormality detection module and an abnormality analysis model, wherein the model mining module implements model mining according to an event log of each business event in a business system, and thus acquires a business control flow model, a business performance model and an executor behavior model; the abnormality detection module detects logic abnormality, performance abnormality and behavior abnormality of the event log generated during a real-time operation process of a business activity according to the model mining module; and the abnormality analysis model parses a detection result of the abnormality detection module, recognizes execution information about implementation of an internal threat and outputs the information. According to the internal threat detection system based on mining of the business process model established in the invention, the internal threat behavior existing in the business execution process is effectively detected, a powerful support is provided for enterprises and various organizations to prevent the internal threat, and information security of enterprises and organizations is effectively ensured.

Description

technical field [0001] The invention belongs to the technical field of business process mining and network security, and in particular relates to an internal threat detection system and a detection method based on business process model mining. Background technique [0002] The rapid development of information technology has promoted the wide application of information systems in various enterprises and organizations. However, while information systems have improved work efficiency for these organizations, they have also introduced a large number of security loopholes, including both technical loopholes in software and hardware, and loopholes in internal personnel management. Compared with external network attacks caused by software and hardware vulnerabilities, internal threats caused by internal personnel management vulnerabilities are often more harmful and harder to detect. The main reasons for internal threats are as follows: first, some employees who lack security awa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F17/30
CPCG06F16/35H04L63/1416H04L63/1425
Inventor 郭渊博朱泰铭马骏琚安康王宸东张琦丁文博
Owner THE PLA INFORMATION ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap