COMPUTER SCIENCE
and ENGINEERING

In view of the increasing internal threat behavior of enterprise information system, especially the internal user data corruption. A real time detection framework based on agent is proposed, and malicious insider threats are identified by comparing user identity and abnormal operation behavior. The framework makes a data acquisition module, a detection module, audit module and response module. The function of the detection system is explained from 4 aspects of identity authentication, access control, and operational audit and vulnerability detection. This framework implements the user real name login, behavior detection and post audit, fundamentally prevent malicious insiders to obtain illegal data and provide response and intervention capabilities, enhance the security of an information system.

Insider threat, Abnormal behavior, Identity authentication, Detect