计算机应用与软件2024,Vol.41Issue(9) :1-8,40.DOI:10.3969/j.issn.1000-386x.2024.09.001

基于多源数据的内部威胁检测技术综述

REVIEW OF INSIDER THREAT DETECTION TECHNIQUES BASED ON MULTI-SOURCE DATA

孙小双 王宇
计算机应用与软件2024,Vol.41Issue(9) :1-8,40.DOI:10.3969/j.issn.1000-386x.2024.09.001
  • 维普
  • 万方数据

基于多源数据的内部威胁检测技术综述

REVIEW OF INSIDER THREAT DETECTION TECHNIQUES BASED ON MULTI-SOURCE DATA

孙小双 1王宇2
扫码查看

作者信息

  • 1. 战略支援部队航天工程大学研究生院 北京 101416
  • 2. 战略支援部队航天工程大学航天信息学院 北京 101416
  • 折叠

摘要

近年来,内部威胁事件呈上升趋势,内部网络安全面临巨大挑战,内部威胁检测技术作为一种有效手段开始被广泛关注和研究.该文从数据来源角度对内部威胁检测技术的发展进行分析和总结,对比不同来源数据的特点、在检测中发挥的作用以及针对该类型数据的检测方法.在此基础上,介绍当前被广泛研究的内部威胁数据集CERT-IT,并对基于该数据集的内部威胁检测方法进行分析比较,探讨内部威胁检测技术面临的挑战和未来的发展趋势.

Abstract

In recent years,insider threat incidents are on the rise,insider network security is facing great challenges,insider threat detection technology begins to be widely concerned and is studied as an effective means.This paper analyzes and summarizes the development of insider threat detection technology from the perspective of data sources,and compares the characteristics of data from different sources,the roles played in the detection and the detection methods for this type of data.On this basis,the paper introduced the widely studied insider threat dataset CERT-IT,and analyzed and compared the insider threat detection methods based on CERT-IT,so as to discuss the challenges faced by the current insider threat detection technology and the future development trend.

关键词

数据来源/内部威胁检测/深度学习/多源数据/关联分析

Key words

Data source/Insider threat detection/Deep learning/Multi-source data/Correlation analysis

引用本文复制引用

基金项目

国家自然科学基金重点项目(41631072)

出版年

2024
计算机应用与软件
上海市计算技术研究所 上海计算机软件技术开发中心

计算机应用与软件

CSTPCD北大核心
影响因子:0.615
ISSN:1000-386X
段落导航相关论文