内部威胁分析与防御综述

孙德刚; 刘美辰; 李梅梅; 石志鑫; 刘鹏程; 李楠

引用本文：

孙德刚,刘美辰,李梅梅,石志鑫,刘鹏程,李楠.内部威胁分析与防御综述[J].信息安全学报,已采用 [点击复制]
SUN Degang,LIU Meichen,LI Meimei,SHI Zhixin,and LIU Pengcheng,linan.A Survey of Insider Threat Analysis and Defense Solutions[J].Journal of Cyber Security,Accept [点击复制]

本文已被：浏览 2591次下载 1816次
内部威胁分析与防御综述

0 字体:加大+\|默认\|缩小-
(1.中国科学院大学;2.中国科学院;3.中国科学院信息工程研究所;4.北京交通大学)

摘要:

内部威胁是当今最具有挑战的网络安全问题之一,因此需要十分重视且关注该领域的研究成果和发展趋势。本文对内部威胁研究范畴内的成果进行了概述,并使用扎根理论的方法进行严格的文献归纳和分析,帮助组织减轻和消除内部威胁事件并根据自身实际情况快速制定防御方案。本文的研究对内部威胁领域有重要意义,因为它(1)概括了内部威胁的研究范畴,旨在建立内部威胁的研究框架；(2)从定义与分类、数据集以及事件的角度对内部威胁进行了全面的分析,提出一种新的结构化分析与分类方法；(3)基于内部威胁分析提出一个包含威慑、预防/缓解、检测和响应的分步防御方案,并对每一步防御方案的研究成果进行归纳分析；(4)通过分析内部威胁案例和当前研究进展,讨论现有研究的不足并展望进一步的研究方向。

关键词: 网络安全内部威胁分析与防御文献归纳结构化分类综述

DOI：10.19363/J.cnki.cn10-1380/tn.2023.06.02

投稿时间：2020-09-24修订日期：2021-01-19

基金项目:

A Survey of Insider Threat Analysis and Defense Solutions

SUN Degang^1,2, LIU Meichen^1,2, LI Meimei^1,2,3, SHI Zhixin^1,4, and LIU Pengcheng^1,4, linan⁵

(1.School of Cyberspace Security,University of Chinese Academy of Sciences;2.Institute of information engineering, Chinese Academy of Sciences University;3.School of computer and information technology, Beijing Jiaotong University;4.Institute of information engineering, Chinese Academy of Sciences University,;5.Institute of information engineering, Chinese Academy of Sciences)

Abstract:

Insider threat is a challenging cyber security issue, therefore we should pay more attention to the insider threat’s current research findings and evolution trends. In this paper, we study the research category of insider threat, and use grounded theory for rigorous literature review and analysis. We aim to help organizations obtain a panoptic view on this disparate topic and thereby quickly develop solutions according to their actual situation. This paper presents a novel insider threat survey of great significance to the field of insider threat. The main contributions of this survey can be summarized as follows. (1) It summarizes the research scope of insider threat, aiming at establishing the framework of this research. (2) It makes a comprehensive analysis of insider threats from the definition and classification, data sets and events, and proposes a practical and unified taxonomy. (3) It proposes a step-by-step defense solution including deterrence, prevention / mitigation, detection and response, and then summarizes and analyzes the research results. (4) It analyzes the insider threat cases and current research progress, and then discusses the deficiency of existing research and proposes further research directions.

Key words: Cyber security insider threat analysis and defense solutions grounded theory for rigorous literature review practical and unified taxonomy survey