信息系统内部威胁检测与感知方法
摘要
内部威胁给信息系统的安全性带来了极大的危害,是信息系统安全风险的主要来源之一。针对信息系统的内部威胁,本文综合利用层次分析法(AHP)、访问控制、人工智能、图论等理论,从资源访问和信息传递两个角度对内部威胁进行了深入研究。在资源访问的内部威胁研究中,我们建立了内部威胁的分层映射模型,研究了内部威胁的量化分析方法,引入人工智能中的云模型理论,设计了基于云模型的内部威胁感知方法对内部威胁进行实时感知;在信息传递的内部威胁研究中,我们建立了邻接信任评估模型,设计了相应的评估算法,对源自于内部节点的路由攻击行为进行预测和防御。
本文的主要研究工作和创新点如下:
1.分层的内部威胁检测与感知系统:对信息系统中存在的内部威胁风险进行了分类分析,提出了分层的内部威胁检测与感知系统,从检测和感知两个角度对内部威胁进行预测、分析和响应;
2.分层映射的内部威胁模型:对系统中的内部威胁进行分析,利用主体与客体间的访问控制关系和层次分析法建立了分层映射的内部威胁模型;分层映射的内部威胁模型能够实时有效评估系统中的内部威胁;
3.内部威胁云模型感知算法:在分层映射内部威胁模型的基础上,引入不确定性人工智能领域的云模型概念,建立了内部威胁特征云模型感知算法,从多角度度量运行状态下用户行为偏离正常态的程度,能够有效感知系统的内部威胁;
4.基于邻接信任的路由安全评估:提出融合邻接信息和信任信息的邻接信任概念,利用邻接信任有效抑制了中间节点在路由信息传递中的欺骗行为,并以此为基础建立了网络邻接信任评估模型,设计了贪婪评估算法对移动自组织网络中路径的安全程度进行量化分析。
Insider threats bring great harm to the security of information systems, which is one of the main sources of security risks. Uing technologies of AHP(analytic hierarchy process), access control, artificial intelligence, and graph theory, we study the detecting and sensing methods of insider threats in information systems from two aspects, i.e., the resource access and the information delivery. For insider threats in the resource access, we build a hierarchy-mapping based insider threats model, and then study the quantitative approach for insider threats. Cloud model, an artificial intelligence theory, is introduced for building cloud model based insider threat sensing method, which is used to sense insider threats in real time. For insider threats in the information delivery, an adjoining trust model is presented. Using the model, we design a greedy algorithm to predict and defend the routing attacks launched by insiders in mobile ad hoc network.
The main contributions of this dissertation are shown as follows:
(1) A hierarchical system for the detection and sense of insider threats: We classify and analyze insider threats in information systems, and present a hierarchical system for the detection and sense of insider threats. From the two perspectives, detection and sense, the insider threats are predicted, analyzed and responded.
(2) A hierarchy-mapping based insider threats model: The access control relationship between subjects and objects in the systems and the analytic hierarchy process are employed to build a hierarchy-mapping based insider threats model. The proposed model can be used to effectively evaluate insider threats in real time.
(3) An algorithm for sensing insider threats based on the cloud model: The cloud model theory, which originates from the artificial intelligence with uncertainty, is applied to design an algorithm for sensing insider threats based on the hierarchy-mapping model. The algorithm can be used to analyze the insider threats of the systems in various respects and make decision qualitatively and quantitatively.
(4) Adjoining trust based routing security evaluation: For routing attacks, the concept of the adjoining trust is proposed to inhibit deception from intermediate nodes during the transmission of routing information. According to this definition, an adjoining trust model is presented, and a greedy algorithm is designed to quantitatively analyze the security of routing and sense the attacks in mobile ad hoc network at the same time.
本文的主要研究工作和创新点如下:
1.分层的内部威胁检测与感知系统:对信息系统中存在的内部威胁风险进行了分类分析,提出了分层的内部威胁检测与感知系统,从检测和感知两个角度对内部威胁进行预测、分析和响应;
2.分层映射的内部威胁模型:对系统中的内部威胁进行分析,利用主体与客体间的访问控制关系和层次分析法建立了分层映射的内部威胁模型;分层映射的内部威胁模型能够实时有效评估系统中的内部威胁;
3.内部威胁云模型感知算法:在分层映射内部威胁模型的基础上,引入不确定性人工智能领域的云模型概念,建立了内部威胁特征云模型感知算法,从多角度度量运行状态下用户行为偏离正常态的程度,能够有效感知系统的内部威胁;
4.基于邻接信任的路由安全评估:提出融合邻接信息和信任信息的邻接信任概念,利用邻接信任有效抑制了中间节点在路由信息传递中的欺骗行为,并以此为基础建立了网络邻接信任评估模型,设计了贪婪评估算法对移动自组织网络中路径的安全程度进行量化分析。
Insider threats bring great harm to the security of information systems, which is one of the main sources of security risks. Uing technologies of AHP(analytic hierarchy process), access control, artificial intelligence, and graph theory, we study the detecting and sensing methods of insider threats in information systems from two aspects, i.e., the resource access and the information delivery. For insider threats in the resource access, we build a hierarchy-mapping based insider threats model, and then study the quantitative approach for insider threats. Cloud model, an artificial intelligence theory, is introduced for building cloud model based insider threat sensing method, which is used to sense insider threats in real time. For insider threats in the information delivery, an adjoining trust model is presented. Using the model, we design a greedy algorithm to predict and defend the routing attacks launched by insiders in mobile ad hoc network.
