A Predictive Model Of Insider Threat Based On Bayesian Network

The development of high-tech makes the society informationalized.Currently, more and more organizations and institutions are keeping upwith the tend of the times to build internal network for the convenientcommunication. More and more network security incidents caused by the newunderstanding about the importance of internal network.At the same time,internal network information is developing rapidly. People thought thatsecurity defense tools for external network can repel internally initiatedattacks. However, the most heavy losses and the important damage are madeby insider threat from organizations. Experts in the field of networksecurity have begun to pay special attention to the security defense toolsabout internal network.Currently, the theory study on insider threat is still in the initialstage.The research results and products are fewer compared with theexternal network.The paper analyzes the characteristics of insider threatsbased on previous classic study to began to research the defense structuresystem for insider threats.This paper first define the meaning of insider threat.The paper notonly summarizes and analyzes the different characteristics of insiderthreat and outsider threat,but also lists the current results about insiderthreat.In the process of research, the applications of bayesian network inthe field of internal network security study are analyzed specially. Theinnovative point and the core of the study is that the paper put forwardthe predictive model of insider threat based on bayesian network. In themodel, with the internal actual operation of the activities of the processas the research object, network attack graphs as the structure of bayesiannetwork are established. There are two kinds of attack graph nodes:resources occupied by internal users and intrusion evidences made up by users’ operation sequences. The definitions of meta-operation, atomicattack and intrusion evidences are given In network attack graphs. Networkattack graphs also design node variables,its value and conditionalprobability distribution. The papers presents the improved likelihoodweighting algorithm to calculate bayesian network parameters. Thelikelihood weighting algorithm is one kind ofbayesina-network-approximate-reasoning. It is a flexible and scalabletechnique for system security management. According to the experimentalsimulation data, the advantage of this approach is proved to be effectiveand practical. As it turned out,the modeling speed is fast,the calculationis simple and the result is exact.