{"title":"组织内办公自动化系统异常行为分析","authors":"Yilin Wang, Yun Zhou, Cheng Zhu, Xianqiang Zhu, Weiming Zhang","doi":"10.17706/IJCCE.2017.6.3.212-220","DOIUrl":null,"url":null,"abstract":"Insider threat is a serious and increasing concern for many organizations. The group of individuals who operate within the organization have access to highly confidential and sensitive information, however, if they choose to act against the organization, with their privileged access authority and their extensive knowledge, they are well positioned to cause serious damage. Compared with vast amounts of normal daily operations, malicious behaviors are indeed small probability events, and are easily ignored. Thus, there is a desperate need to explore an effective approach to detect such suspicious behaviors. In order to solve this problem, we propose a two-stage algorithm to detect anomaly through analyzing user behavior based on activity log data collected in a real office automation system. In the first stage, we compare users’ behavioral activities with activities of his/her belonging role, and in the second stage, we compare individual behavioral activities with his/her activities in a window period. By adopting several effective features to describe users’ regular behavioral patterns, the analyst is capable of refining underlying abnormal users and abnormal periods to better support the network security administration.","PeriodicalId":23787,"journal":{"name":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Abnormal Behavior Analysis in Office Automation System within Organizations\",\"authors\":\"Yilin Wang, Yun Zhou, Cheng Zhu, Xianqiang Zhu, Weiming Zhang\",\"doi\":\"10.17706/IJCCE.2017.6.3.212-220\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Insider threat is a serious and increasing concern for many organizations. The group of individuals who operate within the organization have access to highly confidential and sensitive information, however, if they choose to act against the organization, with their privileged access authority and their extensive knowledge, they are well positioned to cause serious damage. Compared with vast amounts of normal daily operations, malicious behaviors are indeed small probability events, and are easily ignored. Thus, there is a desperate need to explore an effective approach to detect such suspicious behaviors. In order to solve this problem, we propose a two-stage algorithm to detect anomaly through analyzing user behavior based on activity log data collected in a real office automation system. In the first stage, we compare users’ behavioral activities with activities of his/her belonging role, and in the second stage, we compare individual behavioral activities with his/her activities in a window period. By adopting several effective features to describe users’ regular behavioral patterns, the analyst is capable of refining underlying abnormal users and abnormal periods to better support the network security administration.\",\"PeriodicalId\":23787,\"journal\":{\"name\":\"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.17706/IJCCE.2017.6.3.212-220\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17706/IJCCE.2017.6.3.212-220","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Abnormal Behavior Analysis in Office Automation System within Organizations
Insider threat is a serious and increasing concern for many organizations. The group of individuals who operate within the organization have access to highly confidential and sensitive information, however, if they choose to act against the organization, with their privileged access authority and their extensive knowledge, they are well positioned to cause serious damage. Compared with vast amounts of normal daily operations, malicious behaviors are indeed small probability events, and are easily ignored. Thus, there is a desperate need to explore an effective approach to detect such suspicious behaviors. In order to solve this problem, we propose a two-stage algorithm to detect anomaly through analyzing user behavior based on activity log data collected in a real office automation system. In the first stage, we compare users’ behavioral activities with activities of his/her belonging role, and in the second stage, we compare individual behavioral activities with his/her activities in a window period. By adopting several effective features to describe users’ regular behavioral patterns, the analyst is capable of refining underlying abnormal users and abnormal periods to better support the network security administration.