Insider threat detection method and system based on user subjective and objective data fusion

A data fusion and threat detection technology, applied in the transmission system, electrical components, etc., can solve the problems that restrict the practicability of the internal threat detection system, the low quality of alarms, and the inability of analysts to fully analyze, so as to improve real-time update capabilities and reduce errors. The effect of positive rate and false positive rate

Active Publication Date: 2020-11-20
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

High false positives lead to low alarm quality. On the one hand, analysts cannot fully analyze, and on the other hand, system availability is reduced, and the detection system is useless; high false negatives directly make security defenses invalid, causing enterprises or organizational assets to fall into high risks.
High false positives and high false negatives are the main key factors restricting the practicability of insider threat detection systems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Insider threat detection method and system based on user subjective and objective data fusion
  • Insider threat detection method and system based on user subjective and objective data fusion
  • Insider threat detection method and system based on user subjective and objective data fusion

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0057] Based on the enrichment of internal threat detection data dimensions, the present invention uses misuse detection and anomaly detection classifiers cooperatively to design a new type of internal threat detection method with significantly reduced false positives and false positives. The present invention is designed as follows:

[0058] 1. User subjective data collection method

[0059] The core of internal threat detection data enrichment is to expand the subjective data set that characterizes individual user characteristics on the basis of existing user objective data. Subjective data comes from the state of the user in actual life and work, not the behavior traces in the information system. The subjective data mainly comes from the data of the human resource management department:

[0060] like figure 2 As shown, user subjective data collection mainly comes from the following four areas:

[0061] ●Performance evaluation: it mainly reflects the actual work status ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an internal threat detection method and system based on user subjective and objective data fusion. The invention provides the subjective element data reflecting the individualcharacteristics such as the working attitude and the life pressure on the basis of only auditing a user system and network behavior data originally, then provides two data fusion modes of fusion modeand prediction mode starting from the user subjective and objective element data, and then analyzes and detects the internal threat comprehensively through the fusion of the subjective element data reflecting the intensity of the user attack motivation and the objective element data reflecting the user system and the network behavior, therefore, the high false reports and missing reports of simpleanomaly detection is reduced effectively; meanwhile, the invention provides a method to establish the abnormal internal threat characteristics of each attack links based on the characteristics of theinternal threat attack chain, therefore, the real-time update ability of the internal threat detection system is improved.

Description

technical field [0001] The invention belongs to the technical field of network information security management and control, and relates to an internal threat detection method and system based on fusion of user subjective and objective data. Background technique [0002] With the development of the network, the security of network information has attracted more and more attention from the society, and various anti-virus software, firewalls, intrusion detection and other security products have been widely used. However, these information security products are only to defend against external intrusion and theft. With the development of people's awareness of network security and technology, it is found that leaks and intrusions caused by insiders account for a large proportion, such as Snow in 2013. The "Prism Gate" incident is a typical security case of insiders leaking secrets. Therefore, dealing with internal threats should be given the same attention as defending against ex...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425H04L63/1466
Inventor 于爱民杨光马建刚王佳荣孟丹
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap