| 全特征信息均衡建模的内部威胁人物检测 |
| |
| 引用本文: | 刘宇,罗森林,曲乐炜,潘丽敏,张笈.全特征信息均衡建模的内部威胁人物检测[J].浙江大学学报(自然科学版 ),2019,53(4):777-784. |
| |
| 作者姓名: | 刘宇 罗森林 曲乐炜 潘丽敏 张笈 |
| |
| 作者单位: | 北京理工大学 信息与电子学院,北京 100081 |
| |
| 摘 要: | 针对目前内部威胁人物检测准确率低及高维数据特征信息利用不全的问题,提出全特征信息均衡建模的内部威胁人物检测方法. 该方法对组织内部产生的多源数据进行特征提取和构建,通过对所有特征进行交叉分组,利用交叉分组后的特征进行孤立森林模型构建,提高模型构建过程中对数据特征信息利用的均衡性,利用生成的孤立森林模型进行内部威胁人物检测. 实验结果表明,该方法在CERT-IT(v4.2)内部威胁人物数据集上具有较高F1,且算法效率高,能够有效地用于内部威胁人物检测.
|
| 关 键 词: | 内部威胁人物 异常检测 孤立森林算法 交叉分组 行为日志 |
Full-featured information equalization modeling for insider threat detection |
| |
| Yu LIU,Sen-lin LUO,Le-wei QU,Li-min PAN,Ji ZHANG.Full-featured information equalization modeling for insider threat detection[J].Journal of Zhejiang University(Engineering Science),2019,53(4):777-784. |
| |
| Authors: | Yu LIU Sen-lin LUO Le-wei QU Li-min PAN Ji ZHANG |
| |
| Abstract: | A method that used full-featured information equalization modeling for insider threat detection was proposed in view of the current problems of low accuracy of insider threat detection and incomplete utilization of high-dimensional data feature information. The features of the multi-source data generated within the organization were extracted and constructed. Then all the features were cross-grouped, and the cross-grouped features were used to construct the isolation forest model with improving the balance of the use of data feature information in the process of model building. The generated isolation forest model was used for insider threat detection. The experimental results show that the method has a higher F1 value on the CERT-IT (v4.2) insider threat figures data set, and the efficiency of the algorithm is high. The algorithm can be effectively used for insider threat detection. |
| |
| Keywords: | insider threat anomaly detection isolation forest algorithm cross-grouping behavior log |
| 本文献已被 CNKI 等数据库收录! |
| 点击此处可从《浙江大学学报(自然科学版 )》浏览原始摘要信息 |
|
点击此处可从《浙江大学学报(自然科学版 )》下载全文 |
