| Insider threat has done great damage to security of network system, Common security applications such as firewalls and Intrusion Detection Systems (IDSs) are in place to prevent external threat, but in most cases insiders are not restricted or monitored by these mechanisms. There is not yet a good real-time detect system and the amount of collectable data is large,resulting in all the detections are delay. As the identification is bear the brunt of insider detection,it goes without saying the significance of insider identification.Monitoring user's abnormal behaviors,which is an effective method to detect impersonation, is used for impersonation detection in insider threats. A model is built by using TAN-based Bayesian network to reflect the characteristics of user's behavior. When the deviation from the model is found, the system can determine the identity of the user. As a result,experiments show that the monitoring numbers of processes called by users can be very effective on detecting impersonation and can identify the identity of the attacker. |
PDF Full Text Request