Unlock instant, AI-driven research and patent intelligence for your innovation.

A system and method for insider threat detection based on embedded learning of heterogeneous temporal events

A threat detection and event technology, applied in the field of information security, can solve problems such as dependence

Active Publication Date: 2021-04-02
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, feature engineering-based methods rely on expert prior knowledge and can only detect known types of insider threats

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A system and method for insider threat detection based on embedded learning of heterogeneous temporal events
  • A system and method for insider threat detection based on embedded learning of heterogeneous temporal events
  • A system and method for insider threat detection based on embedded learning of heterogeneous temporal events

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0078] In order to better understand the present invention, some basic concepts are firstly explained.

[0079] Heterogeneous timing events: Each event generated by the five behaviors of the user's host login, file access, email communication, web browsing, and mobile device connection is a heterogeneous timing event. That is, heterogeneous time series events include user host login events, file access events, email communication events, web browsing events, and mobile device connection events.

[0080] Entities of heterogeneous timing events: each heterogeneous timing event includes four entities: time, user name, host number, and operation.

[0081] Heterogeneous timing event sequence: A collection of multiple heterogeneous timing events in chronological order within a fixed time interval.

[0082] The present invention will be described in detail below in conjunction with the accompanying drawings and embodiments.

[0083] Such as figure 1 As shown, the present invention...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an internal threat detection system and method based on heterogeneous time sequence event embedded learning. The internal threat detection system comprises a user heterogeneous time sequence event acquisition module, a data preprocessing module, a heterogeneous time sequence event embedded learning module and a user heterogeneous time sequence event sequence anomaly evaluation and internal threat output module. The internal threat detection system and method are realized through four processes of collecting heterogeneous time sequence events of users in organizations or enterprises, filtering and denoising data, embedding entities contained in the heterogeneous time sequence events, estimating the probability of heterogeneous time sequence event sequences and outputting internal threats. According to the internal threat detection method, a plurality of entities of five heterogeneous time sequence events including a user host login event, a file access event, amail communication event, a web browsing event and a mobile device connection event are comprehensively analyzed, so that user behaviors are comprehensively described, and the accuracy of system detection is improved, and the false alarm rate of system detection is reduced; besides, the internal threat detection system calculates the probability of the heterogeneous time sequence event sequence through interaction of the embedded vector and the context vector of the entity, so that the detection process does not depend on priori knowledge of domain experts, and the intelligence of the system is improved.

Description

technical field [0001] The invention relates to an internal threat detection system and method based on embedded learning of heterogeneous time series events, belonging to the technical field of information security. Background technique [0002] Insider threats are malicious internal users who take advantage of their own privileges to access an organization's network, systems, and data, and compromise the confidentiality, integrity, and availability of organizational information [1]. Detecting insider threats is a top priority in achieving comprehensive protection for your organization. [0003] Since internal users understand the organization's network structure and security defense mechanisms, malicious activities of internal users may be very hidden, making it difficult to detect. Some insider threat detection methods model the normal user behavior model by analyzing a separate event type, such as detection methods based on system calls [2], detection methods based on k...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55G06F21/56
CPCG06F21/554G06F21/556G06F21/56
Inventor 于爱民王佳荣蔡利君孟丹马建刚
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI