An abnormal behavior detection method and device

A detection device and detection method technology, applied in the field of communication, can solve problems such as no priority treatment of alarms, variable and unknown external attacks and internal threats, and the flooding of enterprise security teams.

Inactive Publication Date: 2019-06-04
成都亚信网络安全产业技术研究院有限公司
View PDF4 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Nowadays, the concealment of network threats complicates compliance inspections, especially the changing unknown external attacks and unpredictable internal threats, such as: saboteurs evade the control of the enterprise and bypass identity access control and various types of threat protection etc.
The existing technology solves this problem by setting thresholds to trigger alerts, but this method may cause enterprise security teams to be drowned in millions of alerts every day, so that alerts with real violations are not prioritized.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An abnormal behavior detection method and device
  • An abnormal behavior detection method and device
  • An abnormal behavior detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0020] It should be noted that, in the embodiments of the present invention, words such as "exemplary" or "for example" are used for example, illustration or illustration. Any embodiment or design solution described as "exemplary" or "for example" in the embodiments of the present invention shall not be construed as being more preferred or more advantageous than other embodiments or design solutions. Rather, the use of words such as "exemplary" or "such as" is...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses an abnormal behavior detection method and device, relates to the technical field of network security, and can perform association rule analysis and similaritymining on audit data of a user so as to timely discover abnormal behaviors of the user. The method comprises the following steps: carrying out data type conversion on acquired historical audit data to generate first data; Wherein the auditing data comprises at least one operation record of accessing the network by the user through the client, and the operation record comprises but is not limitedto one or more of the following items: a timestamp, a client IP address, a target network IP address and an operation type; Calculating the first data according to an association rule mining algorithmto generate a historical user association sequence; And performing similarity mining on the historical user association sequence and the acquired real-time audit data to generate a similarity score,and comparing the similarity score with a preset threshold value to determine whether the user operation has an abnormal behavior or not. The embodiment of the invention is applied to a network system.

Description

[0001] This application claims the priority of the Chinese patent application with the application number 201811528545.4 and the title of the invention "a method and device for detecting abnormal user behavior" submitted to the China Patent Office on December 13, 2018, the entire contents of which are incorporated herein by reference Applying. technical field [0002] Embodiments of the present invention relate to the field of communication technologies, and in particular, to a method and device for detecting abnormal behavior. Background technique [0003] With the development of network information technology, the network attacks faced by enterprises are also significantly increasing, the rapid development of business, the ever-changing distributed IT environment (on-premise, cloud, mobile) and the increasingly dispersed workforce. Nowadays, the concealment of network threats complicates compliance inspections, especially the changing unknown external attacks and unpredict...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 魏文俊蒋礼斌梁波
Owner 成都亚信网络安全产业技术研究院有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap