| Internal threats have always been the focus and difficulty of organizational security management.Because internal employees have internal activity rights,master the internal information of the organization,and understand the internal management mechanism of the organization,once the internal employees threaten the organization,the destructive power brought by them is often amazing.Therefore,reasonable storage of employee behavior data,and the use of effective methods to analyze the behavior data can provide managers with an effective internal threat monitoring and early warning program.However,the existing insider threat analysis has some problems,such as incomplete data characteristics,insufficient behavior predictability and low degree of visualization.The purpose of this paper is to establish a practical internal threat monitoring visualization system.The main work is as follows:(1)Design an insider threat data graph storage scheme.First,the CERT-IT(r6.2)insider threat dataset released by the CERT Insider Threat Center team of the Software Engineering Institute of Carnegie Mellon University in the United States is analyzed,and the insider threat data storage graph database scheme is given.Then,a seven-step approach is used to model the insider threat ontology.Finally,the insider threat knowledge graph based on Neo4 j is constructed by using the method of operating Cypher statements in python.(2)Establish an employee abnormal behavior detection model.First,according to the characteristics of each behavior,in order to obtain the optimal hyperparameters of the detection models for detecting five behaviors respectively,the sparrow algorithm is used to optimize the BP neural network,and the SSA-BP algorithm is established for the abnormal behavior detection model of employees.Then,four model performance evaluation indicators are given,and three popular algorithms,BP,PSO-BP,and RF,are selected for comparative experiments.The utility of abnormal employee behavior detection.Finally,combined with the designed abnormal behavior detection algorithm and data characteristics,the abnormal person detection strategy is given,and the feasibility of the proposed strategy in application is demonstrated through experiments.(3)Establish employee behavior prediction model.First,the data feature vectorization process is performed on each behavior sequence to generate a 34-dimensional behavior sequence to complete the preprocessing of the predicted data.Then,the sparrow algorithm is used to optimize the hyperparameters of the LSTM neural network,and the internal employee behavior prediction model SSA-LSTM algorithm is established.Finally,four popular algorithms,LSTM,PSO-LSTM,BP,and SSA-BP,are selected to conduct comparative experiments to prove the practicability and effectiveness of the designed SSA-BP algorithm for employee behavior prediction,and analyze the possible causes of errors in the use process..(4)Build an internal threat monitoring visualization system.First of all,it analyzes the actual needs in organizational management,and gives a design plan for the visualization system of insider threat monitoring.Then,based on the insider threat knowledge graph,the employee abnormal behavior detection model,and the employee behavior prediction model,the tkinter control in python is used to realize the various functional modules of the visualization system of the insider threat,the feasibility and effectiveness of the designed internal threat monitoring visualization system are demonstrated through example experiments. |
PDF Full Text Request