Method and device for detecting behavior of latently stealing user data
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A technology of user data and detection methods, applied in the field of network information security, can solve problems such as low access volume and loss of manufacturers
Inactive Publication Date: 2018-01-09
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF5 Cites 9 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0005] 3. This type of application usually only accesses a certain directory or an API or interface for obtaining data, etc.
[0006] Latent data thieves are usually difficult to be discovered by various network protection devices such as IDS due to the low number of visits and the access methods are through normal channels, such as legitimate APIs provided by manufacturers to crawl data, but the damage caused is huge. is huge
For example, a well-known domestic manufacturer provides a free API to query flight information. Some criminals use this API to crawl information at regular intervals, and over time they completely copy the manufacturer’s database information, causing great damage to the manufacturer. Loss
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0066] An embodiment of the present invention provides a method for latently stealing user data behavior detection, the method is executed on the server side, see figure 1 As shown, the method includes the following steps:
[0067] S101: Obtain a first access log to be detected, where the first access log is a log of a user's access to a website.
[0068] The server first obtains the access log of the user's visit to the website to be detected, mainly including logs generated by servers such as "Tomcat" and "Ngnix".
[0069] S102: Calculate the characteristic value of the first user's access behavior according to the first access log.
[0070] After obtaining the access log to be detected, calculate its corresponding user access behavior feature value. For the specific calculation process, see Figure 4-Figure 8 .
[0071] The characteristic value of user access behavior includes at least one of the following: access aggregation degree, access frequency, repeated access fre...
Embodiment 2
[0151] An embodiment of the present invention provides a method and device for latently stealing user data behavior detection, see Figure 9 As shown, the device includes: a log acquisition module 91 , a feature value calculation module 92 , and a detection module 93 .
[0152] Among them, the log acquisition module 91 is used to obtain the first access log to be detected, and the first access log is the log of the user's visit to the website; the characteristic value calculation module 92 is used to calculate the first user's access log according to the first access log. Behavioral feature value; the first user access behavior feature value includes at least one of the following: access aggregation, access frequency, repeated access frequency, average and variance of access interval time, access return code, access download data density, resource access frequency; The detection module 93 is used to input the first user access behavior feature value into the pre-established de...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention provides a method and device for detecting a behavior of latently stealing user data, and relates to the technical field of network information security. The method comprises the steps of obtaining a first access log to be detected, wherein the first access log is obtained when a user accesses a website; calculating a first user access behavior feature value according to the first access log; inputting the first user access behavior feature value to a detection model which is built in advance to detect whether the behavior of latently stealing the user data exists in the access log or not. The detection model is used for detecting the behavior of latently stealing the user data, and is obtained through classification training of training sample data. According to the method and device method for detecting the behavior of latently stealing the user data, the detection model for detecting the behavior of latently stealing the user data and model parameters can be obtained by calculating the user access behavior feature value of the access log and conducting training of a classification model, and then the detection model is utilized to precisely, efficiently and intelligently detect the behavior of latently stealing the user data in a new access log.
Description
technical field [0001] The invention relates to the technical field of network information security, in particular to a method and device for latently stealing user data behavior detection. Background technique [0002] A latent application means that the abnormality of the application cannot be detected from the single running characteristics of the application, and even the running characteristics of the normal application are the same. Usually latent applications are concealed and persistent, and usually use some logical loopholes in the existing system. For example, a system defines that an IP can only query the database N times a day, and the application queries N times a day for a period of time. Inquiry every day and so on. From the analysis of business characteristics, this type of application has the following characteristics: [0003] 1. This type of application usually lurks by means of media (such as a certain type of APP or system, etc.) and has specific trigg...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more 
Login to view more