TY - GEN
T1 - User behavior-based semi-supervised network service host threat detection
AU - Wang, Fuxi
AU - Cui, Jiajia
AU - Yang, Jun
AU - Wang, Xianggen
AU - Leng, Biao
N1 - Publisher Copyright:
© 2023 ACM.
PY - 2023/6/15
Y1 - 2023/6/15
N2 - In recent years, internal threats have occurred frequently and become the main factor of network security threats.However, due to the hidden characteristics of internal threats, it is difficult to detect them by methods based on specific conditions.At present,most of the detection technologies based on user behavior rely on expert knowledge and require human to determine the threshold model parameters,which cannot realize automatic learning of the system,and it is difficult to find abnormal behaviors that deliberately hide behavior characteristics.For the problem of internal threat detection,the semi supervised network service host abnormal behavior monitoring method uses specific triggered security events as positive samples to establisha multi-dimensional feature statistical threshold model,and uses intelligent algorithms to model the threat behavior patterns that have occurred in the network service host,then finds out all risk users with similar behavior patterns, and realizes the prediction of network abnormal behavior,so as to detect the internal threats of the network.
AB - In recent years, internal threats have occurred frequently and become the main factor of network security threats.However, due to the hidden characteristics of internal threats, it is difficult to detect them by methods based on specific conditions.At present,most of the detection technologies based on user behavior rely on expert knowledge and require human to determine the threshold model parameters,which cannot realize automatic learning of the system,and it is difficult to find abnormal behaviors that deliberately hide behavior characteristics.For the problem of internal threat detection,the semi supervised network service host abnormal behavior monitoring method uses specific triggered security events as positive samples to establisha multi-dimensional feature statistical threshold model,and uses intelligent algorithms to model the threat behavior patterns that have occurred in the network service host,then finds out all risk users with similar behavior patterns, and realizes the prediction of network abnormal behavior,so as to detect the internal threats of the network.
KW - Abnormal behavior detection
KW - Internal threat detection
KW - Multidimensional feature statistics
KW - Semi supervised learning
KW - User behavior mode
UR - https://www.scopus.com/pages/publications/85174248683
U2 - 10.1145/3606843.3606848
DO - 10.1145/3606843.3606848
M3 - 会议稿件
AN - SCOPUS:85174248683
T3 - ACM International Conference Proceeding Series
SP - 24
EP - 31
BT - Proceedings of 2023 5th International Conference on Information Technology and Computer Communications, ITCC 2023
PB - Association for Computing Machinery
T2 - 5th International Conference on Information Technology and Computer Communications, ITCC 2023
Y2 - 15 June 2023 through 17 June 2023
ER -