针对目前内部威胁人物检测准确率低及高维数据特征信息利用不全的问题,提出全特征信息均衡建模的内部威胁人物检测方法. 该方法对组织内部产生的多源数据进行特征提取和构建,通过对所有特征进行交叉分组,利用交叉分组后的特征进行孤立森林模型构建,提高模型构建过程中对数据特征信息利用的均衡性,利用生成的孤立森林模型进行内部威胁人物检测. 实验结果表明,该方法在CERT-IT(v4.2)内部威胁人物数据集上具有较高F1,且算法效率高,能够有效地用于内部威胁人物检测.%A method that used full-featured information equalization modeling for insider threat detection was proposed in view of the current problems of low accuracy of insider threat detection and incomplete utilization of high-dimensional data feature information. The features of the multi-source data generated within the organization were extracted and constructed. Then all the features were cross-grouped, and the cross-grouped features were used to construct the isolation forest model with improving the balance of the use of data feature information in the process of model building. The generated isolation forest model was used for insider threat detection. The experimental results show that the method has a higher F1 value on the CERT-IT (v4.2) insider threat figures data set, and the efficiency of the algorithm is high. The algorithm can be effectively used for insider threat detection.
展开▼
