{"title":"面向内部攻击检测的二维可追溯性链接规则挖掘","authors":"Y. Hu, B. Panda","doi":"10.1109/HICSS.2010.414","DOIUrl":null,"url":null,"abstract":"Organizations face a growing threat of insider attacks. This paper presents a model for detecting insider malicious activities targeted at tampering the contents of files for various purposes. It employs two-dimensional traceability link rule mining to identify intrinsic file dependencies. Traceability links are traditionally used by software practitioners and researchers to uncover the relationships between programs and documents in a software system. In this research, we borrow the concept of traceability link from software engineering realm and use traceability links to model file access patterns. Activities that modify data without complying with various file traceability link rules will be identified as suspicious activities. Because file traceability links are less prone to change than individual user's file access patterns, the insider attack detection model built on traceability links is more effective than many existing systems based on usage patterns.","PeriodicalId":328811,"journal":{"name":"2010 43rd Hawaii International Conference on System Sciences","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Two-Dimensional Traceability Link Rule Mining for Detection of Insider Attacks\",\"authors\":\"Y. Hu, B. Panda\",\"doi\":\"10.1109/HICSS.2010.414\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Organizations face a growing threat of insider attacks. This paper presents a model for detecting insider malicious activities targeted at tampering the contents of files for various purposes. It employs two-dimensional traceability link rule mining to identify intrinsic file dependencies. Traceability links are traditionally used by software practitioners and researchers to uncover the relationships between programs and documents in a software system. In this research, we borrow the concept of traceability link from software engineering realm and use traceability links to model file access patterns. Activities that modify data without complying with various file traceability link rules will be identified as suspicious activities. Because file traceability links are less prone to change than individual user's file access patterns, the insider attack detection model built on traceability links is more effective than many existing systems based on usage patterns.\",\"PeriodicalId\":328811,\"journal\":{\"name\":\"2010 43rd Hawaii International Conference on System Sciences\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-01-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 43rd Hawaii International Conference on System Sciences\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HICSS.2010.414\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 43rd Hawaii International Conference on System Sciences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HICSS.2010.414","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Two-Dimensional Traceability Link Rule Mining for Detection of Insider Attacks
Organizations face a growing threat of insider attacks. This paper presents a model for detecting insider malicious activities targeted at tampering the contents of files for various purposes. It employs two-dimensional traceability link rule mining to identify intrinsic file dependencies. Traceability links are traditionally used by software practitioners and researchers to uncover the relationships between programs and documents in a software system. In this research, we borrow the concept of traceability link from software engineering realm and use traceability links to model file access patterns. Activities that modify data without complying with various file traceability link rules will be identified as suspicious activities. Because file traceability links are less prone to change than individual user's file access patterns, the insider attack detection model built on traceability links is more effective than many existing systems based on usage patterns.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
