Abstract
An enterprise intranet has the characteristics of service determination, limited network components, descriptive and observable characteristics, and the state of network components and network interaction behaviors need to strictly comply with security policies. Therefore, a variety of descriptive certainty can be used to describe the subject, object, and action of the network access. According to this important feature, the anomaly analysis method is simplified, and the abnormal discovery of the intranet is transformed into the problem of network dynamic feature collection and deterministic feature characterization. Based on the network state and behavior collection and analysis network dynamic characteristics, combined with the deterministic feature priori knowledge of the network, an anomaly analysis model which is especially suitable for deterministic intranet is proposed. Based on the model design, a traffic-based anomaly analysis system is implemented. The system can effectively find a variety of high-risk anomalies in the intranet.
Highlights
There are a lot of strict enterprise intranets, the boundary protection and architecture of these networks are clear, the network and security infrastructure are clear, and the behaviors allowed by the equipment and users are determined
In an ideal case, when all components and users of the deterministic network strictly comply with the security policy, the interaction between the network components will show a variety of deterministic features, because the interactions allowed between the network components are determined
The first step of anomaly analysis is to analyze the relationship between components and components of the network, extract the deterministic features that satisfy the security policy, and convert these features into constraints
Summary
There are a lot of strict enterprise intranets, the boundary protection and architecture of these networks are clear, the network and security infrastructure are clear, and the behaviors allowed by the equipment and users are determined. We call this kind of network with multi deterministic characteristics as a deterministic network. The permissible interaction between deterministic network components are deterministic, the existing technology cannot completely limit the impermissible behavior It is an important requirement for the intranet information security management to effectively discover these non permissible behaviors. Based on the characteristics of deterministic networks, this paper simplifies the related anomaly analysis methods, an abnormity analysis model for enterprise intranets is proposed
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.