The main contributions of this dissertation are shown as follows:
(1) A hierarchical system for the detection and sense of insider threats: We classify and analyze insider threats in information systems, and present a hierarchical system for the detection and sense of insider threats. From the two perspectives, detection and sense, the insider threats are predicted, analyzed and responded.
(2) A hierarchy-mapping based insider threats model: The access control relationship between subjects and objects in the systems and the analytic hierarchy process are employed to build a hierarchy-mapping based insider threats model. The proposed model can be used to effectively evaluate insider threats in real time.
(3) An algorithm for sensing insider threats based on the cloud model: The cloud model theory, which originates from the artificial intelligence with uncertainty, is applied to design an algorithm for sensing insider threats based on the hierarchy-mapping model. The algorithm can be used to analyze the insider threats of the systems in various respects and make decision qualitatively and quantitatively.
(4) Adjoining trust based routing security evaluation: For routing attacks, the concept of the adjoining trust is proposed to inhibit deception from intermediate nodes during the transmission of routing information. According to this definition, an adjoining trust model is presented, and a greedy algorithm is designed to quantitatively analyze the security of routing and sense the attacks in mobile ad hoc network at the same time.
引文
[1] G. Fyffe. Addressing the insider threat. Network Security. 2008, 28(3). 11-14.
[2] Y. Yu,T.-c. Chiueh. Display-only file server: a solution against information theft due to insider attack. Proceedings of the 4th ACM workshop on Digital rights management. Washington DC, USA: ACM Press. 2004. 31-39.
[3] R. Chinchani,S. Upadhyaya,K. Kwiat. Towards the scalable implementation of a user level anomaly detection system. In : Proceedings of t he 2002 IEEE MILCOM Conference. Anaheim , CA: IEEE Computer Society. 2002. 7-10.
[4] P. G. Neumann. Risks of Insiders. Communications of the ACM. 1999, 42(12). 160-160.
[5] Computer Security Institute. CSI/FBI computer crime and security survey 2000. http://www.gocsi.com/.
[6] Computer Security Institute. CSI/FBI computer crime and security survey 2001. http://www.gocsi.com/.
[7] Computer Security Institute. CSI/FBI computer crime and security survey 2002. http://www.gocsi.com/.
[8] Computer Security Institute. CSI/FBI computer crime and security survey 2003. http://www.gocsi.com/.
[9] Computer Security Institute. CSI/FBI computer crime and security survey 2004. http://www.gocsi.com/.
[10] Computer Security Institute. CSI/FBI computer crime and security survey 2005. http://www.gocsi.com/.
[11] Computer Security Institute. CSI/FBI computer crime and security survey 2006. http://www.gocsi.com/.
[12] Computer Security Institute. CSI/FBI computer crime and security survey 2007. http://www.gocsi.com/.
[13] Computer Security Institute. CSI/FBI computer crime and security survey 2008. http://www.gocsi.com/.
[14] M. Kemp. Barbarians inside the gates: addressing internal security threats. Network Security. 2005, 25(6). 11-13.
[15] E. E. Schultz. A framework for understanding and predicting insider attacks. Computers & Security. 2002, 21(6). 526-531.
[16] E. Cole,S. Ring. Insider Threat: Protecting the Enterprise from Sabotage,Spying, and Theft. Syngress, 2005.
[17] C. P. Pfleeger. Reflections on the Insider Threat. Insider Attack and Cyber Security: Springer. 2008. 5-16.
[18] B. McKenna. Danger of the insider threat. Infosecurity. 2007, 4(2). 5-5.
[19] L. Mitrou,M. Karyda. Employees' privacy vs. employers' security: Can they be balanced? Telematics and Informatics. 2006, 23(3). 164-178.
[20] R. K. Rainer,P. A. Snyder,P. H. Carr. Risk analysis for information technology. Journal of Management Information Systems. 1991, 8(1). 129-148.
[21] R. McNamara. Networks -- Where does the real threat lie? Information Security Technical Report. 1998, 3(4). 65-74.
[22] M. Theoharidou,S. Kokolakis,M. Karyda等. . The insider threat to information systems and the effectiveness of ISO17799. Computers & Security. 2005, 24(6). 472-484.
[23] Steven. Malicious or misinformed? Exploring a contributor to the insider threat. Computer Fraud & Security. 2006, 26(9). 8-12.
[24] Marianthi,Spyros,Maria等. . The insider threat to information systems and the effectiveness of ISO17799. Computers & Security. 2005, 24(6). 472-484.
[25] D. Cappelli. Preventing Insider Sabotage:Lessons Learned From Actual Attacks. 2005. http ://www.cert.org/archive/pdf/InsiderThreatSystemDynamics.pdf.
[26] R. H. Anderson,T. Bozek,T. Longstaff等. . Research on Mitigating the Insider Threat to Information Systems. 2000. http://www.rand.org/pubs/conf_proceedings/CF163/.
[27] D. Denning. An intrusion-detection model. IEEE Transactions on Software Engineering. 1987, 13(2). 222-232.
[28] J. P. Anderson,F. Washington. Computer security threat monitoring and surveillance. Pennsylvania1980.
