Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

IP group identification method and device for abnormal user login

An identification method and identification device technology, which are applied in the field of network security and can solve the problems of inability to discover illegal behaviors of IPs that are independent of each other, and inability to detect illegal groups.

Active Publication Date: 2020-03-27
SHANGHAI GUAN AN INFORMATION TECH
View PDF14 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the method of relationship discovery based on graph analysis requires relationship connections between nodes. With the development of modern Internet technology, IP calling and simulation technologies are becoming more and more common. Therefore, in order to avoid the existing security detection system , using a one-to-one combination of IP and number. From the perspective of relationship, IPs are independent, which makes graph analysis unable to find such black production groups.
[0004] Therefore, in the prior art, it is impossible to discover the independent black production behavior between IPs

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • IP group identification method and device for abnormal user login
  • IP group identification method and device for abnormal user login
  • IP group identification method and device for abnormal user login

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] figure 1 It is a schematic flowchart of an IP group identification method for abnormal user login provided by an embodiment of the present invention; figure 2 A schematic diagram of the principle of an IP group identification method for abnormal user login provided by an embodiment of the present invention, as shown in figure 1 and figure 2 As shown, the method includes:

[0053]S101: Acquire login logs, make statistics on the login logs in each preset period, and acquire the login frequency sequence of each IP.

[0054] Exemplarily, the server login log within a day is obtained, and the number of logins of each IP in each period is counted with a preset period, such as half an hour, to obtain the login frequency subsequence of each period; Periods are sorted, and the corresponding login frequency subsequences are combined according to the order of periods to obtain the login frequency sequence of each IP.

[0055] Take half an hour as the time interval, divide 0-...

Embodiment 2

[0101] Corresponding to Embodiment 1 of the present invention, the embodiment of the present invention also provides an IP group identification device for abnormal user login.

[0102] image 3 A structural diagram of an IP group identification device with abnormal user login provided by an embodiment of the present invention, as shown in image 3As shown, the device includes:

[0103] The first obtaining module 301 is used to obtain the login log, perform statistics on the login log in each preset period, and obtain the login frequency sequence of each IP;

[0104] The second acquisition module 302 is used to use the login frequency sequence as a sample set to train the isolated forest algorithm to obtain the score of each IP address;

[0105] The third obtaining module 303 is used to obtain the mode of the score for each score, and obtain the log set corresponding to the mode;

[0106] The setting module 304 is used to filter out the frequency sequence of the login log co...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an IP group identification method and device for abnormal user login, and the method comprises the steps: obtaining a login log, carrying out the statistics of the login log in each preset period, and obtaining a login frequency sequence of each IP; taking the login frequency sequence as a sample set to train an isolated forest algorithm to obtain a score of each IP address; for each score, obtaining a mode of the score, and obtaining a login log set corresponding to the mode; screening out the frequency sequence of the login log corresponding to the mode from the login frequency sequence, and carrying out binarization processing on the screened-out frequency sequence to obtain a mark of each IP in each period; and according to the mark of each IP in each period, utilizing a kappa algorithm to obtain a kappa coefficient between the data of the login log set, and taking the login log set of which the kappa coefficient is greater than a preset threshold value asan abnormal login group. By applying the embodiment of the invention, the mutually independent black production behaviors between the IPs can be identified.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an IP group identification method for abnormal user login. Background technique [0002] With the rapid development of Internet technology and applications, Internet security issues have attracted much attention. System attacks and black production activities will cause serious economic losses and affect corporate image. With the development of technology, hacking gangs have been updating their technologies such as system credentialing and malicious fleece. For example, hacking gangs' behaviors such as batch modification and batch calling of IPs are becoming more and more common. In addition, the modern Internet platform business is also becoming more and more complex and volatile, which leads to the deterioration of the prevention effect of the traditional rule-based risk control scheme. [0003] At present, in the field of Internet attack prevention, identifying IP lo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1425
Inventor 殷钱安梁淑云刘胜马影陶景龙王启凡魏国富徐明余贤喆周晓勇
Owner SHANGHAI GUAN AN INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com