Insider Threat Model Based On Insider Network And Intrusion Detection Technology

With the rapid development of computer network, insider network security has become hidden trouble to enterprise management. The illegal reveal, copy and alteration to the information material always brings large expense to enterprise, government and military. So it is very valuable and important to research into the insider threat model and detection technology.This thesis introduces the concept, classification, model and exhibition manner of the insider threat, discusses the classification of network threat in detail from several aspects, and gives the characteristics of the insider network and a variety of classification methods of the network threat. It gives the most comprehensive division to the insider threat importantly from six aspects---the environmental, physical, the system, network, management and security assessment.Based on the analysis of existing research result the attack tree model is improved. The emphasis is put forward for the description of the design idea of the insider threat overall model in theory, as well as the operation step of the overall model. Combined with action serial and traffic attack this thesis puts forwards the concept of specific model design, and designs the model base based on the insider threat model by referencing the concept of model base.Finally, to the actual insider threat existing in the real insider network and from the attacker and user point this thesis sets up the specific threat model analysis based on the act of stealing passwords, traffic attack and the certification of identification or authority. In order to make the insider threat model cooperate better with the detection system this thesis sets up the inherent relation between the insider threat model and detection system, applies the design idea of insider threat model to the detection system and sets up insider detection system which has the same logic relation with the insider treat model.This thesis designs a new insider threat model, sets up a model base based on actions and sets up the inherent relation between the insider threat model and detection system, and therefore establishes a basis for the deeper research into the insider threat model.