Zero-trust Security Monitoring System Of Business Data Access In Industry Private Networks

In recent years,data leakage caused by identity spoofing attacks has emerged in an endless stream,posing serious security threats to industry private networks.In order to detect identity spoofing attacks,industry private networks often utilize security monitoring systems of business data access,which mine attackers by anomaly detection.Unfortunately,conventional security monitoring systems of business data access are built based on the boundary protection,which just detect a single point of user behavior,ignoring the context and persistence of user access,resulting in low detection accuracy.Consequently,in view of the above issues,this thesis introduces zero trust and builds a zero trust based security monitoring system of business data access in industry private networks.The proposed system can monitor user access behaviors comprehensively and continuously,enhancing the security of industry private networks.The main work is as follows:1.This thesis designs a zero-trust security monitoring system of business data access,and implements a prototype.Moreover,aiming at the lack of sustainability and comprehensiveness of traditional anomaly detection,this system leverages the user and entity behavior analytics to detect user access behaviors,which improves the accuracy of identity spoofing attack detection.2.When tracing user access behaviors,considering the poor performance of data query in Resource Description Framework(RDF),this thesis designs a property graph-based user access behavior tracing method in the entire process,which analyzes user access behavior association model using a property graph.Comparative experiments proved that the method presented in this thesis has a higher query rate.3.In the monitoring phase of user access behaviors,a user access behavior detection method based on Long Short-Term Memory(LSTM)is proposed in this thesis,to tackle troubles that traditional machine learning methods are difficult to describe the sequence relationship among user access behaviors.More specifically,this method learns the long-term sequence relationship among user access behaviors by LSTM for defining a baseline model of user access behaviors.Afterwards,a calculation method of probability difference is used to mine the distinction between the attacker behavior and predictive behavior of baseline model.Experimental results show that the method proposed in this thesis has a high detection accuracy.4.The experimental results demonstrate that the zero trust based security monitoring system of business data access can process behavior data in real time,and monitor the user access behavior continuously and comprehensively.It can also quickly alert detection results of abnormal access behaviors,which is convenient for security analysts to query and analyze.In summary,it has great significance to enhance security and prevention ability for private networks.