| 摘要: |
| 近年来,以系统破坏、信息窃取以及电子欺诈为主的内部攻击因为隐蔽性强、破坏性大的特点对个人与企业,甚至国家安全造成了严重威胁。因此十分有必要关注内部威胁已有的研究成果与发展趋势。本文分析了内部威胁的特征,提出基于信任理论的形式化定义。同时将当前内部威胁研究热点归结为内部威胁模型研究、主观要素研究、客观要素研究及其它研究四个领域,分别介绍各个领域的研究状况,并对每个领域的研究进展进行归纳和分析。通过分析内部威胁已有案例以及当前研究进展,针对现有研究不足提出新型内部威胁检测系统,并展望未来的关键技术。 |
| 关键词: 内部威胁 内部审计 异常检测 网络安全 系统破坏 信息窃取 电子欺诈 综述 |
| DOI:10.19363/j.cnki.cn10-1380/tn.2016.03.003 |
| 投稿时间:2016-05-20修订日期:2016-06-30 |
| 基金项目: |
|
| Survey of Insider Threat Detection |
| YANG Guang,MA Jiangang,YU Aimin,MENG Dan |
| Institute of Information Engineering, CAS, Beijing 100093, China;University of Chinese Academy of Sciences, Beijing 100093, China;Shandong Computer Science Center(National Supercomputer Center in Jinan), Jinan 250101, China |
| Abstract: |
| In recent years, insider attack including information system sabotage, information theft and electronic fraud has been great threats to individuals, business and state security, resulting from strong concealment and destructiveness. Therefore we should pay more attention to insider threat's current research findings and evolution trends. In this paper we analyze the features of insider threat and define insider threat formally based on the trust theory. Meanwhile we divide the insider threat researches into four fields:model research, subjective factors, objective factors and other research while analyzing each field in detail. Based on the analysis of cases and deficiency of current researches we develop the Open Hybrid Insider Threat Detection System and predict possible evolution trends of insider threat. Finally we suggest possible countermeasures against insider threat. |
| Key words: insider threat internal audit anomaly detection cyber security system sabotage information theft electronic deception survey |
