Detecting And Sensing Methods Of Insider Threats In Information Systems

Insider threats bring great harm to the security of information systems, which is one of the main sources of security risks. Uing technologies of AHP(analytic hierarchy process), access control, artificial intelligence, and graph theory, we study the detecting and sensing methods of insider threats in information systems from two aspects, i.e., the resource access and the information delivery. For insider threats in the resource access, we build a hierarchy-mapping based insider threats model, and then study the quantitative approach for insider threats. Cloud model, an artificial intelligence theory, is introduced for building cloud model based insider threat sensing method, which is used to sense insider threats in real time. For insider threats in the information delivery, an adjoining trust model is presented. Using the model, we design a greedy algorithm to predict and defend the routing attacks launched by insiders in mobile ad hoc network.The main contributions of this dissertation are shown as follows:(1) A hierarchical system for the detection and sense of insider threats: We classify and analyze insider threats in information systems, and present a hierarchical system for the detection and sense of insider threats. From the two perspectives, detection and sense, the insider threats are predicted, analyzed and responded.(2) A hierarchy-mapping based insider threats model: The access control relationship between subjects and objects in the systems and the analytic hierarchy process are employed to build a hierarchy-mapping based insider threats model. The proposed model can be used to effectively evaluate insider threats in real time.(3) An algorithm for sensing insider threats based on the cloud model: The cloud model theory, which originates from the artificial intelligence with uncertainty, is applied to design an algorithm for sensing insider threats based on the hierarchy-mapping model. The algorithm can be used to analyze the insider threats of the systems in various respects and make decision qualitatively and quantitatively.(4) Adjoining trust based routing security evaluation: For routing attacks, the concept of the adjoining trust is proposed to inhibit deception from intermediate nodes during the transmission of routing information. According to this definition, an adjoining trust model is presented, and a greedy algorithm is designed to quantitatively analyze the security of routing and sense the attacks in mobile ad hoc network at the same time.