[29] P. G. Neumann. The Challenges of Insider Misuse. In Proceedings of the Workshop on Preventing, Detecting and Responding to Malicious Insider Misuse. Location. 1999.
[30] T. Tuglular. A preliminary structural approach to insider computer misuse incidents. EICAR 2000 Best Paper Proceedings. Brussels, Belgium. 2000.
[31] F. Cohen. Information system attacks: A preliminary classification scheme. Computers & Security. 1997, 16(1). 29-46.
[32] G. B. Magklaras,S. M. Furnell. Insider Threat Prediction Tool: Evaluating theprobability of IT misuse. Computers & Security. 21(1). 62-73.
[33] B. J. Wood. An insider threat model for adversary simulation. The Proceedings of a workshop with Title "Research on Mitigating the Insider Threat to Information Systems". Arlington VA: RAND. 2000.
[34] D. B. Parker. Fighting Computer Crime: A New Framework for Protecting Information. John Wiley & Sons, 1998.
[35] J. S. Park,S. M. Ho. Composite Role-Based Monitoring (CRBM) for Countering Insider Threats. Intelligence and Security Informatics. 2004. 201-213.
[36] I. Ray,N. Poolsapassit. Using Attack Trees to Identify Malicious Attacks from Authorized Insiders. Computer Security– ESORICS 2005. 2005. 231-246.
[37] S. Frank. Can S.K.R.A.M. Support Quantified Risk Analysis of Computer Related Crime? 2003. http://www.sparsa.org/drupal/res/research/QTAssess.pdf.
[38] F. Terrance,R. Ingoldshy. Understanding Risk Through Attack Tree Analysis. CSI Computer Security Journal. 2004, 5(2). 33-59.
[39] S. Upadhyaya,R. Chinchani,K. Kwiat. An analytical framework for reasoning about intrusions. In : Proceedings of the 2001 IEEE Symposium on Reliable Dist ributed Systems. New Orleans , LA: IEEE Computer Society. 2001. 99-108.
[40]赵战生,左晓栋.“攘外”勿忘“安内”——谈insider威胁研究(上).网络安全技术与应用. 2001, 1(9). 10-15.
[41]赵战生,左晓栋.“攘外”勿忘“安内”——谈insider威胁研究(下).网络安全技术与应用. 2001, 1(10). 10-15.
[42]刘燕岭.内部攻击已成网络安全的最大隐患.信息安全与通信保密. 2008, 6(12). 30-30.
[43]兰昆.网络信息系统的内部威胁模型研究.计算机工程与应. 2004, 39(11). 129-131.
[44]王辉,刘淑芬.一种可扩展的内部威胁预测模型.计算机学报. 2006, 29(8). 1346-1355.
[45]陈亚辉.一种层次化的内部威胁态势评估模型.企业技术开发. 2008, 27(4). 3-5.
[46]陈秀真,郑庆华,管晓宏等. .层次化网络安全威胁态势量化评估方法.软件学报. 2006, 17(4). 885-897.
[47]崔鹏.基于用户操作树的内部威胁检测模型.河北省科学院学报. 2008, 25(1). 10-14.
[48] D. Denning. An intrusion-detection model. IEEE Trans. on Software Engineering. 1987, 13(2). 222?232.
[49]郭岩,白硕,杨志峰等. .网络日志规模分析和用户兴趣挖掘.计算机学报. 2005, 28(9). 1484-1496.
[50]宋擒豹,沈钧毅. Web日志的高效多能挖掘算法.计算机研究与发展. 2001, 38(3). 328-333.
[51]陈铁明,蔡家楣,蒋融融等. .基于插件的安全漏洞扫描系统设计.计算机工程与设计. 2004, 25(2). 194-196.
[52]闫强,陈钟,段云所等. .信息系统安全度量与评估模型.电子学报. 2003, 31(9). 1351-1355.
[53]赵冬梅,马建峰,王跃生.信息系统的模糊风险评估模型.通信学报. 2007, 28(4). 51-56.
[54] T. L. Saaty. The Analytic Hierarchy Process: Planning, Priority Setting, Resource Allocation. Texas: Mcgraw-Hill, 1988.
[55] T. L. Saaty. How to make a decision:The analytic hierarchy process. European Journal of Operational Research. 1990, 489-26.
[56] T. L. Saaty. Fundamentals of Decision Making and Priority Theory With the Analytic Hierarchy Process. RWS Publications, 2000.
[57]王莲芬,许树柏.层次分析法引论.北京:中国人民大学出版社, 1990.
[58]马建峰,郭渊博.计算机系统安全.西安:西安电子科技大学出版社, 2007.
[59] E. Bertino,C. Bettini,E. Ferrari等. . A temporal access control mechanism for database systems. IEEE Transactions on Knowledge and Data Engineering. 1996, 8(1). 67-80.
[60] T. Thomas. A mandatory access control mechanism for the Unix file system. 4th Aerospace Computer Security Applications Conference, . Location: IEEE Computer Society Press. 1988. 173-177.
[61] L. Sung-Min,S. Sang-bum,J. Bokdeuk等. . A Multi-Layer Mandatory Access Control Mechanism for Mobile Devices Based on Virtualization. Consumer Communications and Networking Conference, 2008. CCNC 2008. 5th IEEE. Washington, DC, USA: IEEE Computer Society. 2008. 251-256.
