Baseline construction and unknown abnormal behavior detection method oriented to system log

A technology of system log and detection method, applied in transmission systems, electrical components, etc., can solve the problem of weak robustness of abnormal points, and achieve the effect of avoiding the effect of abnormal points

Active Publication Date: 2017-12-29
北京中晟信达科技有限公司
View PDF4 Cites 31 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The technical problem to be solved by the present invention is to overcome the lack of robustness of the existing unknown anoma...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Baseline construction and unknown abnormal behavior detection method oriented to system log

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] The method of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments of the present invention.

[0021] Such as figure 1 As shown, the present invention is a system log-oriented baseline construction and unknown abnormal behavior detection method, the specific implementation steps are as follows:

[0022] Step 1: Quantification of user operation logs

[0023] Abnormal behavior detection is mainly for information systems (such as 4A systems) or user operation logs of various devices. Operation types are defined and authorized by the system. User operation logs usually include elements such as user name, time, client IP, operation object, and operation result. In order to discover user behavior characteristics from logs and detect anomalies, it is necessary to quantify user behavior samples in logs into feature vectors. The user's behavior feature vector is mainly considered as the following first-...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a baseline construction and unknown abnormal behavior detection method oriented to a system log. The method comprises the following steps: I, user operation log quantification, namely, user behavior quantification; II, user behavior feature screening; III, abnormal behavior detection; and IV, abnormal behavior description. The baseline construction and unknown abnormal behavior detection method oriented to the system log disclosed by the invention comprises the following specific steps: firstly, quantifying a user operation log to generate a behavior feature vector; secondly, performing abnormity marking on samples to construct a reference sample set, and evaluating and screening sub-features at the same time to construct a new feature vector; and lastly, performing active clustering analysis on the user behavior feature vector, constructing a behavior baseline, and detecting abnormal behaviors. Abnormal points are eliminated in a detection process, so that an abnormal point effect can be effectively avoided, and typical user behaviors and abnormal behaviors can be detected accurately.

Description

technical field [0001] The invention relates to a system log-oriented baseline construction and unknown abnormal behavior detection method, which uses the user operation and maintenance logs recorded by the system to automatically analyze the typical behavior patterns of users, build a behavior baseline and detect abnormal behavior patterns based on this , so as to give early warning to possible unknown risks, which belongs to the field of network and information security technology. Background technique [0002] With the advancement of informatization and the development of the Internet, computer systems have become an important infrastructure for enterprises and even countries. At the same time, the information security risks of computer systems are becoming more and more prominent, among which the proportion of endogenous risks caused by internal users of the system is increasing, such as excessive access and download of customer information by using their own rights, or ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 李雄赫树龙孙润涛张健柏洪涛
Owner 北京中晟信达科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap