【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 14565次   下载 29687 本文二维码信息
码上扫一扫!
内部威胁检测研究
杨光,马建刚,于爱民,孟丹
分享到: 微信 更多
(中国科学院信息工程研究所 北京 中国 100093;中国科学院大学 北京 中国 100093;山东省计算中心(国家超级计算济南中心)山东 济南 250101)
摘要:
近年来,以系统破坏、信息窃取以及电子欺诈为主的内部攻击因为隐蔽性强、破坏性大的特点对个人与企业,甚至国家安全造成了严重威胁。因此十分有必要关注内部威胁已有的研究成果与发展趋势。本文分析了内部威胁的特征,提出基于信任理论的形式化定义。同时将当前内部威胁研究热点归结为内部威胁模型研究、主观要素研究、客观要素研究及其它研究四个领域,分别介绍各个领域的研究状况,并对每个领域的研究进展进行归纳和分析。通过分析内部威胁已有案例以及当前研究进展,针对现有研究不足提出新型内部威胁检测系统,并展望未来的关键技术。
关键词:  内部威胁  内部审计  异常检测  网络安全  系统破坏  信息窃取  电子欺诈  综述
DOI:10.19363/j.cnki.cn10-1380/tn.2016.03.003
投稿时间:2016-05-20修订日期:2016-06-30
基金项目:
Survey of Insider Threat Detection
YANG Guang,MA Jiangang,YU Aimin,MENG Dan
Institute of Information Engineering, CAS, Beijing 100093, China;University of Chinese Academy of Sciences, Beijing 100093, China;Shandong Computer Science Center(National Supercomputer Center in Jinan), Jinan 250101, China
Abstract:
In recent years, insider attack including information system sabotage, information theft and electronic fraud has been great threats to individuals, business and state security, resulting from strong concealment and destructiveness. Therefore we should pay more attention to insider threat's current research findings and evolution trends. In this paper we analyze the features of insider threat and define insider threat formally based on the trust theory. Meanwhile we divide the insider threat researches into four fields:model research, subjective factors, objective factors and other research while analyzing each field in detail. Based on the analysis of cases and deficiency of current researches we develop the Open Hybrid Insider Threat Detection System and predict possible evolution trends of insider threat. Finally we suggest possible countermeasures against insider threat.
Key words:  insider threat  internal audit  anomaly detection  cyber security  system sabotage  information theft  electronic deception  survey