[62] R. Sandhu,E. Coyne,H. Feinstein. Role-based access control models. IEEE Computer. 1996, 29(2). 38-47.
[63]李凤华,王.巍,马建峰等. .基于行为的访问控制模型及其行为管理.电子学报. 2008, 36(10). 1881-1890.
[64] R. Sandhu,V. Bhamidipati,Q. Munawer. The ARBAC97 model for role-basedadministration of roles. ACM Transactions on Information and System Security. 1997, 2(1). 105-135.
[65] J. C. Birget,X. Zou,G. Noubir等. . Hierarchy-based access control in distributed environments. 2001 IEEE International Conference on Communications. Helsinki IEEE Computer Society. 2001. 229-233.
[66]王慧强,赖积保,朱亮等. .网络态势感知系统研究综述.计算机科学. 2006, 33(10). 5-10.
[67] T. Bass. Intrusion Detection Systems and Multi-sensor Data Fusion : Creating Cyberspace Situational Awareness. Communications of the ACM. 2000, 43 (4). 99-105.
[68]王慧强,赖积保,胡明明等. .网络安全态势感知关键实现技术研究.武汉大学学报·信息科学版. 2008, 33(10). 995-998.
[69]李德毅,杜鹢.不确定性人工智能.国防工业出版社, 2005.
[70]杨朝晖,李德毅.二维云模型及其在预测中的应用.计算机学报. 1998, (11).
[71]张光卫,李德毅,李鹏等. .基于云模型的协同过滤推荐算法.软件学报. 2007, 18(10). 2403-2411.
[72] S. Staniford,J. A. Hoagland,J. M. McAlerney. Practical automated detection of stealthy portscans. J. Comput. Secur. 2002, 10(1-2). 105-136.
[73] IETF. Mobile Ad Hoc networks charter [ EB/ OL ]. http:///www.ietf.org/html.charters/manet-charter.html ,2002-09-16.
[74] L. Zhaoyu,A. W. Joy,R. A. Thompson. A dynamic trust model for mobile ad hoc networks. In Proceedings of the 10th IEEE International Workshop on Future Trends of Distributed Computing Systems. Suzhou, China: IEEE Computer Society. 2004. 80-85.
[75] M. Blaze,J. Feigenbaum,J. Lacy. Decentralized trust management. In Proceedings of IEEE Conference on Security and Privacy. Oakland, CA: IEEE Computer Society. 1996. 164--173.
[76] S. Marti,T. J. Giuli,K. Lai等. . Mitigating routing misbehavior in mobile ad hoc networks. Proceedings of the 6th annual international conference on Mobile computing and networking. Boston, Massachusetts, United States: ACM Press. 2000. 255-265.
[77]王建新,张亚男,卢锡城.移动自组网中基于路由信息的攻击对网络性能的影响分析.小型微型计算机系统. 2005, 26(7). 1134-1139.
[78] Y. C. Hu,A. Perrig,D. B. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks. INFOCOM 2003. Twenty-Second Annual JointConference of the IEEE Computer and Communications Location: IEEE Societies. 2003. 1976- 1986.
[79] Y.-C. Hu,A. Perrig,D. B. Johnson. Rushing attacks and defense in wireless ad hoc network routing protocols. Proceedings of the 2nd ACM workshop on Wireless security. San Diego, CA, USA: ACM Press. 2003. 30-40.
[80] H. Yih-chun,A. Perrig. A survey of secure wireless ad hoc routing. IEEE Journal on Security & Privacy Magazine. 2004, 2(3). 28-39.
[81] A. Rawat,P. D. Vyavahare,A. K. Ramani. Evaluation of rushing attack on secured message transmission (SMT/SRP) protocol for mobile ad-hoc networks. Personal Wireless Communications, 2005. ICPWC 2005. 2005 IEEE International Conference on. Location: IEEE Computer Society. 2005. 62-66.
[82] L. Tamilselvan,V. Sankaranarayanan. Solution to Prevent Rushing Attack in Wireless Mobile Ad hoc Networks. Ad Hoc and Ubiquitous Computing, 2006. ISAUHC '06. International Symposium on. Location. 2006. 42-47.
[83] N. Hoang Lan,N. Uyen Trang. Study of Different Types of Attacks on Multicast in Mobile Ad Hoc Networks. Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies, 2006. ICN/ICONS/MCL 2006. International Conference on. Location. 2006. 149-149.
[84] Y.-a. Huang,W. Lee. A cooperative intrusion detection system for ad hoc networks. Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks. Fairfax, Virginia: ACM Press. 2003. 135-147.
[85] D. Sterne,P. Balasubramanyam,D. Carman等. . A general cooperative intrusion detection architecture for MANETs. Third IEEE International Workshop on Information Assurance. Location: IEEE Computer Society. 2005. 57-70.
[86] C. Perkins,E. M. Belding-Royer. "Ad hoc ondemand Distance Vector (AODV) Routing. RFC3561 , 1999."
[87] K. Sanzgiri,B. Dahill,B. N. Levine等. . A secure routing protocol for ad hoc networks. Network Protocols, 2002. Proceedings. 10th IEEE International Conference on. Location: IEEE Computer Society. 2002. 78-87.
[88] M. G. Zapata,N. Asokan. Securing ad hoc routing protocols. Proceedings of the 1st ACM workshop on Wireless security. Atlanta, GA, USA: ACM Press. 2002. 1-10.
