Credit evaluation method of user behavior in Web environment

Abstract

The invention relates a credit evaluation method of a user behavior in a Web environment, wherein the credit evaluation method comprises the following steps: 1) carrying out identity authentication on a user logging in a system based on the Web environment; 2) after the identity authentication of the user is successful, logging in the system to carry out a series of operations by the user, dividing user behavior evidence generated after the login of the user into three types, and sequentially storing these types of user behavior evidence in a static variable of a background in a continuous operation process of the user by the system; 3) continuously monitoring whether independent session allocated when the user logs in the system is destroyed through a session monitor by the system, and evaluating the credit of the current behavior of the user if the destruction is started; 4) using different nondimensionalization methods to respectively process the user behavior evidence with different dimensions in two-dimensional data stream to obtain a non-dimensional matrix; 5) obtaining a comprehensive weight set satisfying subjective and objective balance; and 6) using the comprehensive weight set and the non-dimensional evidence of the current user behavior to calculate a credit estimation value of the user behavior.

Description

technical field [0001] The invention relates to the field of information security, in particular to a trust evaluation method for user behavior in a Web environment. Background technique [0002] In applications based on Web technology, user identity authentication is a basic security feature and the basis of the entire information security, especially in new security-related applications such as cloud computing and e-commerce. At present, encryption algorithms such as digital certificates and digital signatures are usually used in identity authentication systems. These identity authentication technologies are relatively mature, but under new operating modes such as cloud computing and e-commerce, identity authentication technologies have certain limitations and defects. Mainly manifested in: 1) Misjudgment of identity: the user's user name and password are stolen, and illegal users use legal user name and password to log in in different places; users use mobile phones to ac...

AI Technical Summary

Problems solved by technology

At present, encryption algorithms such as digital certificates and digital signatures are usually used in identity authentication systems. These identity authentication technologies are relatively mature, but under new operating modes such as cloud computing and e-commerce, identity authentication technologies have certain limitations and defects. Mainly manifested in: 1) Misjudgment of identity: the user's user name and password are stolen, and illegal users use legal user name and password to log in in different places; users use mobile phones to access the Internet, and when the mobile phone is lost, the user name and password are set to the default login status; Misoperation on an infrequently used computer causes the user name and password to be set to the default login state; these states can lead to misjudgment of user identity authentication

2) Malicious users with legitimate identities damage the service system: For example, when using e-book resources in colleges and universities, some students often use network tools to download and purchase electronic resources in large quantities or set up private proxy servers to seek illegal income, etc.; leave the company without canceling the authorization personnel who are dissatisfied with the company, business competitors, etc.; user negligence, lack of professional knowledge, etc. damage to the system

Therefore, purely relying on identity authentication cannot fully guarantee the security of Web user information, so it is necessary to continue to evaluate user behavior on the basis of identity authentication, and finally use the obtained evaluation value to judge user behavior and control abnormal users

[0003] There are also many methods for evaluating user behavior in the prior art, such as user behavior evaluation methods based on AHP, user behavior evaluation methods based on fuzzy decision analysis, and fuzzy network analysis methods based on triangular fuzzy numbers; among them, based on AHP The user behavior evaluation method of the analytic hierarchy process first relies on the experience of experts to build the three-tier structure required for user behavior analysis, and then determines the evidence and attribute weights of user behavior from this three-tier structure. This method is more suitable It is used when the amount of user behavior evidence is small and because the results are subjective, the results may deviate from the actual situation; the user behavior evaluation method based on fuzzy decision analysis relies on the "credible" membership of user behavior and the superiority of evidence , and then use the fuzzy decision analysis method to calculate the target weight, so as to obtain the credible membership of user behavior and evaluate user behavior. This method only uses the evidence generated by user behavior once, so it cannot fully reflect the user behavior. Abnormalities caused by changes in behavior habits; fuzzy network analysis method based on triangular fuzzy numbers uses fuzzy numbers to reflect the fuzziness of expert judgments, and the evaluation results provide the basis for quantitative analysis for security control based on dynamic trust, but the computational complexity is high , it is difficult to guarantee the real-time performance of user behavior evaluation

To sum up, these methods are not suitable for use in Web applications because of the high error rate of the results, the unreliable basis for discrimination, and the relatively large use limitations of the above methods.

Images