User behavior sequence anomaly detection method, terminal and storage medium

An anomaly detection and user technology, applied in the field of data processing, can solve problems such as inability to identify abnormal behaviors, data and information security cannot be guaranteed, and achieve the effect of overcoming many pain points, clear steps, and high scalability

Pending Publication Date: 2021-03-12
中孚安全技术有限公司 +3
View PDF2 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The existing technology also involves NTA, that is, traffic anomaly analysis methods. These two methods are based on rule matching and preset statistical threshold methods, which cannot identify abnormal behaviors hidden in the group, which leads to the security of data information. Can't guarantee

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • User behavior sequence anomaly detection method, terminal and storage medium
  • User behavior sequence anomaly detection method, terminal and storage medium
  • User behavior sequence anomaly detection method, terminal and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0085] The present invention also provides an implementation mode. The method steps of the implementation mode can be executed by a terminal device, or by a server end, or by an interactive execution between a terminal device and a server end. For example, the above-mentioned figure 2 The server 105 in is executed, but the present disclosure is not limited thereto.

[0086] Get user behavior feature matrix

[0087] For the intranet user, obtain the behavior information of accessing the target server within a preset time period, the behavior information of accessing the target server includes the traffic information generated by the intranet user's access to each target server, time information, and the application protocol to which it belongs. information.

[0088] Based on the behavior information of the access target server, count the IP list of the target server that the intranet user has connected to within the preset time period, the sum of the uplink and downlink traff...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a user behavior sequence anomaly detection method, a terminal and a storage medium. The method comprises the steps of obtaining user behavior information in a preset time period; aggregating the characteristic attributes according to a sequence; configuring behaviors of the user in a preset time period into row vectors, and then forming a behavior row vector time sequence; extracting behavior row vector time sequences of any two users, calculating correlation coefficients, and judging vector similarity; searching the optimal distance between the behavior row vector timesequences of the two users by adopting a dynamic warping algorithm; calculating a distance average value and a standard deviation among all users; and if the distance between the user and other usersis greater than +3 times of the standard deviation of the average value, judging that the user is an abnormal user. User behavior details can be analyzed, the problems that a feature matrix cannot begenerated and sequence lengths are inconsistent due to the fact that a user does not have continuous behaviors are solved, and the false alarm rate of anomaly detection is reduced. Therefore, abnormalbehaviors hidden in the group can be identified, and the security of data information is ensured.

Description

technical field [0001] The invention relates to the technical field of data processing, in particular to an anomaly detection method based on user behavior sequence similarity, a terminal and a storage medium. Background technique [0002] With the continuous development of science and technology, data information has become an important carrier at present. Data information carries enterprise information, user information, transaction information and communication information. Data information plays a very important role for everyone and every enterprise. [0003] The abnormal problem of data information is a problem that needs to be paid attention to at present. For data anomalies, traffic analysis based on big data mining can dynamically and comprehensively search for malicious behaviors in the intranet. The IPS / IDS in the prior art, that is, the intrusion detection system, is a network security device that monitors network transmissions in real time, and sends an alarm...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1425
Inventor 邹斯达李兴国苗功勋路冰孙宁
Owner 中孚安全技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap