| ¡¡ | Chinese Journal of Computers Full Text |
| Title | An Algorithm for Sensing Insider Threat Based on Cloud Model |
| Authors | ZHANG Hong-Bin1),2) PEI Qing-Qi1) MA Jian-Feng1) |
| Address | 1)(Key Laboratory of Computer Networks and Information Security of Ministry of Education, Xidian University, Xi¡¯an 710071) 2)(Institute of Information Science & Engineering, Hebei University of Science and Technology, Shijiazhuang 050054) |
| Year | 2009 |
| Issue | No.4(784¡ª792) |
| Abstract & Background | Abstract Using the access control relationship, the partial-order structures of subjects and objects in the system and their mapping relationship are defined, and a hierarchy-mapping based insider threat model is developed on these definitions. Then, this model is applied to build a cloud model which characterizes the states of insider threat in the system. Based on the proposed cloud model, an algorithm, which improves the accuracy and objectivity in evaluation, is also designed for sensing the insider threat in the system. Compared to the previous works, the algorithm could analyze threats of the system in various respects and makes decision qualitatively and quantitatively. As a result, the experiments show that the algorithm could effectively sense the insider threat in real-time. Keywords models; cloud model; insider threat; sense; evaluation Background This research is partly supported by the National High Technology Research and Development Program(863 Program) of China under grant Nos.2007AA01Z429, 2007AA01Z405, State Key Program of National Natural Science of China under grant No.60633020, National Natural Science Foundation of China under grant Nos.60573036£¬60702059£¬60503012£¬60803150, 60743005, Shaanxi Province, ¡°13115¡± Technology Innovation Project, Major Scientific and Technological Special No.2007ZDKG-56. In the last few years, as a new concept in the field of network and system security, insider threat has been focused in the research. Although some methods for modeling and assessing insider threat have been given, systems are still inefficient to resolve threat from authorized insiders. The task of this research is to find malicious insider effectively and accurately. The authors had build a hierarchy-mapping based insider threat model in their previous works. Based on the model, this paper presents a novel approach of building an algorithm for sensing insider threat by using cloud model. Compared with other works, the new algorithm could analyze threats of the system in various respects and makes decision qualitatively and quantitatively. |