[89] D. B. Johnson,D. A. Maltz. Dynamic source routing in Ad Hoc wireless networks. Mobile Computing.Norwell , MA , USA: Kluwer AcademicPublishers. 1996.
[90] Y.-C. Hu,A. Perrig,D. B. Johnson. Ariadne: a secure on-demand routing protocol for ad hoc networks. Wirel. Netw. 2005, 11(1-2). 21-38.
[91] P. G. Argyroudis,D. O'Mahony. Secure routing for mobile ad hoc networks. Communications Surveys & Tutorials, IEEE. 2005, 7(3). 2-21.
[92]洪亮,洪帆,彭冰等. .一种基于邻居信任评估的虫洞防御机制.计算机科学. 2006, 33(8). 130-133.
[93]王小英,赵海,林涛等. .基于信任的普适计算服务选择模型.通讯学报. 2005, 26(5). 1-8.
[94]洪亮,洪帆,张明猛等. .移动Ad hoc网络中一种信任评估模型.计算机科学. 2006, 33(07). 31-33.
[95] S. Buchegger,J. Y. Le Boudec. Nodes bearing grudges: towards routing security, fairness, and robustness in mobile ad hoc networks. Parallel, Distributed and Network-based Processing, 2002. Proceedings. 10th Euromicro Workshop on. Gran Canaria. 2002. 403-410.
[96] P. Michiardi,R. Molva. Core : A COllaborative REputation mechanism to Enforce Node Cooperation in Mobile Ad Hoc Networks. In : Proc. of 2002 IFIP Communication and Multimedia Security Conference. Portoroz , Slovenia: Kluwer Academic Publishers. 2002. 107-121.
[97] A. A. Pirzada,A. Datta,C. McDonald. Trust-based routing for adhoc wireless networks. In :Proc. of 2004 12t h IEEE International Conference on Networks ( ICON 2004). Singapore: IEEE Computer Society. 2004. 326-330.
[98]宫秀军,刘少辉,史忠植.一种增量贝叶斯分类模型.计算机学报. 2002, 25(6). 645-650.
[99]冯建新,唐加福,王光兴.移动Ad hoc网络中的一种信任评估模型.东北大学学报(自然科学版). . 2007, 28(03). 341-344.
[100]傅采慧,刘嘉勇,李莺.网络安全信任模型的研究.四川理工学院学报(自然科学版). 2006, 19(6). 36-39.
[101] N. Borselius. Mobile agent security. Electronics & Communication Engineering Journal. 2002, 14(5). 211-218.
[102]刘建勋,李仁发,张申生.移动Agent的安全性问题探讨.小型微型计算机系统. 2000, 21(12). 1316-1319.
[103]柳春华,蒋天发.基于移动Agent的分布式入侵检测系统的开发研究.武汉大学学报(工学版). 2006, 39(2). 52-54.
[104]姜学明,冯志勇,周玉清.如何防止移动代理和代理平台之间的相互攻击.计算机工程与设计. 2004, 25(1). 78-80.
[105]宋卫卫,叶震,岳磊.动态信任模型及其在移动代理环境中的应用.合肥工业大学学报(自然科学版). 2009, 32(1). 73-77.
[106] A. Iyer,H. Q. Ngo. Towards a theory of insider threat assessment. In Proceedings of the 2005 International Conference on Dependable Systems and Networks. Yokohama, Japan: IEEE Computer Society. 2005. 108-117.
[2] Y. Yu,T.-c. Chiueh. Display-only file server: a solution against information theft due to insider attack. Proceedings of the 4th ACM workshop on Digital rights management. Washington DC, USA: ACM Press. 2004. 31-39.
[3] R. Chinchani,S. Upadhyaya,K. Kwiat. Towards the scalable implementation of a user level anomaly detection system. In : Proceedings of t he 2002 IEEE MILCOM Conference. Anaheim , CA: IEEE Computer Society. 2002. 7-10.
[4] P. G. Neumann. Risks of Insiders. Communications of the ACM. 1999, 42(12). 160-160.
[5] Computer Security Institute. CSI/FBI computer crime and security survey 2000. http://www.gocsi.com/.
[6] Computer Security Institute. CSI/FBI computer crime and security survey 2001. http://www.gocsi.com/.
[7] Computer Security Institute. CSI/FBI computer crime and security survey 2002. http://www.gocsi.com/.
[8] Computer Security Institute. CSI/FBI computer crime and security survey 2003. http://www.gocsi.com/.
[9] Computer Security Institute. CSI/FBI computer crime and security survey 2004. http://www.gocsi.com/.
[10] Computer Security Institute. CSI/FBI computer crime and security survey 2005. http://www.gocsi.com/.
[11] Computer Security Institute. CSI/FBI computer crime and security survey 2006. http://www.gocsi.com/.
[12] Computer Security Institute. CSI/FBI computer crime and security survey 2007. http://www.gocsi.com/.
[13] Computer Security Institute. CSI/FBI computer crime and security survey 2008. http://www.gocsi.com/.
[14] M. Kemp. Barbarians inside the gates: addressing internal security threats. Network Security. 2005, 25(6). 11-13.
[15] E. E. Schultz. A framework for understanding and predicting insider attacks. Computers & Security. 2002, 21(6). 526-531.
[16] E. Cole,S. Ring. Insider Threat: Protecting the Enterprise from Sabotage,Spying, and Theft. Syngress, 2005.
