关键词: 用户行为分析, 网络流量分析, 专用网络, 安全态势, 用户画像

Abstract: The supervision of user behavior in private network is an important means to ensure the information security. In view of the one-side problems existing in the private network solely relying on the network flow and the terminal security software log, we propose a method based on the traffic and log analysis, combining with the technology of network flow analysis, network security situation analysis, user portrait and user behavior analysis. Through the system architecture, we implement a system from the basic platform layer, data analysis layer and display layer. Combined with the core requirements of private network supervision, by improving the monitoring method of user terminal security software in private network, we realize a monitoring system of users' key behaviors in private network. The core function of the system is to monitor the abnormal flow of core assets, operation and maintenance flow, and build the data portrait of users' key behaviors. The application in the real private network shows that this method can effectively monitor the key user behavior of the private network, and provide reference for the user behavior supervision other private networks.

Key words: User Behavior Analysis, Traffic Analysis, Private Network, Situation Awareness, User Profile