大数据环境下基于网络用户行为模式识别的可信交互机制研究

Internet-plus is an important field of the 13th planning of 5-year national development, where information security is a crucial problem during its development. User security authentication mechanism is the basis of web information security system. However, traditional identity authentication and content authentication ignore the importance of end user behavior.The behavior of web users is influenced by the target, motivation, heredity, environment, development and other factors, with the characteristics of uniqueness and non-step.It will greatly enhance the ability of web information security to dig and utilize web-user behavior characteristics.Hence, taking web-user interaction behavior in big data environment as the object, the interaction behavior pattern as the main line, increasing the dependability Internet-plus is an important field of the 13th planning of 5-year national development, where information security is a crucial problem. Existing identity authentication mechanism, intrusion detection mechanism, security audit mechanism and access control mechanism ignore the importance of end user behavior. The behavior of web users is influenced by the target, motivation, heredity, environment, development and other factors, with the characteristics of uniqueness and non-step.It will greatly enhance the ability of web information security to dig and utilize web-user behavior characteristics.Hence, taking web-user interaction behavior in big data environment as the object, the interaction behavior pattern as the main line, increasing the dependability of interaction behavior as the target, the structured decomposition with a hierarchy of intention, scene, application, motion on behavior pattern as the method, the dependable interaction mechanism of web-user behavior will be systematically studied; a generalized multi-dimension structured model of web-user behavior pattern will be constructed; and the pattern recognition techniques of web-user interaction behavior will be explored. Furthermore, a controlling model of web-user dependable interaction behavior based on behavior matching, early warning and multi-scale evaluation will be developed. And then a new dependable interaction mechanism together with its methodology based on web-user behavior pattern recognition will be put forth to ensure web information security performance under the internet-plus background with support of theories and enabling technologies.

“互联网+”是十三五规划的重要领域，信息安全是其突出问题。现有的身份认证机制、入侵检测机制、安全审计机制和访问控制机制忽视了终端用户行为的重要性。网络用户行为规律受目标、动机、遗传、文化、教育、环境、发展等因素影响，具有独特性、非阶跃性和演化性。挖掘利用网络用户行为特征，将极大增强网络信息安全保障能力。为此，以大数据环境下网络用户交互行为为对象，以交互行为模式为主线，以提高交互行为可信性为目标，以对行为模式的“意图—场景—应用—动作”递阶层次结构化分解为手段，系统研究大数据环境下网络用户行为的可信交互机理，构建网络用户行为模式的广义多维度结构化模型，探索网络用户交互行为的模式识别技术，进而开发以行为匹配、预警及多尺度评价为基础的网络用户可信交互行为控制模型，提出一套新的基于网络用户行为模式识别的可信交互机制及其方法体系，为提高“互联网+”背景下网络信息安全性能提供理论与使能技术支撑。

依据人因工程和行为科学理论，提出人的网络行为模式具有独特性、非阶跃性和演化性的假设，并据此建立网络用户新的可信交互机制，需要解决三大科学问题:人的网络行为模式的描述与建模；用户行为模式与可信交互特征的映射关系的建立；基于用户行为模式识别的可信交互行为检测方法。. 分别从鼠标、网页操作行为大数据研究网络用户的行为模式特征，对鼠标操作行为通过时域、时频域联合分析挖掘用户行为特征，对网页操作行为通过多维活动规律挖掘用户行为特征，用多种机器学习算法建立了每一个用户独特的行为模式，验证了本项目提出的理论假设。通过引入动态信任模型算法评价用户的每一次交互行为的信任度值，实现了网络用户可信交互的持续认证。. 在鼠标操作行为的时频联合分析与希尔伯特黄变换后的特征挖掘中，可信交互识别的错误接受率降低至0.12%，错误拒绝率降低至0.28%。对用户网页操作行为的特征挖掘中，对不可信行为的错误接受率低至0.19％，对可信行为的错误拒绝率降低到3.30％。通过动态信任度值的连续身份认证机制，将入侵检测的时间缩短为1.63 min，行为次数减少至12.28次。. 研究还发现不同情绪下用户可信交互行为识别的准确率没有显著变化；在逐时递推检测中发现用户操作行为随时间推移有显著变化，基于行为演变性来构建检测模型将进一步提高可信交互的检测准确率。. 本项目系统探究了大数据环境下网络用户行为的可信交互原理，提出了一套用户行为模式结构化建模、用户可信交互行为识别与控制的方法，为提高网络安全提供了一种新的使能技术支撑。本项目研究成果有助于推动国家十三五规划中提出的强化信息安全保障，统筹网络安全和信息化发展，完善国家网络安全保障体系，强化重要信息系统和数据资源保护，对于提高企业网络治理能力、筑牢信息防护体系、保障国家信息安全等都具有重要意义。