In-event safety auditing method based on user behavior analysis

A technology of behavior analysis and security audit, applied in the field of big data security, can solve problems such as lack of processing and notification to administrators, lack of finer-grained user behavior, lack of high-risk operation executor processing and alarms, etc.

Active Publication Date: 2020-10-30
CHENGDU DBAPP SECURITY
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 3. When the operation and maintenance personnel perform high-risk operation and maintenance for many times, data loss and system crash may be caused to the operation and maintenance system;
[0007] 4. CC attacks and DDoS attacks or brute-force password cracking, etc., perform a high-risk behavior continuously, causing data loss and system crashes;
[0008] 5. The administrator only provides operation log viewing as a post-event audit work

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • In-event safety auditing method based on user behavior analysis
  • In-event safety auditing method based on user behavior analysis
  • In-event safety auditing method based on user behavior analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0053] An in-process security audit method based on user behavior analysis, such as figure 1 As shown, the user operation behavior is detected. If the user operation is a high-risk behavior, the number of times the user triggers the high-risk behavior is judged. If the number of triggers is greater than or equal to the trigger threshold, the user account is locked and an email is sent for an alarm.

[0054] The present invention is real-time, and when the user performs each operation, if the behavior is in the high-risk behavior set, the user behavior is analyzed, and the user will be locked immediately when the automatic locking situation is reached, which is a risk control method in the event. The present invention assigns the definition of what is a risky user to the user for configuration, based on the configuration premise of the user, conducts risk assessment on real-time user behavior, and mainly proposes a high-risk behavior configuration definition and statistical rul...

Embodiment 2

[0057] An in-process security audit method based on user behavior analysis, such as figure 2 As shown, when the user operation behavior is a high-risk behavior, the security level of the high-risk behavior of the operation is further detected, and the number of triggers of the security level is detected. If the number of triggers is greater than or equal to the number of trigger lockouts, the user is locked and an email is sent to warn .

[0058] The calculation of the number of trigger lockouts described in each high-risk level is as follows:

[0059] 1. The administrator configures the weight relationship of the trigger times of the high-risk security level;

[0060] 2. Obtain a linear relationship matrix diagram (no formula, just evolve the administrator configuration weight from the table to matrix A)

[0061]

[0062] 3. Calculate the maximum eigenvector, maximum eigenvalue and matrix consistency index of each high-risk behavior:

[0063] 1) Normalize each column o...

Embodiment 3

[0079] An in-process security audit method based on user behavior analysis. The administrator configures the security level weight relationship of high-risk behaviors including:

[0080] High-risk behavior A is medium-to-high-risk behavior, high-risk behavior B is medium-to-high-risk behavior, and the weight of trigger times is 1 / 2;

[0081] High-risk behavior A is medium-high risk behavior, high-risk behavior B is medium-low high-risk behavior, and the weight is 1 / 3;

[0082] High-risk behavior A is medium-high-risk behavior, high-risk behavior B is medium-low-high-risk behavior, and the weight is 1 / 5; the total threshold of trigger times for this configuration is 20.

[0083] As shown in Table 1, the weight relationship table can be drawn according to the weight:

[0084] Table 1

[0085] mid Lo middle high school mid Lo 1 3 5 middle 1 / 3 1 2 high school 1 / 5 1 / 2 1

[0086] A linear relationship can be drawn from the table:

[00...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an in-event safety auditing method based on user behavior analysis, and the method comprises the following steps: detecting a user operation behavior; if the user operation isa high-risk behavior, judging the frequency of triggering the high-risk behavior by a user; if the triggering frequency is greater than or equal to a triggering threshold, locking a user account and sending an email to give an alarm. According to the invention, users with high-risk behaviors are temporarily locked in time based on user behavior analysis, so the further loss of the system is prevented. According to the invention, user behaviors can be effectively identified, analyzed and collected, bad accounts are locked in time, continuous occurrence of behaviors endangering the system is avoided, and the security of system data and operation and maintenance system data is protected.

Description

technical field [0001] The invention belongs to the technical field of big data security, and in particular relates to an in-process security audit method based on user behavior analysis. Background technique [0002] With the rapid development of Internet enterprises, enterprises pay more and more attention to the demand of operation and maintenance audit. The current operation and maintenance audit system divides user permissions and provides user operation logs to view. However, the division of permissions is based on modules, which is not detailed enough, resulting in excessive permissions for various administrators; the viewing of operation logs is too passive, and if unchangeable high-risk behaviors occur, the system lacks processing and warnings for the executors of such operations; at the same time If the administrator account is stolen or the password is blasted or other DDoS attacks, etc., when an operation is repeated, the lack of timely operation to avoid such d...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55
CPCG06F21/552
Inventor 唐瑶范渊吴永越郑学新刘韬
Owner CHENGDU DBAPP SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap