全特征信息均衡建模的内部威胁人物检测

Yu Liu; Sen Lin Luo; Le Wei Qu; Li Min Pan; Ji Zhang

doi:10.3785/j.issn.1008-973X.2019.04.019

全特征信息均衡建模的内部威胁人物检测

Translated title of the contribution: Full-featured information equalization modeling for insider threat detection

Yu Liu, Sen Lin Luo, Le Wei Qu, Li Min Pan^*, Ji Zhang

^*Corresponding author for this work

Beijing Institute of Technology

Research output: Contribution to journal › Article › peer-review

2 Citations (Scopus)

Abstract

A method that used full-featured information equalization modeling for insider threat detection was proposed in view of the current problems of low accuracy of insider threat detection and incomplete utilization of high-dimensional data feature information. The features of the multi-source data generated within the organization were extracted and constructed. Then all the features were cross-grouped, and the cross-grouped features were used to construct the isolation forest model with improving the balance of the use of data feature information in the process of model building. The generated isolation forest model was used for insider threat detection. The experimental results show that the method has a higher F₁ value on the CERT-IT (v4.2) insider threat figures data set, and the efficiency of the algorithm is high. The algorithm can be effectively used for insider threat detection.

Translated title of the contribution	Full-featured information equalization modeling for insider threat detection
Original language	Chinese (Traditional)
Pages (from-to)	777-784
Number of pages	8
Journal	Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)
Volume	53
Issue number	4
DOIs	https://doi.org/10.3785/j.issn.1008-973X.2019.04.019
Publication status	Published - 1 Apr 2019

Access to Document

10.3785/j.issn.1008-973X.2019.04.019

Cite this

@article{f921fe9c819349a8978ddefef2d492e7,

title = "全特征信息均衡建模的内部威胁人物检测",

abstract = "A method that used full-featured information equalization modeling for insider threat detection was proposed in view of the current problems of low accuracy of insider threat detection and incomplete utilization of high-dimensional data feature information. The features of the multi-source data generated within the organization were extracted and constructed. Then all the features were cross-grouped, and the cross-grouped features were used to construct the isolation forest model with improving the balance of the use of data feature information in the process of model building. The generated isolation forest model was used for insider threat detection. The experimental results show that the method has a higher F1 value on the CERT-IT (v4.2) insider threat figures data set, and the efficiency of the algorithm is high. The algorithm can be effectively used for insider threat detection.",

keywords = "Anomaly detection, Behavior log, Cross-grouping, Insider threat, Isolation forest algorithm",

author = "Yu Liu and Luo, {Sen Lin} and Qu, {Le Wei} and Pan, {Li Min} and Ji Zhang",

year = "2019",

month = apr,

day = "1",

doi = "10.3785/j.issn.1008-973X.2019.04.019",

language = "繁体中文",

volume = "53",

pages = "777--784",

journal = "Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)",

issn = "1008-973X",

publisher = "Zhejiang University Press",

number = "4",

}

TY - JOUR

T1 - 全特征信息均衡建模的内部威胁人物检测

AU - Liu, Yu

AU - Luo, Sen Lin

AU - Qu, Le Wei

AU - Pan, Li Min

AU - Zhang, Ji

PY - 2019/4/1

Y1 - 2019/4/1

N2 - A method that used full-featured information equalization modeling for insider threat detection was proposed in view of the current problems of low accuracy of insider threat detection and incomplete utilization of high-dimensional data feature information. The features of the multi-source data generated within the organization were extracted and constructed. Then all the features were cross-grouped, and the cross-grouped features were used to construct the isolation forest model with improving the balance of the use of data feature information in the process of model building. The generated isolation forest model was used for insider threat detection. The experimental results show that the method has a higher F1 value on the CERT-IT (v4.2) insider threat figures data set, and the efficiency of the algorithm is high. The algorithm can be effectively used for insider threat detection.

AB - A method that used full-featured information equalization modeling for insider threat detection was proposed in view of the current problems of low accuracy of insider threat detection and incomplete utilization of high-dimensional data feature information. The features of the multi-source data generated within the organization were extracted and constructed. Then all the features were cross-grouped, and the cross-grouped features were used to construct the isolation forest model with improving the balance of the use of data feature information in the process of model building. The generated isolation forest model was used for insider threat detection. The experimental results show that the method has a higher F1 value on the CERT-IT (v4.2) insider threat figures data set, and the efficiency of the algorithm is high. The algorithm can be effectively used for insider threat detection.

KW - Anomaly detection

KW - Behavior log

KW - Cross-grouping

KW - Insider threat

KW - Isolation forest algorithm

UR - http://www.scopus.com/inward/record.url?scp=85066751105&partnerID=8YFLogxK

U2 - 10.3785/j.issn.1008-973X.2019.04.019

DO - 10.3785/j.issn.1008-973X.2019.04.019

M3 - 文章

AN - SCOPUS:85066751105

SN - 1008-973X

VL - 53

SP - 777

EP - 784

JO - Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)

JF - Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)

IS - 4

ER -

全特征信息均衡建模的内部威胁人物检测

Abstract

Access to Document

Other files and links

Fingerprint

Cite this