Research On Detection And Risk Prediction Of Insider Threat

With the improvement of corporate security,the losses caused by insider threats gradually dominate the loss of corporate information security.As a result,many countries in the world have also stepped up their studies on insider threats.Among the various methods of combating insider threats,it is a common method to detect insider threats and predict the risks through regular processing of insider personal data,which can effectively reduce the risks of information security and improve the security of enterprises.However,there are many deficiencies in the accuracy and comprehensiveness of the existing methods for detecting and forecasting insider threats.Therefore,it is of important theoretical and practical value to study the methods of insider threat detection and risk prediction.In order to solve the problem of low detection rate and incomplete detection of insider threat detection methods in the serious threat of positive and negative sample imbalance and multi-source heterogeneous data,a method of detecting insider threat characters based on multi-source features is proposed.This method constructs an insider threat anomaly detection model using isolated forest anomaly detection algorithm,and finally gives the insider threat detection results.Experiments on the CERT-IT(v6.2)dataset show that the method has high accuracy and recall.In order to solve the problem of low sensitivity and high false alarm rate caused by the failure to make full use of historical behavior information,this paper proposes a risk prediction method based on long and short term memory network(LSTM).This method uses the LSTM to predict the risk of the insider threat,conducts the risk assessment on the person through the developed insider threat level classification,and finally classifies the insider threat person in advance.Experiments on the processed CERT-IT(v6.2)dataset show that the method has high accuracy and recall,high sensitivity to abnormal behavior changes and low false alarm rate and have high rate of accuracy.For the practical application,the prototype system of insider threat detection and risk prediction is designed and implemented.The system's main features include: data acquisition,data storage,data processing,data analysis,platform services.The system has good reliability,maintainability,scalability,and practical value.