Unlock instant, AI-driven research and patent intelligence for your innovation.

An Abnormal User Mining Method Based on Page Access Topology

A page access and topology technology, applied in the transmission system, electrical components, etc., can solve the problems of static features being easily bypassed, unknown abnormal detection, and high missed detection rate, so as to reduce the false negative rate and low missed detection rate , the effect of improving the accuracy rate

Active Publication Date: 2020-12-15
成都知道创宇信息技术有限公司
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The traditional method has the following disadvantages: 1. Static features are easy to be bypassed, resulting in a high rate of missed detection; 2. Static features can only match the abnormalities existing in the feature library, and cannot detect unknown anomalies

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An Abnormal User Mining Method Based on Page Access Topology
  • An Abnormal User Mining Method Based on Page Access Topology
  • An Abnormal User Mining Method Based on Page Access Topology

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The present invention will be further described below with reference to the accompanying drawings and specific embodiments.

[0024] like figure 1 and figure 2 As shown, a method for mining abnormal users based on page access topology includes the following steps:

[0025] Step 1: According to the information extracted from the log, take the IP as the unit and time as the standard to sort the URLs in ascending order to construct the access topology database.

[0026] Extract the target URL, request source IP and request time in the log, and remove the parameters of the URL;

[0027] The URL in the access log often contains the requested parameters, which have nothing to do with the method of the present invention and need to be removed; for example:

[0028] http: / / www.target.com? sreach_words=a,b,c,d

[0029] After removing the parameters it becomes:

[0030] http: / / www.target.com

[0031] With a single IP as a unit, the URLs are sorted in ascending order accor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an abnormal user mining method based on a page access topology, comprising the following steps: step 1, sorting the URLs in ascending order by taking IPs as the unit and time as the standard according to the information extracted from the log to construct an access topology database; step 2, extracting training samples; step 3, using the URLs on the training samples to index the IPs; step 4, using the IPs in the training samples as the initial search subset, removing IPs that have not been visited the URLs in the initial search subset by using the reverse index, and updating the search subset; repeating the step until the search subset is empty or is unable to be updated; and calculating the score according to the number of loops; and step 5, sorting the IPs in ascending order, setting a threshold, and determining the IPs less than set threshold as abnormal uses. The method characterizes the behavior of the normal users through the topology, and discriminates the abnormality of the users, which has good adaptive ability and low miss detection rate.

Description

technical field [0001] The invention relates to a method for mining abnormal users, in particular to a method for mining abnormal users based on page access topology. Background technique [0002] Existing network security products generally use several rules or policies to describe the user's behavioral boundaries. If a certain feature of the user exceeds the threshold of normal users, processing actions will be triggered; for example, traditional abnormal user detection methods mostly use static feature matching. means, such as using regular expressions to match SQL, XSS injection attacks, etc. [0003] The traditional method has the following shortcomings: first, static features are easily bypassed, resulting in a high missed detection rate; second, static features can only match the anomalies existing in the feature library, and cannot detect unknown anomalies. SUMMARY OF THE INVENTION [0004] The invention provides an abnormal user mining method based on page access...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1425H04L67/02
Inventor 李建聪邓金城
Owner 成都知道创宇信息技术有限公司