[17] C. P. Pfleeger. Reflections on the Insider Threat. Insider Attack and Cyber Security: Springer. 2008. 5-16.
[18] B. McKenna. Danger of the insider threat. Infosecurity. 2007, 4(2). 5-5.
[19] L. Mitrou,M. Karyda. Employees' privacy vs. employers' security: Can they be balanced? Telematics and Informatics. 2006, 23(3). 164-178.
[20] R. K. Rainer,P. A. Snyder,P. H. Carr. Risk analysis for information technology. Journal of Management Information Systems. 1991, 8(1). 129-148.
[21] R. McNamara. Networks -- Where does the real threat lie? Information Security Technical Report. 1998, 3(4). 65-74.
[22] M. Theoharidou,S. Kokolakis,M. Karyda等. . The insider threat to information systems and the effectiveness of ISO17799. Computers & Security. 2005, 24(6). 472-484.
[23] Steven. Malicious or misinformed? Exploring a contributor to the insider threat. Computer Fraud & Security. 2006, 26(9). 8-12.
[24] Marianthi,Spyros,Maria等. . The insider threat to information systems and the effectiveness of ISO17799. Computers & Security. 2005, 24(6). 472-484.
[25] D. Cappelli. Preventing Insider Sabotage:Lessons Learned From Actual Attacks. 2005. http ://www.cert.org/archive/pdf/InsiderThreatSystemDynamics.pdf.
[26] R. H. Anderson,T. Bozek,T. Longstaff等. . Research on Mitigating the Insider Threat to Information Systems. 2000. http://www.rand.org/pubs/conf_proceedings/CF163/.
[27] D. Denning. An intrusion-detection model. IEEE Transactions on Software Engineering. 1987, 13(2). 222-232.
[28] J. P. Anderson,F. Washington. Computer security threat monitoring and surveillance. Pennsylvania1980.
[29] P. G. Neumann. The Challenges of Insider Misuse. In Proceedings of the Workshop on Preventing, Detecting and Responding to Malicious Insider Misuse. Location. 1999.
[30] T. Tuglular. A preliminary structural approach to insider computer misuse incidents. EICAR 2000 Best Paper Proceedings. Brussels, Belgium. 2000.
[31] F. Cohen. Information system attacks: A preliminary classification scheme. Computers & Security. 1997, 16(1). 29-46.
[32] G. B. Magklaras,S. M. Furnell. Insider Threat Prediction Tool: Evaluating theprobability of IT misuse. Computers & Security. 21(1). 62-73.
[33] B. J. Wood. An insider threat model for adversary simulation. The Proceedings of a workshop with Title "Research on Mitigating the Insider Threat to Information Systems". Arlington VA: RAND. 2000.
[34] D. B. Parker. Fighting Computer Crime: A New Framework for Protecting Information. John Wiley & Sons, 1998.
[35] J. S. Park,S. M. Ho. Composite Role-Based Monitoring (CRBM) for Countering Insider Threats. Intelligence and Security Informatics. 2004. 201-213.
[36] I. Ray,N. Poolsapassit. Using Attack Trees to Identify Malicious Attacks from Authorized Insiders. Computer Security– ESORICS 2005. 2005. 231-246.
[37] S. Frank. Can S.K.R.A.M. Support Quantified Risk Analysis of Computer Related Crime? 2003. http://www.sparsa.org/drupal/res/research/QTAssess.pdf.
[38] F. Terrance,R. Ingoldshy. Understanding Risk Through Attack Tree Analysis. CSI Computer Security Journal. 2004, 5(2). 33-59.
[39] S. Upadhyaya,R. Chinchani,K. Kwiat. An analytical framework for reasoning about intrusions. In : Proceedings of the 2001 IEEE Symposium on Reliable Dist ributed Systems. New Orleans , LA: IEEE Computer Society. 2001. 99-108.
[40]赵战生,左晓栋.“攘外”勿忘“安内”——谈insider威胁研究(上).网络安全技术与应用. 2001, 1(9). 10-15.
[41]赵战生,左晓栋.“攘外”勿忘“安内”——谈insider威胁研究(下).网络安全技术与应用. 2001, 1(10). 10-15.
[42]刘燕岭.内部攻击已成网络安全的最大隐患.信息安全与通信保密. 2008, 6(12). 30-30.
[43]兰昆.网络信息系统的内部威胁模型研究.计算机工程与应. 2004, 39(11). 129-131.
[44]王辉,刘淑芬.一种可扩展的内部威胁预测模型.计算机学报. 2006, 29(8). 1346-1355.
[45]陈亚辉.一种层次化的内部威胁态势评估模型.企业技术开发. 2008, 27(4). 3-5.
[46]陈秀真,郑庆华,管晓宏等. .层次化网络安全威胁态势量化评估方法.软件学报. 2006, 17(4). 885-897.
[47]崔鹏.基于用户操作树的内部威胁检测模型.河北省科学院学报. 2008, 25(1). 10-14.
[48] D. Denning. An intrusion-detection model. IEEE Trans. on Software Engineering. 1987, 13(2). 222?232.
[49]郭岩,白硕,杨志峰等. .网络日志规模分析和用户兴趣挖掘.计算机学报. 2005, 28(9). 1484-1496.
