组织内办公自动化系统异常行为分析

Yilin Wang, Yun Zhou, Cheng Zhu, Xianqiang Zhu, Weiming Zhang
{"title":"组织内办公自动化系统异常行为分析","authors":"Yilin Wang, Yun Zhou, Cheng Zhu, Xianqiang Zhu, Weiming Zhang","doi":"10.17706/IJCCE.2017.6.3.212-220","DOIUrl":null,"url":null,"abstract":"Insider threat is a serious and increasing concern for many organizations. The group of individuals who operate within the organization have access to highly confidential and sensitive information, however, if they choose to act against the organization, with their privileged access authority and their extensive knowledge, they are well positioned to cause serious damage. Compared with vast amounts of normal daily operations, malicious behaviors are indeed small probability events, and are easily ignored. Thus, there is a desperate need to explore an effective approach to detect such suspicious behaviors. In order to solve this problem, we propose a two-stage algorithm to detect anomaly through analyzing user behavior based on activity log data collected in a real office automation system. In the first stage, we compare users’ behavioral activities with activities of his/her belonging role, and in the second stage, we compare individual behavioral activities with his/her activities in a window period. By adopting several effective features to describe users’ regular behavioral patterns, the analyst is capable of refining underlying abnormal users and abnormal periods to better support the network security administration.","PeriodicalId":23787,"journal":{"name":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Abnormal Behavior Analysis in Office Automation System within Organizations\",\"authors\":\"Yilin Wang, Yun Zhou, Cheng Zhu, Xianqiang Zhu, Weiming Zhang\",\"doi\":\"10.17706/IJCCE.2017.6.3.212-220\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Insider threat is a serious and increasing concern for many organizations. The group of individuals who operate within the organization have access to highly confidential and sensitive information, however, if they choose to act against the organization, with their privileged access authority and their extensive knowledge, they are well positioned to cause serious damage. Compared with vast amounts of normal daily operations, malicious behaviors are indeed small probability events, and are easily ignored. Thus, there is a desperate need to explore an effective approach to detect such suspicious behaviors. In order to solve this problem, we propose a two-stage algorithm to detect anomaly through analyzing user behavior based on activity log data collected in a real office automation system. In the first stage, we compare users’ behavioral activities with activities of his/her belonging role, and in the second stage, we compare individual behavioral activities with his/her activities in a window period. By adopting several effective features to describe users’ regular behavioral patterns, the analyst is capable of refining underlying abnormal users and abnormal periods to better support the network security administration.\",\"PeriodicalId\":23787,\"journal\":{\"name\":\"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.17706/IJCCE.2017.6.3.212-220\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17706/IJCCE.2017.6.3.212-220","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

内部威胁是许多组织日益关注的一个严重问题。在组织内部活动的个人可以访问高度机密和敏感的信息,但是,如果他们选择对组织采取行动,凭借他们的特权访问权限和广泛的知识,他们处于有利地位,可以造成严重损害。与大量的正常日常操作相比,恶意行为确实是小概率事件,很容易被忽略。因此,迫切需要探索一种有效的方法来检测这种可疑行为。为了解决这一问题,我们提出了一种基于实际办公自动化系统中收集的活动日志数据,通过分析用户行为来检测异常的两阶段算法。在第一阶段,我们将用户的行为活动与其所属角色的活动进行比较,在第二阶段,我们将个人的行为活动与其在窗口期的活动进行比较。通过采用几个有效的特征来描述用户的规律行为模式,分析人员能够提炼出潜在的异常用户和异常周期,从而更好地支持网络安全管理。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Abnormal Behavior Analysis in Office Automation System within Organizations
Insider threat is a serious and increasing concern for many organizations. The group of individuals who operate within the organization have access to highly confidential and sensitive information, however, if they choose to act against the organization, with their privileged access authority and their extensive knowledge, they are well positioned to cause serious damage. Compared with vast amounts of normal daily operations, malicious behaviors are indeed small probability events, and are easily ignored. Thus, there is a desperate need to explore an effective approach to detect such suspicious behaviors. In order to solve this problem, we propose a two-stage algorithm to detect anomaly through analyzing user behavior based on activity log data collected in a real office automation system. In the first stage, we compare users’ behavioral activities with activities of his/her belonging role, and in the second stage, we compare individual behavioral activities with his/her activities in a window period. By adopting several effective features to describe users’ regular behavioral patterns, the analyst is capable of refining underlying abnormal users and abnormal periods to better support the network security administration.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信