Fuxi Wang, Jiajia Cui, Jun Yang, Xianggen Wang, Biao Leng
{"title":"基于用户行为的半监督网络服务主机威胁检测","authors":"Fuxi Wang, Jiajia Cui, Jun Yang, Xianggen Wang, Biao Leng","doi":"10.1145/3606843.3606848","DOIUrl":null,"url":null,"abstract":"In recent years, internal threats have occurred frequently and become the main factor of network security threats.However, due to the hidden characteristics of internal threats, it is difficult to detect them by methods based on specific conditions.At present,most of the detection technologies based on user behavior rely on expert knowledge and require human to determine the threshold model parameters,which cannot realize automatic learning of the system,and it is difficult to find abnormal behaviors that deliberately hide behavior characteristics.For the problem of internal threat detection,the semi supervised network service host abnormal behavior monitoring method uses specific triggered security events as positive samples to establisha multi-dimensional feature statistical threshold model,and uses intelligent algorithms to model the threat behavior patterns that have occurred in the network service host,then finds out all risk users with similar behavior patterns, and realizes the prediction of network abnormal behavior,so as to detect the internal threats of the network.","PeriodicalId":134294,"journal":{"name":"Proceedings of the 2023 5th International Conference on Information Technology and Computer Communications","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"User behavior-based semi-supervised network service host threat detection\",\"authors\":\"Fuxi Wang, Jiajia Cui, Jun Yang, Xianggen Wang, Biao Leng\",\"doi\":\"10.1145/3606843.3606848\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, internal threats have occurred frequently and become the main factor of network security threats.However, due to the hidden characteristics of internal threats, it is difficult to detect them by methods based on specific conditions.At present,most of the detection technologies based on user behavior rely on expert knowledge and require human to determine the threshold model parameters,which cannot realize automatic learning of the system,and it is difficult to find abnormal behaviors that deliberately hide behavior characteristics.For the problem of internal threat detection,the semi supervised network service host abnormal behavior monitoring method uses specific triggered security events as positive samples to establisha multi-dimensional feature statistical threshold model,and uses intelligent algorithms to model the threat behavior patterns that have occurred in the network service host,then finds out all risk users with similar behavior patterns, and realizes the prediction of network abnormal behavior,so as to detect the internal threats of the network.\",\"PeriodicalId\":134294,\"journal\":{\"name\":\"Proceedings of the 2023 5th International Conference on Information Technology and Computer Communications\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-06-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2023 5th International Conference on Information Technology and Computer Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3606843.3606848\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2023 5th International Conference on Information Technology and Computer Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3606843.3606848","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
User behavior-based semi-supervised network service host threat detection
In recent years, internal threats have occurred frequently and become the main factor of network security threats.However, due to the hidden characteristics of internal threats, it is difficult to detect them by methods based on specific conditions.At present,most of the detection technologies based on user behavior rely on expert knowledge and require human to determine the threshold model parameters,which cannot realize automatic learning of the system,and it is difficult to find abnormal behaviors that deliberately hide behavior characteristics.For the problem of internal threat detection,the semi supervised network service host abnormal behavior monitoring method uses specific triggered security events as positive samples to establisha multi-dimensional feature statistical threshold model,and uses intelligent algorithms to model the threat behavior patterns that have occurred in the network service host,then finds out all risk users with similar behavior patterns, and realizes the prediction of network abnormal behavior,so as to detect the internal threats of the network.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
