Abnormal user detection method and system based on ensemble learning

A technology integrating learning and detection algorithms, applied in the field of network security, can solve problems such as lack of pertinence in traditional methods, and achieve the effect of preventing information leakage

Active Publication Date: 2019-10-18
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF9 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The reason is that the traditional methods are mostly scattered, after the fact, and lack of pertinence

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal user detection method and system based on ensemble learning
  • Abnormal user detection method and system based on ensemble learning
  • Abnormal user detection method and system based on ensemble learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] refer to figure 1 , the embodiment of the present invention provides a method for detecting abnormal users based on integrated learning, which may include the following steps:

[0034] Step S101 , collecting user behavior information to be detected, wherein the behavior information to be detected includes at least one behavior feature information.

[0035] In the embodiment of the present invention, the behavior information to be detected is the behavior information to be detected, and the behavior information can be classified into network behavior information and terminal behavior information according to classification. It should be noted that behavior information is provided by user behavior data sources. User behavior data sources include but are not limited to security logs, network traffic, threat intelligence, logs related to identity access, and access logs related to user scenarios. Among them, logs related to user scenarios include but are not limited to VP...

Embodiment 2

[0079] refer to Figure 6 , the embodiment of the present invention provides an abnormal user detection system based on integrated learning, which may include the following modules:

[0080] The first collection module 11 is used to collect the user's behavior information to be detected, wherein the behavior information to be detected includes at least one behavior characteristic information;

[0081] The comparison module 12 is used to compare the behavioral feature information and the preset feature baseline corresponding to the behavioral feature information to obtain a comparison result;

[0082] An extraction module 13, configured to extract abnormal behavior information from the behavior information to be detected according to the comparison result, and determine users with abnormal behavior information as suspected abnormal users;

[0083] The scoring module 14 is configured to use a preset integrated learning model to score suspected abnormal users, and determine susp...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an abnormal user detection method and system based on ensemble learning, and relates to the technical field of network security, and the method comprises the steps: collecting to-be-detected behavior information of a user, wherein the to-be-detected behavior information comprises at least one piece of behavior feature information; comparing the behavior characteristic information with a preset characteristic baseline corresponding to the behavior characteristic information to obtain a comparison result; extracting abnormal behavior information from the behavior information to be detected according to a comparison result, and determining the user with the abnormal behavior information as a suspected abnormal user; and finally, scoring the suspected abnormal users by utilizing a preset ensemble learning model, and determining the suspected abnormal users of which scoring results reach a preset score as abnormal users. The detection system is established by taking the user as the core object, the abnormal user can be accurately positioned based on the preset ensemble learning model, the internal threat can be discovered in time, the internal threat can be terminated in time, and information leakage is avoided.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an abnormal user detection method and system based on integrated learning. Background technique [0002] With the increasing development of Internet technology and the deepening of my country's big data strategy, there are more and more data collection terminals and more and more types of collection. Data has become one of the core assets of enterprises. While the value of data is highly valued, various data security threats faced by enterprises are becoming more and more serious, and information security is gradually focused on data security. [0003] Under normal circumstances, external attacks are of various types and continue to be frequent. Enterprises are accustomed to deploying resources to build security fortresses to resist external attacks. However, in addition to external hacker attacks, internal personnel participate in information trafficking and share illeg...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1425G06F18/2411
Inventor 莫凡范渊刘博何帅孙佳
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap