Research And Application On Behavior Monitoring Technology Of Intranet Security

Wide application of computer and network technology makes the society rapidly into a era of information,which gives users a lot of convenience,but also brings a variety of security issues.Intranet security has become a new hot spot in the field of information security.To a certain degree,Intranet security is data security,and electronic document is the most common manifestation of the data.At present,many enterprises adopt measures to protect internal documents being leaked,but often measures taken for internal employee behavior is weak.The internal staff is more familiar with its own corporate network infrastructure and more convenient to obtain internal documents than others,and it will probably become the most deadly security threats as the result of staff’s own attack,leak important information or collusion.Mainly behaviors on sensitive information of illegal insider are to tamper,copy,distribute,print,and delete them,causing leakage of electronic documents.So in order to intranet security,research on the behavior of users of the electronic document capture operation monitoring technology has become extremely urgent.Current research on local file security in this area is rare,even if some of the existing file monitoring systems,which are mainly to monitor the operation,don’t have effective control.In addition,there is a risk of a wide variety of network attacks,such as denial of service,network vulnerabilities and so on.The current number of commonly used passive defense method,data encryption,virtual subnet and firewall can’t guarantee safe for these attacks.But intrusion detection technology,which actively collects a variety of information,including user activity,network data,to make security analysis,is efficient to identify network attacks and make responds.Most of the existing intrusion detection systems divide data into normal and abnormal,which may lose important information,even there are some researches on multiclass,but the effect is less than ideal.In addition there are many redundant and noisy characteristics in network intrusion detection data set,which leads to a bad performance of the detection system.For the above problem,this paper mainly studies the following points:1)Study the API Hook,DLL injection and other technologies.For the electronic file,to use these technologies to monitor and control its conventional usage rights,including the contents of the file open,close,print,copy,paste and other operations,to achieve "prior control";2)Use the Hook technology to capture the action of printing file,and then take certain measures,such as to embedded watermark identifying the user’s identity.In order to once the printed pieces are lost,the technology can track print identity,achieving "after tracing";3)In order to detect attacks,the paper studies the intrusion detection,machine learning and support vector machine.For the effect of the study on multi-classification is poor and the problem of redundant data sets,an intrusion detection feature selection algorithm based on fisher value and multi-class support vector machines is proposed to achieve "detection protection".The simulation results show that this method has higher detection rate and lower test time,improving the performance of system.