Research On Threat Analysis Technology Of Information System

As a serious information security problem,internal threats have received widespread attention.With the continuous occurrence of internal insecure incidents,whether it is an employee's misuse or behavior for some purpose,how to effectively detect and prevent the occurrence of internal threats has become current.However,due to the short-term appearance of internal threats,the complex internal relationships of the system and serious consequences,their research is still in its infancy,and no effective and mature solutions have been formed.This paper's work mainly includes the following aspects:First this paper introduces the basic concepts and principles of intrusion detection technology,and the expansion process of internal threats based on it.The concepts and characteristics of internal threats are given.The internal threats and the roles that caused them are classified and explained.Finally,a general insider threat solution is introduced.Aiming at the problem that the abnormal behavior of the character cannot be detected in time,the characteristics of the behavior of the character are analyzed and processed in the audit log,and an internal threat detection method based on the abnormal behavior of the character is proposed.On the one hand,the time attribute of role access is studied to realize dynamic multi-level access of roles.On the other hand,through the formal description and structural design of the module elements,role permission inheritance,and access policies in the model,role permission granting and inheritance policies are formulated.While restricting role access,they effectively supports role dynamic authorization,thereby improving the security of system access.To detect the increasing internal threats in information systems,analyze and process the behavioral characteristics of the audit log,an internal threat detection method based on role abnormal behavior mining is proposed.This method mined the normal behavior of characters based on the principle of sequential pattern mining.Finally,the Knuth-Morris-Pratt(KMP)algorithm is used for pattern matching to determine whether the current behavior of the character is abnormal.The experimental data shows that this method can effectively realize the mining of the normal behavior of the character and the detection of the abnormal behavior of the character.At the same time,the time and the accuracy of abnormal behavior detection are improved.