It is difficult to detect the resource misuses in information systems because they can be carried out in different manners and it is hard to collect the prior knowledge of the malicious insiders. In this paper, a hidden Markov model (HMM) based method is developed to detect the resource misuse. As to the HMM model, the file folders containing sensitive information are taken as the model states and the user operations as the model observation symbols and Baum-Welch algorithm is adopted to determine the model parameters. The behavior profile of a malicious insider is depicted by his HMM model and used to detect his malicious behaviors. The experiment results show the effectiveness and adaptability of our method.

• 出版日期2012
• 单位西安电子科技大学