基于贝叶斯网络的内部威胁预测研究

在内部网络带给企业办公便利的同时, 内部网络所带来的威胁也日渐突出, 由于企业中内部威胁具有危害性大、难以检测等特点, 内部威胁亟需解决。因此, 提出了基于贝叶斯网络攻击图的内部威胁预测模型。以内部用户实际操作过程中的行为为研究对象, 以内部用户攻击过程中所占有的资源状态和所进行的操作序列攻击证据为节点, 构建贝叶斯网络攻击图; 以网络攻击图来描述攻击者在攻击过程中的不同攻击路径和攻击状态, 并且利用贝叶斯网络推理算法计算内部威胁的危险概率。在贝叶斯网络攻击图中定义了元操作、原子攻击、攻击证据等概念, 量化了节点变量、节点变量取值和条件概率分布。以改进的似然加权算法为基础, 使贝叶斯网络的参数计算更加简便, 内部威胁的预测更加精确。最后, 通过仿真实验证明了该方法建模速度快、计算过程简单、计算结果精确, 在预测内部威胁时的有效性和适用性。

Research of predicting insider threat based on Bayesian network

Internal network brings convenience for corporate office, but increasing threats are also brought into enterprises. Insider threat causes great harm to enterprises, and is difficult to detect, so it is urgently to be solved. This paper put forward a predictive model of insider threat based on Bayesian network attack graphs. It considered the behaviors in attacking process as research objects, and considered the resources and operation sequence as nodes, established Bayesian network attack graphs. It described the different attack paths and attack state in the process of attacking by Bayesian network attack graphs, and used Bayesian network inference algorithm to calculate the risk probability of insider threat. In Bayesian network attack graphs, the concepts of meta-operation, atomic attack and intrusion evidence were defined, and node variable, its value and conditional probability distribution were quantified. Based on the improved likelihood weighted algorithm, the calculation of Bayesian network parameters is easier, and the prediction of insider threat is more accurate. Ultimately, by simulation experiment, it is proved that the modeling speed is fast, the process of calculation is simple, the result is exact, and it is valid and applicative in predicting insider threat.