| 319 | 1 | 101 |
| 下载次数 | 被引频次 | 阅读次数 |
随着能源大数据平台用户数量与类型的不断增多,其面临的内部安全威胁也愈加突出。用户异常行为检测是抵御内部安全威胁的一种有效手段。当前主流的检测方法没有考虑同一平台内不同类型用户的行为差异以及访问行为的长短周期特征,检测性能较低。为此,利用不同类别用户的行为特点,提出长短期孤立森林模型和多时间窗口并列门循环神经网络,分别构建用户长、短周期内的访问行为特征,最后融合两种模型的结果构建一个基于用户类别的异常行为检测框架。结合某省能源大数据平台系统对所提框架进行了验证,实验结果表明,所提框架能够有效刻画平台用户的访问规律,并具有较高的异常行为识别准确率与异常处理效率。
Abstract:With the increasing number and types of users, the energy big data platform is now facing prominent internal security threats. User abnormal behavior detection is an effective technique to resist such security threats. However, current mainstream detection approaches did not take behavior pattern of different types of users in the same platform and their long-term and short-term behavior characteristics into consideration, therefore leading to low user abnormal behavior detection performance. To solve these challenges, a method was proposed to extract the long-term and short-term behavior characteristics of different users in the energy big data platform. Specifically, the long short periods isolated forest model and the multiple time windows gate recurrent neural network were proposed to construct the long-term and short-term user behavior patterns respectively, and then the results of two models were effectively integrated for better detection ability. Moreover, an abnormal behavior detection framework was constructed with the consideration of different platform user types. Finally, the proposed framework was verified in a provincial energy big data platform, and the experimental results showed that our framework effectively characterized different user behavior patterns in this platform and achieved a high accuracy of abnormal user behavior detection as well as high processing efficiency.
[1] 王圆圆,白宏坤,李文峰,等.能源大数据应用中心功能体系及应用场景设计[J].智慧电力,2020,48(3):15-21,29.WANG Y Y,BAI H K,LI W F,et al.Function system and application scenario design of energy big data application center[J].Smart power,2020,48(3):15-21,29.
[2] 陈清清,苏盛,畅广辉,等.电力信息物理系统内部威胁研究综述[J].南方电网技术,2022,16(6):1-13.CHEN Q Q,SU S,CHANG G H,et al.Review on the research of insider threat of cyber physical power system[J].Southern power system technology,2022,16(6):1-13.
[3] 郭世泽,张磊,潘雨,等.内部威胁发现检测方法研究综述[J].数据采集与处理,2022,37(3):488-501.GUO S Z,ZHANG L,PAN Y,et al.Survey on insider threat detection method[J].Journal of data acquisition and processing,2022,37(3):488-501.
[4] 郭军利,许明洋,原浩宇,等.引入内生安全的零信任模型[J].郑州大学学报(理学版),2022,54(6):51-58.GUO J L,XU M Y,YUAN H Y,et al.Introduction of endogenous security of zero trust model[J].Journal of Zhengzhou university (natural science edition),2022,54(6):51-58.
[5] 李益发,孔雪曼,耿宇,等.零信任体系架构的可跨域连续身份认证[J/OL].郑州大学学报(理学版):1-7[2024-04-07].https://doi.org/10.13705/j.issn.1671-6841.2023035.LI Y F,KONG X M,GENG Y,et al.Cross-domain continuous identity authentication of zero trust architecture[J/OL].Journal of Zhengzhou university(natural science edition):1-7[2024-04-07].https://doi.org/10.13705/j.issn.1671-6841.2023035.
[6] NASIR R,AFZAL M,LATIF R,et al.Behavioral based insider threat detection using deep learning[J].IEEE access,2021,9:143266-143274.
[7] 周娅,李赛.基于分层欠采样和Bi-GRU的恶意行为检测模型[J].计算机工程与设计,2022,43(2):413-419.ZHOU Y,LI S.Toxic behavior detection based on hierarchical undersampling and Bi-GRU network[J].Computer engineering and design,2022,43(2):413-419.
