中国科学院软件研究所机构知识库

Internal threat is an important issue for the information systems of an organization. To deal with this problem, organizations often formulate regulations and rules to regulate the behavior of employees and prevent them from causing production risks. However, how to effectively detect violations of the rules in the production process is challenging. In this paper, we propose an event based internal threat detection method. Firstly, we establish a detection model for regulation violation by representing rules and regulations as complex events and design a rule engine to detect if these complex events occur and discover the violations of rules. Then the logs generated during product are used for activating the rule reasoning. Finally, the rule violation will be reported to the supervisor for further investigation. The experiment on the real production processes shows the method is effective and efficient to detect internal threats and can be used at major production sites.