{"title":"基于图形的内部威胁检测:一项调查","authors":"","doi":"10.1016/j.comnet.2024.110757","DOIUrl":null,"url":null,"abstract":"<div><p>Insider threat detection has been a significant topic in recent years. However, as network technology develops, the intranet becomes more complex. Therefore, simply matching attack patterns or using traditional machine learning methods (Logistic Regression, Gaussian-NB, Random Forest, etc.) does not work well. On the other hand, the graph structure can better adapt to intranet data, thus graph-based insider threat detection methods have become mainstream. In order to study the design and effectiveness of graph-based insider threat detection, in this paper, we conduct a systematic and comprehensive survey of existing related research. Specifically, we provide a framework and a taxonomy based on the detection process, classifying existing work from three aspects: data collection, graph construction, and graph anomaly detection. We conduct a quantitative analysis of existing representative graph methods and find that the models with more information have better performance. In particular, we discuss the scalability of existing methods to large-scale networks and their feasibility in real environments. Based on the survey results, we propose 7 pain points in this field and provide specific future research directions. Our survey will provide future researchers with a complete solution.</p></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":null,"pages":null},"PeriodicalIF":4.4000,"publicationDate":"2024-08-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Graph-based insider threat detection: A survey\",\"authors\":\"\",\"doi\":\"10.1016/j.comnet.2024.110757\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Insider threat detection has been a significant topic in recent years. However, as network technology develops, the intranet becomes more complex. Therefore, simply matching attack patterns or using traditional machine learning methods (Logistic Regression, Gaussian-NB, Random Forest, etc.) does not work well. On the other hand, the graph structure can better adapt to intranet data, thus graph-based insider threat detection methods have become mainstream. In order to study the design and effectiveness of graph-based insider threat detection, in this paper, we conduct a systematic and comprehensive survey of existing related research. Specifically, we provide a framework and a taxonomy based on the detection process, classifying existing work from three aspects: data collection, graph construction, and graph anomaly detection. We conduct a quantitative analysis of existing representative graph methods and find that the models with more information have better performance. In particular, we discuss the scalability of existing methods to large-scale networks and their feasibility in real environments. Based on the survey results, we propose 7 pain points in this field and provide specific future research directions. Our survey will provide future researchers with a complete solution.</p></div>\",\"PeriodicalId\":50637,\"journal\":{\"name\":\"Computer Networks\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":4.4000,\"publicationDate\":\"2024-08-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Networks\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1389128624005899\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128624005899","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
Insider threat detection has been a significant topic in recent years. However, as network technology develops, the intranet becomes more complex. Therefore, simply matching attack patterns or using traditional machine learning methods (Logistic Regression, Gaussian-NB, Random Forest, etc.) does not work well. On the other hand, the graph structure can better adapt to intranet data, thus graph-based insider threat detection methods have become mainstream. In order to study the design and effectiveness of graph-based insider threat detection, in this paper, we conduct a systematic and comprehensive survey of existing related research. Specifically, we provide a framework and a taxonomy based on the detection process, classifying existing work from three aspects: data collection, graph construction, and graph anomaly detection. We conduct a quantitative analysis of existing representative graph methods and find that the models with more information have better performance. In particular, we discuss the scalability of existing methods to large-scale networks and their feasibility in real environments. Based on the survey results, we propose 7 pain points in this field and provide specific future research directions. Our survey will provide future researchers with a complete solution.
期刊介绍:
Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.