Method and apparatus for mining exceptional procedures in security information modification logs
A security information and log technology, applied in electrical components, transmission systems, etc., can solve the problems of inaccurate judgment, low degree of automation, long steps, etc., and achieve the effect of high degree of automation and improved recognition accuracy.
Active Publication Date: 2017-09-29
MICRO DREAM TECHTRONIC NETWORK TECH CHINACO
View PDF4 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0011] In the process of implementing the present invention, the inventors found that there are at least the following problems in the prior art: the abnormal process generally has long steps, and the prior art can find some risky accounts, but the first technique does not take advantage of the sequence of logs An important information, so it is impossible to detect that the process in the log is an abnormal process, so such a judgment is inaccurate
And this solution also relies on artificially set thresholds, the response is not fast enough and the degree of automation is not high enough
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0029] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
[0030] Such as figure 1 As shown, it is a flow chart of a method for mining abnormal processes in security information modification logs according to an embodiment of the present invention. The method includes:
[0031] 101. Traverse the security information modification log, and analyze the user identification UID in the security information modification log and the current account retrieval steps in the account retrieval path sorted by steps for each securit...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The embodiment of the invention provides a method and apparatus for mining exceptional procedures in security information modification logs. The method comprises the following steps: traversing the security information modification logs, and executing the following operations on each security information modification log: a current account number discovery step: analyzing a user identifier UID in the security information modification log, and finding a current account number in the path by the step sequencing account number; a temporary storage account number discovery step: obtaining a temporary storage account number stored in a temporary memory of a corresponding account number discovery path corresponding to the UID according to the UID; comparing the current account number discovery step with the temporary storage account number discovery step; judging that the current account number discovery step is an exceptional procedure in the case of comparison failure, indicating that the UID has a stolen risk, and adding the UID to a stolen risk UID list. The technical scheme has the following beneficial effects: the key information, namely, the log sequence, is used, the threshold is not manually set, the automation level is high, and the identification accuracy is greatly improved.
Description
technical field [0001] The invention relates to the technical field of data mining, in particular to a method and device for mining abnormal processes in security information modification logs. Background technique [0002] Security information modification log: In large-scale websites, user accounts are stolen, and there are many paths to retrieve their own accounts, such as SMS verification paths, ID card verification paths, and avatar verification paths. Many steps may be required in a path, and users can reset their passwords and regain control over the account by completing the steps in sequence. The security information modification log stores detailed information for each user at each step in chronological order. The information of each log includes: time, step name, user unique ID (UID), specific information in the step, success or failure and other information. [0003] Abnormal process: criminals take advantage of the multi-path and multi-step characteristics of ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More IPC IPC(8): H04L29/06
CPCH04L63/1425
Inventor 王嘉伟
Owner MICRO DREAM TECHTRONIC NETWORK TECH CHINACO