高技术通讯(英文版)2024,Vol.30Issue(2) :199-210.DOI:10.3772/j.issn.1006-6748.2024.02.011

Insider threat detection approach for tobacco industry based on heterogeneous graph embedding

季琦 LI Wei PAN Bailin XUE Hongkai QIU Xiang
高技术通讯(英文版)2024,Vol.30Issue(2) :199-210.DOI:10.3772/j.issn.1006-6748.2024.02.011
  • 国家科技期刊平台
  • NETL
  • NSTL
  • 万方数据

Insider threat detection approach for tobacco industry based on heterogeneous graph embedding

季琦 1LI Wei 2PAN Bailin 1XUE Hongkai 3QIU Xiang3
扫码查看

作者信息

  • 1. Hangzhou Cigarette Factory,China Tobacco Zhejiang Industrial Co.,Ltd.,Hangzhou 310024,P.R.China
  • 2. Information Center,China Tobacco Zhejiang Industrial Co.,Ltd.,Hangzhou 310024,P.R.China
  • 3. College of Information Engineering,Zhejiang University of Technology,Hangzhou 310014,P.R.China
  • 折叠

Abstract

In the tobacco industry,insider employee attack is a thorny problem that is difficult to detect.To solve this issue,this paper proposes an insider threat detection method based on heterogeneous graph embedding.First,the interrelationships between logs are fully considered,and log entries are converted into heterogeneous graphs based on these relationships.Second,the heterogeneous graph embedding is adopted and each log entry is represented as a low-dimensional feature vector.Then,normal logs and malicious logs are classified into different clusters by clustering algorithm to identify malicious logs.Finally,the effectiveness and superiority of the method is verified through experi-ments on the CERT dataset.The experimental results show that this method has better performance compared to some baseline methods.

Key words

insider threat detection/advanced persistent threats/graph construction/hetero-geneous graph embedding

引用本文复制引用

基金项目

国家自然科学基金(62203390)

Science and Technology Project of China Tobacco Zhejiang Industrial Co.,Ltd(ZJZY2022E004)

出版年

2024
高技术通讯(英文版)
中国科学技术信息研究所(ISTIC)

高技术通讯(英文版)

影响因子:0.058
ISSN:1006-6748
参考文献量34
段落导航相关论文