Login abnormity detection method, system and device

An anomaly detection and anomaly index technology, which is applied in the field of login anomaly detection, can solve problems such as unsolvable, false alarms, multiple access failures, etc., and achieve the effect of improving security, increasing hit rate, and high hit rate

Active Publication Date: 2017-09-15
SF TECH
View PDF6 Cites 27 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] At present, user abnormal login checks are usually matched based on static rules such as single dimension, and a large number of false alarms are generated in actual applications, causing investigators to be unable to cover and investigate abnormal events one by one, and real abnormal events have not been discovered by investigation; currently common abnormal login There are common dimensions of early morning login, remote login, and multiple access failures in the detection dimension, which is insufficient for real anomaly detection dimensions; the current detection dimension is only for the rules themselves, and has not considered the user's own operating habits and the operating habits of the user group
[0003] Each of the above-mentioned problems cannot be solved by the prior art, let alone solve the above-mentioned problems at the same time. After a large number of experiments and researches, the present invention has developed a login anomaly detection method and system, which has made a breakthrough to solve all the above-mentioned problems. Milestone significance for those skilled in the art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Login abnormity detection method, system and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0108] According to the user's historical data, six dimensions are established: time node, time type, city where the login IP belongs, login speed between two places, time interval between two logins, and number of login attempts.

[0109] 1 time node dimension

[0110] 1) Obtain login data for the past six months;

[0111] 2) Screen the data of successful login;

[0112] 3) According to the job number and time node (hourly), the total number of successful login times of each job number at each hour is aggregated;

[0113] 4) Calculate the average (mean) and standard deviation (sd) of the number of logins in the past six months according to the job number;

[0114] 5) Start traversing each hour from 0:00:

[0115] Define the minimum number of logins for each account Count=mean-1×sd;

[0116] First pass:

[0117] If the number of logins at this hour is greater than or equal to Count, the flag is 1;

[0118] If the number of logins at this hour is less than Count, but the ...

Embodiment 2

[0195] The features of this embodiment that are the same as those of Embodiment 1 will not be described in detail. The features of this embodiment that are different from Embodiment 1 are:

[0196] Based on the weight score or / and the results of the anomaly detection algorithm, the login data screens out high-scoring data for investigation, and judges whether it is an abnormal login.

[0197] Enter the login data into the following login record final anomaly score solution formula for weight scoring:

[0198] The final abnormal score of the login record=0.2×(the abnormal index of the time node)+0.2×(the abnormal index of the time type)+1×(the abnormal index of the city where the registered IP belongs)+0.9×(the abnormal index of the login speed of the two places) +1×(anomaly index of time interval between two logins)+1×(anomaly index of number of login attempts),

[0199] Each dimension has its own set of anomaly indices from 0-100%.

Embodiment 3

[0201] The features of this embodiment that are the same as those of Embodiment 1 will not be described in detail. The features of this embodiment that are different from Embodiment 1 are:

[0202] Based on the weight score or / and the results of the anomaly detection algorithm, the login data screens out high-scoring data for investigation, and judges whether it is an abnormal login.

[0203] Enter the login data into the following login record final anomaly score solution formula for weight scoring:

[0204] The final abnormal score of the login record = 0.2×(the abnormal index of the time node)+0.1×(the abnormal index of the time type)+0.7×(the abnormal index of the city where the registered IP belongs)+0.8×(the abnormal index of the login speed of the two places) +0.9×(anomaly index of time interval between two logins)+1×(anomaly index of number of login attempts),

[0205] Each dimension has its own set of anomaly indices from 0-100%.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a login abnormity detection method, system and device. The login abnormity detection method comprises steps of obtaining login data of a user history preset time interval, generating a login abnormity index based on at least two dimensions of a time node, a time type, a city that a login IP belongs to, two place login speeds, a time interval between two login times and times of trying to login according to the login data, wherein at least one of the dimensions of the login time node, the time type and the city where the login IP belongs to exists, obtaining new login data and generating an abnormal score by combining with a newest login data dimension and a login abnormal index corresponding to the dimension. Multi-dimension aggregation solves a problem of one-dimension misinformation. The login abnormity detection method, system and device can overcome current dimension deficiency through more dimension detection, improve abnormal login hit rate, screen out high score data to investigate through grading the login data according to weights / and abnormity detection algorithm and can fundamentally eliminate misdetection and leak detection of login through combining multiple detection modes.

Description

technical field [0001] The invention relates to a data exchange network, in particular to a method, system and equipment for detecting abnormal login. Background technique [0002] At present, user abnormal login checks are usually matched based on static rules such as single dimension, and a large number of false alarms are generated in actual applications, causing investigators to be unable to cover and investigate abnormal events one by one, and real abnormal events have not been discovered by investigation; currently common abnormal login The detection dimension has the common dimensions of early morning login, remote login, and multiple access failures, which is insufficient for real anomaly detection dimensions; the current detection dimension is only for the rules themselves, and has not considered the user's own operating habits and the operating habits of the user group. [0003] Each of the above-mentioned problems cannot be solved by the prior art, let alone solve...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0815H04L63/1425
Inventor 黄丽诗胡泽柱
Owner SF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap