An Analysis Method of Insider Threat Abnormal Behavior Based on Access Control Log Mining

A behavior analysis and access control technology, applied in the field of data analysis, can solve the problems of low accuracy of detection results, achieve simple operation, reduce high false alarm rate, and improve accuracy

Active Publication Date: 2019-12-06
NAT UNIV OF DEFENSE TECH
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The purpose of the present invention is to provide a method for analyzing abnormal behavior of insider threats based on access control log mining, which solves the technical problem of low accuracy of detection results of internal threats in existing access control logs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An Analysis Method of Insider Threat Abnormal Behavior Based on Access Control Log Mining
  • An Analysis Method of Insider Threat Abnormal Behavior Based on Access Control Log Mining
  • An Analysis Method of Insider Threat Abnormal Behavior Based on Access Control Log Mining

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0111] Analyze and detect the access control data of a certain department of a certain unit according to the above method, calculate the sequence anomaly score for the obtained test path sequence database, and obtain the results under different support degrees. The sequence anomaly score results are as follows image 3 shown. It can be seen from the figure that as the support increases, the calculated sequence anomaly score increases as a whole, the concentrated area of ​​high segmentation advances to the right on the x-axis, and the calculated maximum score gradually increases.

[0112] Figure 4 It is the alarm rate curve drawn according to the behavior scores of department personnel. It can be seen from the figure that with the gradual decrease of the current threshold (that is, the gradual increase of the difference), more and more abnormal behavior sequences are alarmed. Decision makers can according to The results in the figure are used to select the required threshold ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an access control log mining-based internal thread abnormal behavior analysis method. According to the method, data recorded by an access control system is mined to extract indexes which can represent card swiping abnormal degree of personnel in a to-be-processed department; and the indexes are combined with a card swiping time in the access control record so as to quantitatively represent the card swiping abnormal degree of the to-be-processed department in one day. The method is simple and practicable and can be realized through being integrated in existing access control systems. According to the method, the access control card swiping data is sufficiently utilized, so that powerful guarantee is provided for each enterprise or public institution to prevent the threats from to-be-processed departments.

Description

technical field [0001] The invention relates to the technical field of data analysis, in particular to a method for analyzing abnormal behavior of internal threats based on access control log mining. Background technique [0002] With the rapid development of information technology, various information systems are widely used in enterprises and organizations. However, while information systems have improved work efficiency for these organizations, they have also introduced a large number of security loopholes, including both technical loopholes in software and hardware, and loopholes in internal personnel management. Insider threats due to insider management gaps are often more harmful and harder to detect. The main reasons for internal threats are as follows: first, some employees who lack security awareness may make misoperations that violate safety regulations; second, some employees deliberately circumvent thirdly, individual employees leak or destroy confidential info...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/34G06K9/62
Inventor 周鋆王培超朱承黄金才张维明
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap