Unlock instant, AI-driven research and patent intelligence for your innovation.

Abnormal computer user behavior detection method

Anomaly detection and computer technology, applied in the field of network security, can solve the problems of difficult rule definition, poor operability, and difficult for administrators to handle.

Active Publication Date: 2017-08-01
BEIJING INST OF COMP TECH & APPL
View PDF5 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The rule definition is difficult: the user needs to have very rich experience in rule configuration, and needs to be deeply integrated with the actual application of the user, and the operability is poor;
[0006] There are many false positives and false positives: the rules need to be updated in time, otherwise they will not be able to adapt to the latest user behavior situation, resulting in more false negatives and false negatives, which are difficult for administrators to handle

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal computer user behavior detection method
  • Abnormal computer user behavior detection method
  • Abnormal computer user behavior detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] In order to make the purpose, content, and advantages of the present invention clearer, the specific embodiments of the present invention will be further described in detail below with reference to the accompanying drawings and embodiments.

[0027] figure 1 Shown is a flow chart of a method for detecting abnormal computer user behavior according to the present invention, such as figure 1 As shown, the present invention combines the characteristics of computer user behavior, and divides the elements used for abnormal computer user behavior detection into four types: user identity information, object information, time information, and behavior information. User identity information mainly includes identity authentication information, IP address information, MAC address information, role information, etc. The object information mainly includes IP address information, object type information, port information, and the like. The time information mainly includes the time o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an abnormal computer user behavior detection method comprising the steps of 1, preprocessing original data to remove repeated information and error information, and generate formative user identity information, object information, time information and behavior information; 2, performing normal user behavior modeling based on the user identity information, the object information, the time information and the behavior information to build a user behavior base line; 3, based on the user behavior base lien, matching user behaviors generated in real time, and detecting the abnormal user behavior; and 4, further adjusting the user behavior base line for the normal user behaviors generated in real time. According to the abnormal computer user behavior detection method provided by the invention, detection on the abnormal computer user behaviors is achieved.

Description

technical field [0001] The invention belongs to the technical field of network security, in particular to a method for detecting abnormal behavior of computer users. Background technique [0002] An important means of data theft is that internal personnel leak secrets or steal intelligence by controlling internal assets. This is a malicious behavior hidden under "normal behavior", which is difficult to detect by traditional security protection and detection methods. [0003] The abnormal computer user behavior detection technology extracts user behavior models based on various user logs, and then conducts a comprehensive analysis of user behavior in the network to determine whether the user behavior is malicious, and finally forms an abnormal user behavior alarm, and technically blocks malicious behavior. . [0004] At present, the abnormal detection of computer user behavior mainly adopts the method based on rule matching. However, from the application point of view, the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425
Inventor 石波吴朝雄沈德峰胡佳谢小明沈艳林郭江孙琦
Owner BEIJING INST OF COMP TECH & APPL