基于语义标签的协同信息系统内部隐私威胁检测模型

协同信息系统为知识共享和再创造需求提供了核心工作环境,但是因为涉及隐私、安全等重要领域,其安全运行成为关系到国家安全和伦理道德的重要研究议题。与来自外部的隐私窃取行为相比,源于内部的威胁行为避开了现有的身份验证机制和访问控制策略,可利用账户权限盗取敏感数据。本文提出一种内部隐私威胁检测模型,该模型在宏观层面利用用户的访问行为以及共享数据的语义标签来抓取用户的访问行为模式;在微观层面提出一种局部访问网络的离散程度值及其差异,用以评估数据集中特定访问行为的异常程度。通过访问行为的随机模拟分析,本文验证了新模型具有较好的预警性能以及非常显著的预测稳定性。

Detection Model of Inside Privacy Threat Based on Semantic Labels

The collaborative information system (CIS) provides a core environment for the needs of knowledge sharing and re-creation. However, because of the problems of privacy and security, the safe operation of CIS is very important to national security and social ethics. Compared with privacy theft from outside, those threats from insiders may avoid identification authorization and access control strategies. Taking advantage of their authority, insiders have the ability of stealing sensitive data smoothly. This paper proposes a model to detect inside privacy actions efficiently. From the global perspective, the model extracts users' access behaviour patterns and the similarity between them based on both access behaviour in system log and semantic information of data in CIS. From local level, the paper proposes a method to compute the deviation degree of local networks, which is used to evaluate anomalous degree of specific access action. Through random simulation analysis of data access behaviour, the proposed model is verified with good prediction and alarm performance and significant stability.