| This paper thorough understood the research present condition of insider threat. A few kinds typical model classification and set up a mold method about the insider threat analyzed and studied. Put forward a kind of quantification and evaluation method based on insider threat analytical, according to the importance power of key property and relativity about threat, compute threat index number with the definite function, get a quantification value of the situation insider threat.In order to improve the current network security evaluation systems,this paper puts forward a kind of layered quantitative situation evaluation model for insider threat and corresponding computational method. The evaluation policy from bottom to top and from local to global is adopted in this model. The threat indexes of modules, hosts and local networks are calculated by weighting the importance of modules and hosts based on threat frequency and severity, and the inside threat statuation is then evaluated.We carry on a design to put forward of the model,modularized the calculation function in the model,gave the data structure and the compute flowchart of each mold. We bring the model to pass use C++,gave calculate way realization and graphics interface each calculation mold.We carry on imitating a true experiment make use of put forward of the model. The experiment results show that this model can provide the intuitive security threat statusin three hierarchies:services,hosts and local networks so that system administrators are freed from tedious analysis tasks based on the alarm datasets to have overall security status of the entire system. It is also possible for them to find the insider threat behaviors of the system to adjust the insider threat strategies and to enhance the performance on system security. This model is valuable for guiding the insider threat engineering practice and developing the tool of security situation evaluation. |
PDF Full Text Request