Supercharge Your Innovation With Domain-Expert AI Agents!

Abnormal behavior monitoring method and system

A technology for abnormal monitoring and behavior, which is applied in special data processing applications, instruments, unstructured text data retrieval, etc., and can solve the problems of unconcealment, high risk, and monitoring of the log audit system

Active Publication Date: 2018-08-21
华青融天(北京)软件股份有限公司
View PDF5 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the purpose of the present invention is to provide an abnormal behavior monitoring method and system to solve the problem that the existing log audit system cannot monitor these concealed and risky behavior operations

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal behavior monitoring method and system
  • Abnormal behavior monitoring method and system
  • Abnormal behavior monitoring method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0064] figure 1 A flowchart of the abnormal behavior monitoring method provided by the embodiment of the present invention is shown.

[0065] like figure 1 As shown, a method for monitoring abnormal behavior provided by this embodiment includes the following steps:

[0066] Step S101, performing word segmentation processing on the original data to obtain a user behavior feature matrix;

[0067] Specifically, the raw data refers to the behavior operation data in the audit log, for example, all the operation data performed by the user logging in to the bastion host. Perform word segmentation on the original data, extract keywords, and use the extracted keywords as user behavior characteristics; matrix. This standardizes the data and eliminates the influence of dimensions. The user behavior characteristic matrix can well describe the user behavior characteristics involved in the corresponding audit log. Among them, tf-idf is a commonly used weighting technique for informati...

Embodiment 2

[0123] like Figure 4 As shown, this embodiment provides an abnormal behavior monitoring system, including a processing module 10, a first cluster learning module 20, an evaluation module 30, a feature screening module 40, a second cluster learning module 50, and a monitoring module 60;

[0124] The processing module 10 is used to perform word segmentation processing on the original data to obtain a user behavior characteristic matrix;

[0125] The first clustering learning module 20 is used to perform clustering learning on the user behavior feature matrix to obtain a clustering result label;

[0126] The evaluation module 30 is used to evaluate the clustering result label to obtain the initial evaluation result;

[0127] The feature screening module 40 is used to screen the user behavior feature matrix multiple times by using the CART classification tree to obtain an effective user behavior feature matrix when the initial evaluation result does not reach the preset value; ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an abnormal behavior monitoring method and system, and relates to the technical field of abnormal behavior monitoring. The method comprises the following steps that: carrying out word segmentation processing on original data to obtain a user behavior feature matrix; carrying out clustering learning on the user behavior feature matrix to obtain a clustering result tag; evaluating the clustering result tag to obtain an initial evaluation result; when the initial evaluation result does not achieve a preset value, utilizing a CART (Classification and Regression Trees) classification tree to screen the user behavior feature matrix for multiple times to obtain an effective user behavior feature matrix; carrying out clustering learning on the effective user behavior featurematrix to obtain a clustering model; and according to the clustering model, carrying out abnormality monitoring on user behaviors. By use of the method, the behavior operation with high concealing and high risks can be subjected to abnormal monitoring, and loss caused by an abnormal operation is avoided.

Description

technical field [0001] The invention relates to the technical field of abnormal behavior monitoring, in particular to a method and system for monitoring abnormal behavior. Background technique [0002] The audit log is an enterprise that collects information system security events, including user access records and logs of operation and maintenance personnel, so that managers can monitor the behavior logs of different business personnel, so as to avoid the theft of enterprise data due to unconventional operations of business personnel. cause unnecessary human losses. [0003] The log audit system usually sets up a bastion machine system, which can record and monitor the operation behavior of business personnel. By analyzing the log behavior of business personnel, the general operating behavior characteristics of business personnel can be obtained, and then from the massive data, it is found that business personnel are inconsistent. Normal operations and sensitive words beha...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/27G06F17/30
CPCG06F16/1734G06F16/35G06F40/289
Inventor 徐杨远翔
Owner 华青融天(北京)软件股份有限公司
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com