| Nowadays, with the rapid development of the network, enterprises have set up their own internal network. Although the internal network has been facilitated the work and the management of enterprise, but the internal security issues are also increasingly frequently and more serious. The threat of mare than 80% of the enterprise's internal network is caused by internal users. Internal employees are likely to be in the work hours of non work activities. These are internal network needs to take into account. The complexity and variety of the internal network security problem leads to the difficulty of solving the security problem.In order to more effectively detect the abnormal behavior of the internal network users, this paper established th enterprise internal network user behavior model. We use some data processing methods of user behavior; choose a clustering method based on user behavior of clustering to analyze the abnormal behavior. The analysis methods mainly gather different modes of information, analyze the characteristics of behavior, cluster the historical behavior of the user and determine the behavior is normal or abnormal. If there is no determination of the behavior, then use the reverse selection rules to screen out the normal modes, regard the rest of the behavior as abnormal modes. We model the enterprise internal network users and use the clustering methods to detect the abnormal to achieve the purpose of solving part of the security problem. Finally, experiments shows that this method has certain significance for the detection of abnormal behavior of network users in the enterprise. |
PDF Full Text Request