Business process mining based insider threat detection system
Current intrusion detection systems are mostly for detecting external attacks,but sometimes the internal staff may bring greater harm to organizations in information security.Traditional insider threat detection methods of-ten do not combine the behavior of people with business activities,making the...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2016-10-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2016265/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Current intrusion detection systems are mostly for detecting external attacks,but sometimes the internal staff may bring greater harm to organizations in information security.Traditional insider threat detection methods of-ten do not combine the behavior of people with business activities,making the threat detection rate to be improved.An insider threat detection system based on business process mining from two aspects was proposed,the implementation of insider threats and the impact of threats on system services.Firstly,the normal control flow model of business ac-tivities and the normal behavior profile of each operator were established by mining the training log.Then,the actual behavior of the operators was compared with the pre-established normal behavior contours during the operation of the system,which was supplemented by control flow anomaly detection and performance anomaly detection of business processes,in order to discover insider threats.A variety of anomalies were defined and the corresponding detection algorithms were given.Experiments were performed on the ProM platform.The results show the designed system is effective. |
|---|---|
| ISSN: | 1000-436X |