Research On Insider Threat Detection In Computer System

With the development of computer network, threats come not only from outside but also from inside. According to statistics, the losses of insider threats are more disastrous than outsider attacks.The background, significance and status of insider threat are firstly present in this paper. Subsequently, the definition, classification of insider threat and typical insider threat models are provided. After making the comparison regarding their limitations, our insider threat detection and sense system is given. The system consists of information collection layer, detection layer, sense layer and response layer. And we discuss emphatically the implementation scheme and test scheme of information collect layer and detect layer. Firstly, we present intrusion detection, log file analysis and vulnerability scan module, which is involved in the implementation of information collect layer and detect layer. Secondly, the implementation scheme using system integration is presented. Finally, constructing the test environment, the target hosts and the test host conduct the whole test, and the test results show that our system can well detect insider threats.