ABSTRACT
To improve the performance of enterprise network information security, we proposed a behaviour analytics model that established a unique behaviour pattern for each user and identifies untrusted interactive behaviour. First, a series of behaviour characteristics was constructed by observing user behaviours. These characteristics were then used by a big data analysis method called hidden Markov model to model the behaviour of trusted users. Next, a forward algorithm calculated the probability of observation sequences from users with the same and different positions. Finally, untrusted interactive behaviours were identified by comparing the observation sequence probability sets of trusted and untrusted users. The proposed method was applied to the Enterprise Resource Planning system used by a publishing house to identify the credibility of its user behaviour. The highest false positive rates obtained were 0.74% and 5.26% for users in different positions and the same position, respectively. These results verify that the model is effective in identifying untrusted interactive behaviours.
Acknowledgements
We wish to thank all the staff of the publishing house used as our case study for supporting this work.
Disclosure statement
No potential conflict of interest was reported by the author(s).