Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Threat behavior detection and model establishment method and device thereof, electronic equipment and storage medium

A technology for detecting models and behaviors, applied in the field of network security, can solve the problems of low detection efficiency of internal threat behaviors and occupation of computing resources, and achieve the effects of reducing resource and time consumption, improving modeling efficiency, and high accuracy

Active Publication Date: 2020-11-24
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of this, the purpose of the embodiments of the present application is to provide a threat behavior detection and model building method, device, electronic equipment, and storage medium to improve the low efficiency of internal threat behavior detection and occupy many computing resources in the prior art.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Threat behavior detection and model establishment method and device thereof, electronic equipment and storage medium
  • Threat behavior detection and model establishment method and device thereof, electronic equipment and storage medium
  • Threat behavior detection and model establishment method and device thereof, electronic equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.

[0039] In the existing network security protection technology, the methods of detecting internal threats include: method 1, collecting user attribute information, including name, age, gender, psychological evaluation, interpersonal communication, work completion quality, job satisfaction, etc.; After the data is cleaned and preprocessed, the similarity between users is calculated through user portraits; the K-Means algorithm is used to cluster user attribute portraits to obtain user groups with similar behavior patterns; the second method is to obtain user behavior information and identification information; According to the user's behavior sample set, train the long-short-term memory network classification model; judge whether the classification is correct according to the user identification inform...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a threat behavior detection and model establishment method and a device, electronic equipment and a storage medium, and relates to the technical field of network security. The threat behavior detection model establishment method comprises the steps of establishing a training set and a verification set based on attribute features and behavior features in a user data set; calling an LGBMClassifier interface instantiation model, and setting model parameters of the interface instantiation model; and training the interface instantiation model based on the training set and theverification set to obtain a LightGBM-based threat behavior detection model; the detection model is used for outputting an illegal probability based on an input detection feature, and the detection feature comprises an attribute feature and a behavior feature of a to-be-detected user. Threat behavior detection is performed through the threat behavior detection model without setting a separate detection model for each user, and the LightGBM algorithm has the characteristic of parallel calculation, so that the detection efficiency is improved, and the consumption of computing resources is reduced.

Description

technical field [0001] The present application relates to the technical field of network security, in particular, to a threat behavior detection and model building method, device, electronic equipment and storage medium. Background technique [0002] Internal threats refer to internal personnel or external attackers disguised as internal personnel who use legal identities and permissions to destroy systems or data, steal information, abuse resources, etc., and pose a security hazard to enterprises or organizations. With the gradual strengthening of security protection technologies such as firewalls, internal threats have gradually become a common method for attackers to implement internal threat behaviors through password theft and profit inducement. [0003] Internal threat detection is usually based on user log data in the internal network. In related research, machine learning algorithms such as K-Means, isolation forest, long-term short-term memory network, and Bayesian ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/24H04L12/26
CPCH04L63/1416H04L63/1441H04L41/145H04L43/16
Inventor 黄娜李建国余小军
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com