Abnormal Behavior Analysis in Office Automation System within Organizations

World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering Pub Date : 2017-01-01 DOI:10.17706/IJCCE.2017.6.3.212-220

Yilin Wang, Yun Zhou, Cheng Zhu, Xianqiang Zhu, Weiming Zhang

{"title":"Abnormal Behavior Analysis in Office Automation System within Organizations","authors":"Yilin Wang, Yun Zhou, Cheng Zhu, Xianqiang Zhu, Weiming Zhang","doi":"10.17706/IJCCE.2017.6.3.212-220","DOIUrl":null,"url":null,"abstract":"Insider threat is a serious and increasing concern for many organizations. The group of individuals who operate within the organization have access to highly confidential and sensitive information, however, if they choose to act against the organization, with their privileged access authority and their extensive knowledge, they are well positioned to cause serious damage. Compared with vast amounts of normal daily operations, malicious behaviors are indeed small probability events, and are easily ignored. Thus, there is a desperate need to explore an effective approach to detect such suspicious behaviors. In order to solve this problem, we propose a two-stage algorithm to detect anomaly through analyzing user behavior based on activity log data collected in a real office automation system. In the first stage, we compare users’ behavioral activities with activities of his/her belonging role, and in the second stage, we compare individual behavioral activities with his/her activities in a window period. By adopting several effective features to describe users’ regular behavioral patterns, the analyst is capable of refining underlying abnormal users and abnormal periods to better support the network security administration.","PeriodicalId":23787,"journal":{"name":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17706/IJCCE.2017.6.3.212-220","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Insider threat is a serious and increasing concern for many organizations. The group of individuals who operate within the organization have access to highly confidential and sensitive information, however, if they choose to act against the organization, with their privileged access authority and their extensive knowledge, they are well positioned to cause serious damage. Compared with vast amounts of normal daily operations, malicious behaviors are indeed small probability events, and are easily ignored. Thus, there is a desperate need to explore an effective approach to detect such suspicious behaviors. In order to solve this problem, we propose a two-stage algorithm to detect anomaly through analyzing user behavior based on activity log data collected in a real office automation system. In the first stage, we compare users’ behavioral activities with activities of his/her belonging role, and in the second stage, we compare individual behavioral activities with his/her activities in a window period. By adopting several effective features to describe users’ regular behavioral patterns, the analyst is capable of refining underlying abnormal users and abnormal periods to better support the network security administration.

查看原文本刊更多论文

组织内办公自动化系统异常行为分析

内部威胁是许多组织日益关注的一个严重问题。在组织内部活动的个人可以访问高度机密和敏感的信息，但是，如果他们选择对组织采取行动，凭借他们的特权访问权限和广泛的知识，他们处于有利地位，可以造成严重损害。与大量的正常日常操作相比，恶意行为确实是小概率事件，很容易被忽略。因此，迫切需要探索一种有效的方法来检测这种可疑行为。为了解决这一问题，我们提出了一种基于实际办公自动化系统中收集的活动日志数据，通过分析用户行为来检测异常的两阶段算法。在第一阶段，我们将用户的行为活动与其所属角色的活动进行比较，在第二阶段，我们将个人的行为活动与其在窗口期的活动进行比较。通过采用几个有效的特征来描述用户的规律行为模式，分析人员能够提炼出潜在的异常用户和异常周期，从而更好地支持网络安全管理。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering

自引率

0.00%

发文量