[8] 周建国,戴华,杨庚,等.基于并列GRU分类模型的日志异常检测方法[J].南京理工大学学报,2022,46(2):198-204.ZHOU J G,DAI H,YANG G,et al.Log anomaly detection method based on parallel GRU classification model[J].Journal of Nanjing university of science and technology,2022,46(2):198-204.
[9] GUAN W L,ZHANG D L,YU H,et al.Customer load forecasting method based on the industry electricity consumption behavior portrait[J].Frontiers in energy research,2021,9:742993.
[10] LIANG J F,LI T C,FAN H,et al.Construction of operation portraits based on a cloud model for power distribution networks[J].Frontiers in energy research,2022,10:872028.
[11] CIU?KOWICZ M,MISIAK B,SZCZE■,et al.The portrait of cyberchondria-a cross-sectional online study on factors related to health anxiety and cyberchondria in Polish population during SARS-CoV-2 pandemic[J].International journal of environmental research and public health,2022,19(7):4347.
[12] MIAO R M,LI B Q.A user-portraits-based recommendation algorithm for traditional short video industry and security management of user privacy in social networks[J].Technological forecasting and social change,2022,185:122103.
[13] 郭渊博,刘春辉,孔菁,等.内部威胁检测中用户行为模式画像方法研究[J].通信学报,2018,39(12):141-150.GUO Y B,LIU C H,KONG J,et al.Study on user behavior profiling in insider threat detection[J].Journal on communications,2018,39(12):141-150.
[14] 钟雅,郭渊博,刘春辉,等.内部威胁检测中用户属性画像方法与应用[J].计算机科学,2020,47(3):292-297.ZHONG Y,GUO Y B,LIU C H,et al.User attributes profiling method and application in insider threat detection[J].Computer science,2020,47(3):292-297.
[15] 中国国家标准化管理委员会.信息安全技术网络安全等级保护基本要求:GB/T 22239-2019[S].北京:中国标准出版社,2019.National Standardization Administration Information security technology baseline for classified protection of cybersecurity:GB/T 22239-2019[S].Beijing:Standards Press of China,2019.
[16] 徐焱,贾晓璐.内网安全攻防:渗透测试实战指南[M].北京:电子工业出版社,2020:33-90.XU Y,JIA X L.Intranet security attack and defense:a practical guide to penetration testing[M].Beijing:Publishing House of Electronics Industry,2020:33-90.
[17] CHEN W X,HELU X H,JIN C J,et al.Advanced persistent threat organization identification based on software gene of malware[J].Transactions on emerging telecommunications technologies,2020,31(12):e3884.
[18] 杨晓晖,张圣昌.基于多粒度级联孤立森林算法的异常检测模型[J].通信学报,2019,40(8):133-142.YANG X H,ZHANG S C.Anomaly detection model based on multi-grained cascade isolation forest algorithm[J].Journal on communications,2019,40(8):133-142.
[19] 李新鹏,高欣,阎博,等.基于孤立森林算法的电力调度流数据异常检测方法[J].电网技术,2019,43(4):1447-1456.LI X P,GAO X,YAN B,et al.An approach of data anomaly detection in power dispatching streaming data based on isolation forest algorithm[J].Power system technology,2019,43(4):1447-1456.
[20] 姬莉霞,赵耀,马郑祎,等.基于iForest-BiLSTM-Attention的数据库负载预测方法[J].郑州大学学报(理学版),2022,54(6):66-73.JI L X,ZHAO Y,MA Z Y,et al.Database workload prediction method based on iForest-BiLSTM-Attention[J].Journal of Zhengzhou university (natural science edition),2022,54(6):66-73.
[21] AL-KAHTANI M S,MEHMOOD Z,SADAD T,et al.Intrusion detection in the Internet of Things using fusion of GRU-LSTM deep learning model[J].Intelligent automation & soft computing,2023,37(2):2279-2290.
基本信息:
DOI:10.13705/j.issn.1671-6841.2024077
中图分类号:TP393.08;TP311.13
引用信息:
[1]王世谦,白宏坤,贾一博,等.基于长短周期特征的用户异常行为检测[J].郑州大学学报(理学版),2025,57(06):65-73+82.DOI:10.13705/j.issn.1671-6841.2024077.
基金信息:
国网河南省电力公司2023年度科技项目(5217L022001A)