全特征信息均衡建模的内部威胁人物检测

Yu Liu; Sen Lin Luo; Le Wei Qu; Li Min Pan; Ji Zhang

doi:10.3785/j.issn.1008-973X.2019.04.019

全特征信息均衡建模的内部威胁人物检测

Yu Liu, Sen Lin Luo, Le Wei Qu, Li Min Pan^*, Ji Zhang

^*此作品的通讯作者

Beijing Institute of Technology

科研成果: 期刊稿件 › 文章 › 同行评审

2 引用（Scopus）

摘要

A method that used full-featured information equalization modeling for insider threat detection was proposed in view of the current problems of low accuracy of insider threat detection and incomplete utilization of high-dimensional data feature information. The features of the multi-source data generated within the organization were extracted and constructed. Then all the features were cross-grouped, and the cross-grouped features were used to construct the isolation forest model with improving the balance of the use of data feature information in the process of model building. The generated isolation forest model was used for insider threat detection. The experimental results show that the method has a higher F₁ value on the CERT-IT (v4.2) insider threat figures data set, and the efficiency of the algorithm is high. The algorithm can be effectively used for insider threat detection.

投稿的翻译标题	Full-featured information equalization modeling for insider threat detection
源语言	繁体中文
页（从-至）	777-784
页数	8
期刊	Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)
卷	53
期	4
DOI	https://doi.org/10.3785/j.issn.1008-973X.2019.04.019
出版状态	已出版 - 1 4月 2019

关键词

Anomaly detection
Behavior log
Cross-grouping
Insider threat
Isolation forest algorithm

访问文件

10.3785/j.issn.1008-973X.2019.04.019

其它文件与链接

链接到 Scopus 的出版物

引用此

@article{f921fe9c819349a8978ddefef2d492e7,

title = "全特征信息均衡建模的内部威胁人物检测",

abstract = "A method that used full-featured information equalization modeling for insider threat detection was proposed in view of the current problems of low accuracy of insider threat detection and incomplete utilization of high-dimensional data feature information. The features of the multi-source data generated within the organization were extracted and constructed. Then all the features were cross-grouped, and the cross-grouped features were used to construct the isolation forest model with improving the balance of the use of data feature information in the process of model building. The generated isolation forest model was used for insider threat detection. The experimental results show that the method has a higher F1 value on the CERT-IT (v4.2) insider threat figures data set, and the efficiency of the algorithm is high. The algorithm can be effectively used for insider threat detection.",

keywords = "Anomaly detection, Behavior log, Cross-grouping, Insider threat, Isolation forest algorithm",

author = "Yu Liu and Luo, {Sen Lin} and Qu, {Le Wei} and Pan, {Li Min} and Ji Zhang",

year = "2019",

month = apr,

day = "1",

doi = "10.3785/j.issn.1008-973X.2019.04.019",

language = "繁体中文",

volume = "53",

pages = "777--784",

journal = "Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)",

issn = "1008-973X",

publisher = "Zhejiang University Press",

number = "4",

}

TY - JOUR

T1 - 全特征信息均衡建模的内部威胁人物检测

AU - Liu, Yu

AU - Luo, Sen Lin

AU - Qu, Le Wei

AU - Pan, Li Min

AU - Zhang, Ji

PY - 2019/4/1

Y1 - 2019/4/1

N2 - A method that used full-featured information equalization modeling for insider threat detection was proposed in view of the current problems of low accuracy of insider threat detection and incomplete utilization of high-dimensional data feature information. The features of the multi-source data generated within the organization were extracted and constructed. Then all the features were cross-grouped, and the cross-grouped features were used to construct the isolation forest model with improving the balance of the use of data feature information in the process of model building. The generated isolation forest model was used for insider threat detection. The experimental results show that the method has a higher F1 value on the CERT-IT (v4.2) insider threat figures data set, and the efficiency of the algorithm is high. The algorithm can be effectively used for insider threat detection.

AB - A method that used full-featured information equalization modeling for insider threat detection was proposed in view of the current problems of low accuracy of insider threat detection and incomplete utilization of high-dimensional data feature information. The features of the multi-source data generated within the organization were extracted and constructed. Then all the features were cross-grouped, and the cross-grouped features were used to construct the isolation forest model with improving the balance of the use of data feature information in the process of model building. The generated isolation forest model was used for insider threat detection. The experimental results show that the method has a higher F1 value on the CERT-IT (v4.2) insider threat figures data set, and the efficiency of the algorithm is high. The algorithm can be effectively used for insider threat detection.

KW - Anomaly detection

KW - Behavior log

KW - Cross-grouping

KW - Insider threat

KW - Isolation forest algorithm

UR - http://www.scopus.com/inward/record.url?scp=85066751105&partnerID=8YFLogxK

U2 - 10.3785/j.issn.1008-973X.2019.04.019

DO - 10.3785/j.issn.1008-973X.2019.04.019

M3 - 文章

AN - SCOPUS:85066751105

SN - 1008-973X

VL - 53

SP - 777

EP - 784

JO - Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)

JF - Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)

IS - 4

ER -

全特征信息均衡建模的内部威胁人物检测

摘要

关键词

访问文件

其它文件与链接

指纹

引用此