Research On Insider Threat Detection And User Behavior Evaluation Method Based On Deep Learning

The rapid development of the Internet has made network security issues increasingly prominent,and insider threats are often a severe test.Sometimes insider threats are even more harmful than external attacks.Therefore,with more and more research on insider threats,insider threat detection and evaluation methods have become a research hotspot in recent years.Existing insider threat detection and evaluation methods have the problems of time-consuming,limited accuracy,and less consideration of non-malicious abnormal behavior in user behavior.Based on this,the thesis combines two deep learning algorithms,Variational Auto-Encoder algorithm and Stacked Auto-Encoder algorithm,to achieve insider threat detection and user behavior evaluation.The main research work of the thesis is as follows.With the increasing size and dimension of data generated by insider threats,the feature engineering required for insider threat detection and evaluation models based on common machine learning methods is becoming more complex and time-consuming.Therefore,using deep learning's powerful deep feature learning and abstraction capabilities,an insider threat detection and evaluation model based on deep learning is designed.The model hierarchy is divided into data acquisition layer,data preprocessing layer,insider threat detection layer,user behavior evaluation layer and application layer.Among them,the insider threat detection layer and user behavior evaluation layer are the core of the model,which realizes the detection of abnormal users and the threat level evaluation of user behavior to provide the basis for subsequent insider threat early warning and prediction.Finally,based on the proposed model design,the corresponding prototype system is implemented and the validity of the model is verifiedIn view of the existing internal threat detection methods,less non-malicious abnormal behavior is considered,which is likely to cause false positives and false negatives,resulting in the problem of reduced detection rate and accuracy.A variational Auto-Encoder(VAE)is proposed.And the insider threat detection method of BP neural network.The method first uses the generated model variational autoencoder to train user behavior data,fully considers the non-malicious abnormal user behavior in the abnormal user behavior,constructs the normal user behavior model,and then combines the BP neural network to detect whether the user has abnormal behavior.Comparative experiments show that this method improves the overall detection rate and accuracy,and reduces the false positive rate and false negative rate.Due to the complex,novel and diverse characteristics of insider attack methods,the user behavior data has the characteristics of high dimensional,heterogeneous and massive,which leads to the problem of time-consuming and inaccurate accuracy of user behavior evaluation methods using common machine learning.A user behavior evaluation method based on Stacked Auto-Encoder(SAE)and Support Vector Machines(SVM)is proposed.This method first uses a stacked self-encoder to reduce the dimensionality of user behavior data and normalize it to solve the sparseness of high-dimensional data.Then,the support vector machine is used to evaluate the processed data.Comparative experiments show that this method takes relatively less time,reduces the sparsity of high-dimensional user behavior data,and improves the overall accuracy.