[50]宋擒豹,沈钧毅. Web日志的高效多能挖掘算法.计算机研究与发展. 2001, 38(3). 328-333.
[51]陈铁明,蔡家楣,蒋融融等. .基于插件的安全漏洞扫描系统设计.计算机工程与设计. 2004, 25(2). 194-196.
[52]闫强,陈钟,段云所等. .信息系统安全度量与评估模型.电子学报. 2003, 31(9). 1351-1355.
[53]赵冬梅,马建峰,王跃生.信息系统的模糊风险评估模型.通信学报. 2007, 28(4). 51-56.
[54] T. L. Saaty. The Analytic Hierarchy Process: Planning, Priority Setting, Resource Allocation. Texas: Mcgraw-Hill, 1988.
[55] T. L. Saaty. How to make a decision:The analytic hierarchy process. European Journal of Operational Research. 1990, 489-26.
[56] T. L. Saaty. Fundamentals of Decision Making and Priority Theory With the Analytic Hierarchy Process. RWS Publications, 2000.
[57]王莲芬,许树柏.层次分析法引论.北京:中国人民大学出版社, 1990.
[58]马建峰,郭渊博.计算机系统安全.西安:西安电子科技大学出版社, 2007.
[59] E. Bertino,C. Bettini,E. Ferrari等. . A temporal access control mechanism for database systems. IEEE Transactions on Knowledge and Data Engineering. 1996, 8(1). 67-80.
[60] T. Thomas. A mandatory access control mechanism for the Unix file system. 4th Aerospace Computer Security Applications Conference, . Location: IEEE Computer Society Press. 1988. 173-177.
[61] L. Sung-Min,S. Sang-bum,J. Bokdeuk等. . A Multi-Layer Mandatory Access Control Mechanism for Mobile Devices Based on Virtualization. Consumer Communications and Networking Conference, 2008. CCNC 2008. 5th IEEE. Washington, DC, USA: IEEE Computer Society. 2008. 251-256.
[62] R. Sandhu,E. Coyne,H. Feinstein. Role-based access control models. IEEE Computer. 1996, 29(2). 38-47.
[63]李凤华,王.巍,马建峰等. .基于行为的访问控制模型及其行为管理.电子学报. 2008, 36(10). 1881-1890.
[64] R. Sandhu,V. Bhamidipati,Q. Munawer. The ARBAC97 model for role-basedadministration of roles. ACM Transactions on Information and System Security. 1997, 2(1). 105-135.
[65] J. C. Birget,X. Zou,G. Noubir等. . Hierarchy-based access control in distributed environments. 2001 IEEE International Conference on Communications. Helsinki IEEE Computer Society. 2001. 229-233.
[66]王慧强,赖积保,朱亮等. .网络态势感知系统研究综述.计算机科学. 2006, 33(10). 5-10.
[67] T. Bass. Intrusion Detection Systems and Multi-sensor Data Fusion : Creating Cyberspace Situational Awareness. Communications of the ACM. 2000, 43 (4). 99-105.
[68]王慧强,赖积保,胡明明等. .网络安全态势感知关键实现技术研究.武汉大学学报·信息科学版. 2008, 33(10). 995-998.
[69]李德毅,杜鹢.不确定性人工智能.国防工业出版社, 2005.
[70]杨朝晖,李德毅.二维云模型及其在预测中的应用.计算机学报. 1998, (11).
[71]张光卫,李德毅,李鹏等. .基于云模型的协同过滤推荐算法.软件学报. 2007, 18(10). 2403-2411.
[72] S. Staniford,J. A. Hoagland,J. M. McAlerney. Practical automated detection of stealthy portscans. J. Comput. Secur. 2002, 10(1-2). 105-136.
[73] IETF. Mobile Ad Hoc networks charter [ EB/ OL ]. http:///www.ietf.org/html.charters/manet-charter.html ,2002-09-16.
[74] L. Zhaoyu,A. W. Joy,R. A. Thompson. A dynamic trust model for mobile ad hoc networks. In Proceedings of the 10th IEEE International Workshop on Future Trends of Distributed Computing Systems. Suzhou, China: IEEE Computer Society. 2004. 80-85.
[75] M. Blaze,J. Feigenbaum,J. Lacy. Decentralized trust management. In Proceedings of IEEE Conference on Security and Privacy. Oakland, CA: IEEE Computer Society. 1996. 164--173.
[76] S. Marti,T. J. Giuli,K. Lai等. . Mitigating routing misbehavior in mobile ad hoc networks. Proceedings of the 6th annual international conference on Mobile computing and networking. Boston, Massachusetts, United States: ACM Press. 2000. 255-265.
[77]王建新,张亚男,卢锡城.移动自组网中基于路由信息的攻击对网络性能的影响分析.小型微型计算机系统. 2005, 26(7). 1134-1139.
[78] Y. C. Hu,A. Perrig,D. B. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks. INFOCOM 2003. Twenty-Second Annual JointConference of the IEEE Computer and Communications Location: IEEE Societies. 2003. 1976- 1986.
[79] Y.-C. Hu,A. Perrig,D. B. Johnson. Rushing attacks and defense in wireless ad hoc network routing protocols. Proceedings of the 2nd ACM workshop on Wireless security. San Diego, CA, USA: ACM Press. 2003. 30-40.
[80] H. Yih-chun,A. Perrig. A survey of secure wireless ad hoc routing. IEEE Journal on Security & Privacy Magazine. 2004, 2(3). 28-39.
