Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detecting behavior of latently stealing user data

A technology of user data and detection methods, applied in the field of network information security, can solve problems such as low access volume and loss of manufacturers

Inactive Publication Date: 2018-01-09
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF5 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 3. This type of application usually only accesses a certain directory or an API or interface for obtaining data, etc.
[0006] Latent data thieves are usually difficult to be discovered by various network protection devices such as IDS due to the low number of visits and the access methods are through normal channels, such as legitimate APIs provided by manufacturers to crawl data, but the damage caused is huge. is huge
For example, a well-known domestic manufacturer provides a free API to query flight information. Some criminals use this API to crawl information at regular intervals, and over time they completely copy the manufacturer’s database information, causing great damage to the manufacturer. Loss

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting behavior of latently stealing user data
  • Method and device for detecting behavior of latently stealing user data
  • Method and device for detecting behavior of latently stealing user data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0066] An embodiment of the present invention provides a method for latently stealing user data behavior detection, the method is executed on the server side, see figure 1 As shown, the method includes the following steps:

[0067] S101: Obtain a first access log to be detected, where the first access log is a log of a user's access to a website.

[0068] The server first obtains the access log of the user's visit to the website to be detected, mainly including logs generated by servers such as "Tomcat" and "Ngnix".

[0069] S102: Calculate the characteristic value of the first user's access behavior according to the first access log.

[0070] After obtaining the access log to be detected, calculate its corresponding user access behavior feature value. For the specific calculation process, see Figure 4-Figure 8 .

[0071] The characteristic value of user access behavior includes at least one of the following: access aggregation degree, access frequency, repeated access fre...

Embodiment 2

[0151] An embodiment of the present invention provides a method and device for latently stealing user data behavior detection, see Figure 9 As shown, the device includes: a log acquisition module 91 , a feature value calculation module 92 , and a detection module 93 .

[0152] Among them, the log acquisition module 91 is used to obtain the first access log to be detected, and the first access log is the log of the user's visit to the website; the characteristic value calculation module 92 is used to calculate the first user's access log according to the first access log. Behavioral feature value; the first user access behavior feature value includes at least one of the following: access aggregation, access frequency, repeated access frequency, average and variance of access interval time, access return code, access download data density, resource access frequency; The detection module 93 is used to input the first user access behavior feature value into the pre-established de...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and device for detecting a behavior of latently stealing user data, and relates to the technical field of network information security. The method comprises the steps of obtaining a first access log to be detected, wherein the first access log is obtained when a user accesses a website; calculating a first user access behavior feature value according to the first access log; inputting the first user access behavior feature value to a detection model which is built in advance to detect whether the behavior of latently stealing the user data exists in the access log or not. The detection model is used for detecting the behavior of latently stealing the user data, and is obtained through classification training of training sample data. According to the method and device method for detecting the behavior of latently stealing the user data, the detection model for detecting the behavior of latently stealing the user data and model parameters can be obtained by calculating the user access behavior feature value of the access log and conducting training of a classification model, and then the detection model is utilized to precisely, efficiently and intelligently detect the behavior of latently stealing the user data in a new access log.

Description

technical field [0001] The invention relates to the technical field of network information security, in particular to a method and device for latently stealing user data behavior detection. Background technique [0002] A latent application means that the abnormality of the application cannot be detected from the single running characteristics of the application, and even the running characteristics of the normal application are the same. Usually latent applications are concealed and persistent, and usually use some logical loopholes in the existing system. For example, a system defines that an IP can only query the database N times a day, and the application queries N times a day for a period of time. Inquiry every day and so on. From the analysis of business characteristics, this type of application has the following characteristics: [0003] 1. This type of application usually lurks by means of media (such as a certain type of APP or system, etc.) and has specific trigg...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F21/57G06F17/30
Inventor 杨煜东范渊刘博莫金友
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com