An Identification Method of Untrusted Interactive Behavior in ERP System Based on Markov Chain

Enterprise Resource Planning (ERP) software system is widely used in enterprises as an advanced management system. In recent years, the information security problem of ERP software system has gradually attracted people’s attention. To solve the information security problem of the ERP software system, we first need to pay attention to the untrusted interactive behavior in the ERP software system. Enterprise network users generate a lot of interactive behavior in the process of using ERP system. Untrusted interactive behavior will cause huge damage to the enterprise if they are not identified. Based on this, this paper proposes a method based on Markov chain to identify untrusted interactive behavior of users in the ERP system, Firstly, a series of network user behavior characteristics are constructed based on the log records of ERP system. Then, the hidden Markov model is used to model the behavior of trusted users based on these behavior characteristics. Next, the forward algorithm is used to calculate the probability of a series of observation sequences of trusted users and untrusted users based on the hidden Markov model of trusted users. Finally, the untrusted users are identified by comparing the observation sequence probability set of trusted and untrusted users. The recognition rate of the model for trusted users is 92.64%, and the false positive rate for untrusted users is 0.76%. This result indicates that the model is effective for identifying untrusted interaction behavior.

[1]  Byungjoo Park,et al.  Fast traffic anomalies detection using SNMP MIB correlation analysis , 2009, 2009 11th International Conference on Advanced Communication Technology.

[2]  Joohan Lee,et al.  Packet- vs. session-based modeling for intrusion detection systems , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[3]  Jie Ma,et al.  Research on Trusted Evaluation Method of User Behavior Based on AHP Algorithm , 2015, 2015 7th International Conference on Information Technology in Medicine and Education (ITME).

[4]  Audun Jøsang,et al.  Identity management and trusted interaction in internet and mobile computing , 2014, IET Inf. Secur..

[5]  Jun Yan,et al.  The Effects of Consumer Perceived Different Service of Trusted Third Party on Trust Intention: An Empirical Study in Australia , 2017, 2017 IEEE 14th International Conference on e-Business Engineering (ICEBE).

[6]  Ke Wang,et al.  PCAD: Cloud Performance Anomaly Detection with Data Packet Counts , 2017, 2017 IEEE International Conference on Cloud Computing Technology and Science (CloudCom).

[7]  Raimo Kantola,et al.  Theoretical Issues in the Study of Trust in Human-Computer Interaction , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[8]  Wei Liu,et al.  Research on Behavior Trust Based on Bayesian Inference in Trusted Computing Networks , 2015, 2015 IEEE International Conference on Smart City/SocialCom/SustainCom (SmartCity).

[9]  Peter Mell,et al.  Intrusion Detection Systems , 2001 .

[10]  Raimo Kantola,et al.  A Research Model for Human-Computer Trust Interaction , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[11]  Akash Garg,et al.  PHAD: Packet header anomaly detection , 2016, 2016 10th International Conference on Intelligent Systems and Control (ISCO).

[12]  Aida Shojaee,et al.  A new method for evaluating cloud computing user behavior trust , 2015, 2015 7th Conference on Information and Knowledge Technology (IKT).

[13]  James A. Narus,et al.  A Model of Distributor Firm and Manufacturer Firm Working Partnerships , 1990 .

[14]  Wenliang Chen,et al.  A trust evaluation model and algorithm based on network behavior detection , 2010, 2010 3rd IEEE International Conference on Broadband Network and Multimedia Technology (IC-BNMT).

[15]  Yennun Huang,et al.  Network traffic anomaly detection based on growing hierarchical SOM , 2013, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[16]  Gao Yan,et al.  Network Anomaly Traffic Detection Method Based on Support Vector Machine , 2016, 2016 International Conference on Smart City and Systems Engineering (ICSCSE).

[17]  Byeong-Hee Roh,et al.  Abnormal Behavior-Based Detection of Shodan and Censys-Like Scanning , 2017, 2017 Ninth International Conference on Ubiquitous and Future Networks (ICUFN).

[18]  Xuefeng Jiang A facial expression recognition model based on HMM , 2011, Proceedings of 2011 International Conference on Electronic & Mechanical Engineering and Information Technology.

[19]  Sushila Madan,et al.  A fuzzy expert system to evaluate customer's trust in B2C E-Commerce websites , 2014, 2014 International Conference on Computing for Sustainable Global Development (INDIACom).

[20]  Dinesh Naik,et al.  Anomaly based intrusion detection of packet dropping attacks in mobile ad-hoc networks , 2014, 2014 International Conference on Control, Instrumentation, Communication and Computational Technologies (ICCICCT).

[21]  Xiaoqiong Yang,et al.  A statistical user-behavior trust evaluation algorithm based on cloud model , 2011, 2011 6th International Conference on Computer Sciences and Convergence Information Technology (ICCIT).

[22]  Ruchi Jain,et al.  Hidden Markov Model based anomaly intrusion detection , 2012, 2012 International Conference for Internet Technology and Secured Transactions.

[23]  Xiaowei Gu,et al.  Network Traffic Anomaly Detection Based on Dynamic Programming , 2017, 2017 International Conference on Computing Intelligence and Information System (CIIS).