Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

User risk assessment method and system based on network security device log data

A network security and risk degree technology, which is applied in the field of user risk assessment based on network security device log data, can solve problems such as user unauthorized access, user account abuse, and abnormal access behaviors that cannot be detected well

Active Publication Date: 2020-09-08
XI AN JIAOTONG UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the security device cannot detect abnormal access behaviors of internal users who have been allowed to enter, such as user account abuse, user unauthorized access, and users' unauthorized access to and modification of important data.
These abnormal behaviors have extremely high risks for the enterprise cloud platform, and once they occur, they will bring immeasurable serious consequences and economic losses to the enterprise

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • User risk assessment method and system based on network security device log data
  • User risk assessment method and system based on network security device log data
  • User risk assessment method and system based on network security device log data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] The implementation of the present invention will be described in detail below in conjunction with the drawings and examples.

[0050] The method in the present invention will be divided into two parts: offline modeling and online analysis, specifically including data acquisition process, feature extraction process, probability model establishment process, and online user risk assessment process. figure 1 It is a block diagram of the user risk assessment method based on network security device log data of the present invention. The system of the present invention is illustrated in block diagram form. figure 2 It is a frame diagram of a user risk assessment system based on network security device log data of the present invention.

[0051] data acquisition process

[0052] image 3 It is an instance of the user authority data of the network security device. Figure 4 is an instance of network security device user log data. Figure 5 It is an instance of the user's d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a user risk degree evaluation method and system based on log data of network security equipment. The method comprises steps of extracting a user dangerous behavior list from the user behaviors and the enterprise specifications; extracting dangerous behavior characteristics of the user from data such as a network security equipment user log according to the dangerous behavior list; training a Gaussian mixture model on each dangerous behavior of the user according to the dangerous behavior characteristics of the user, obtaining a user risk grading probability set, designing a user risk grading probability fusion method based on an evidence fusion theory, and determining whether the user has a behavior abnormal risk or not according to a risk probability fusion resultof the user. The method is simple to implement and low in calculation complexity, can effectively reduce the calculation resource overhead of behavior analysis in the user log, does not need any additional mark, only needs the data automatically recorded by the network security equipment, has the advantages of practical application, provides a risk degree evaluation method for unifying different user standards, and carries out decision-making judgment on high-risk users needing early warning at the same time.

Description

technical field [0001] The invention belongs to the technical field of data mining, and in particular relates to a user risk evaluation method and system based on network security device log data. Background technique [0002] Due to the importance of the enterprise cloud platform, each enterprise will choose to deploy it behind a security device when building a cloud platform to protect it from attacks from the external network. However, security devices cannot detect the abnormal access behaviors of internal users who have been allowed to enter, such as user account abuse, user unauthorized access, and users' unauthorized access to and modification of important data. These abnormal behaviors have extremely high risks for the enterprise cloud platform, and once they occur, they will bring immeasurable serious consequences and economic losses to the enterprise. [0003] Although network security devices cannot detect abnormal behaviors of internal users, they can comprehens...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/14H04L63/10H04L63/1425
Inventor 周亚东胡博文朱星宇管晓宏
Owner XI AN JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products