[81] A. Rawat,P. D. Vyavahare,A. K. Ramani. Evaluation of rushing attack on secured message transmission (SMT/SRP) protocol for mobile ad-hoc networks. Personal Wireless Communications, 2005. ICPWC 2005. 2005 IEEE International Conference on. Location: IEEE Computer Society. 2005. 62-66.
[82] L. Tamilselvan,V. Sankaranarayanan. Solution to Prevent Rushing Attack in Wireless Mobile Ad hoc Networks. Ad Hoc and Ubiquitous Computing, 2006. ISAUHC '06. International Symposium on. Location. 2006. 42-47.
[83] N. Hoang Lan,N. Uyen Trang. Study of Different Types of Attacks on Multicast in Mobile Ad Hoc Networks. Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies, 2006. ICN/ICONS/MCL 2006. International Conference on. Location. 2006. 149-149.
[84] Y.-a. Huang,W. Lee. A cooperative intrusion detection system for ad hoc networks. Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks. Fairfax, Virginia: ACM Press. 2003. 135-147.
[85] D. Sterne,P. Balasubramanyam,D. Carman等. . A general cooperative intrusion detection architecture for MANETs. Third IEEE International Workshop on Information Assurance. Location: IEEE Computer Society. 2005. 57-70.
[86] C. Perkins,E. M. Belding-Royer. "Ad hoc ondemand Distance Vector (AODV) Routing. RFC3561 , 1999."
[87] K. Sanzgiri,B. Dahill,B. N. Levine等. . A secure routing protocol for ad hoc networks. Network Protocols, 2002. Proceedings. 10th IEEE International Conference on. Location: IEEE Computer Society. 2002. 78-87.
[88] M. G. Zapata,N. Asokan. Securing ad hoc routing protocols. Proceedings of the 1st ACM workshop on Wireless security. Atlanta, GA, USA: ACM Press. 2002. 1-10.
[89] D. B. Johnson,D. A. Maltz. Dynamic source routing in Ad Hoc wireless networks. Mobile Computing.Norwell , MA , USA: Kluwer AcademicPublishers. 1996.
[90] Y.-C. Hu,A. Perrig,D. B. Johnson. Ariadne: a secure on-demand routing protocol for ad hoc networks. Wirel. Netw. 2005, 11(1-2). 21-38.
[91] P. G. Argyroudis,D. O'Mahony. Secure routing for mobile ad hoc networks. Communications Surveys & Tutorials, IEEE. 2005, 7(3). 2-21.
[92]洪亮,洪帆,彭冰等. .一种基于邻居信任评估的虫洞防御机制.计算机科学. 2006, 33(8). 130-133.
[93]王小英,赵海,林涛等. .基于信任的普适计算服务选择模型.通讯学报. 2005, 26(5). 1-8.
[94]洪亮,洪帆,张明猛等. .移动Ad hoc网络中一种信任评估模型.计算机科学. 2006, 33(07). 31-33.
[95] S. Buchegger,J. Y. Le Boudec. Nodes bearing grudges: towards routing security, fairness, and robustness in mobile ad hoc networks. Parallel, Distributed and Network-based Processing, 2002. Proceedings. 10th Euromicro Workshop on. Gran Canaria. 2002. 403-410.
[96] P. Michiardi,R. Molva. Core : A COllaborative REputation mechanism to Enforce Node Cooperation in Mobile Ad Hoc Networks. In : Proc. of 2002 IFIP Communication and Multimedia Security Conference. Portoroz , Slovenia: Kluwer Academic Publishers. 2002. 107-121.
[97] A. A. Pirzada,A. Datta,C. McDonald. Trust-based routing for adhoc wireless networks. In :Proc. of 2004 12t h IEEE International Conference on Networks ( ICON 2004). Singapore: IEEE Computer Society. 2004. 326-330.
[98]宫秀军,刘少辉,史忠植.一种增量贝叶斯分类模型.计算机学报. 2002, 25(6). 645-650.
[99]冯建新,唐加福,王光兴.移动Ad hoc网络中的一种信任评估模型.东北大学学报(自然科学版). . 2007, 28(03). 341-344.
[100]傅采慧,刘嘉勇,李莺.网络安全信任模型的研究.四川理工学院学报(自然科学版). 2006, 19(6). 36-39.
[101] N. Borselius. Mobile agent security. Electronics & Communication Engineering Journal. 2002, 14(5). 211-218.
[102]刘建勋,李仁发,张申生.移动Agent的安全性问题探讨.小型微型计算机系统. 2000, 21(12). 1316-1319.
[103]柳春华,蒋天发.基于移动Agent的分布式入侵检测系统的开发研究.武汉大学学报(工学版). 2006, 39(2). 52-54.
[104]姜学明,冯志勇,周玉清.如何防止移动代理和代理平台之间的相互攻击.计算机工程与设计. 2004, 25(1). 78-80.
[105]宋卫卫,叶震,岳磊.动态信任模型及其在移动代理环境中的应用.合肥工业大学学报(自然科学版). 2009, 32(1). 73-77.
[106] A. Iyer,H. Q. Ngo. Towards a theory of insider threat assessment. In Proceedings of the 2005 International Conference on Dependable Systems and Networks. Yokohama, Japan: IEEE Computer Society. 2005. 108-117.