摘要
针对传统的基于攻击特征的安全保障措施在检测未知威胁和监测内部人员违规行为方面效果不理想的问题,文章提出了基于业务白名单的异常违规行为监测方法以及一种用户行为序列模式的挖掘算法。通过对业务关键人员、关键业务访问路径、敏感资源等业务要素的白名单设定,有效监测攻击或异常操作在行为、流量、时间、路径等因素上表现出的异常,及时发现异常违规行为。文章通过实验验证了该方法的有效性。
Aimed at the problem that the traditional security ensure measure is not good at detecting unknown threat and inspect insiders' illegal behavior, an abnormal, illegal behavior monitor method based on business white list and an arithmetic of mining behavior sequence pattern are proposed in this paper. By setting business factors, such as operation key personnel, key business accessing path, sensitive resource, effectively inspect abnormity which is represented by attack and abnormal business in behavior, lfow, time, path and so on, duly detect abnormal and illegal behaviors. Then the validity of this method is validated by experiments. Consequently, this method provides a new solution for internally control of security protection.
出处
《信息网络安全》
2015年第9期144-148,共5页
Netinfo Security
关键词
白名单
异常
攻击
违规行为
white list
abnormal
attack
illegal behavior
