Behavior sequence anomaly detection method and system based on unsupervised algorithm

Anomaly detection, unsupervised technology, applied in the field of information security, can solve the problems of high false positive rate, low accuracy rate, missing label samples, etc., to achieve the effect of strong adaptability

Active Publication Date: 2021-04-30
SHANGHAI GUAN AN INFORMATION TECH
View PDF15 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The technical problem to be solved by the present invention is that in the prior art, there are problems s

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Behavior sequence anomaly detection method and system based on unsupervised algorithm
  • Behavior sequence anomaly detection method and system based on unsupervised algorithm
  • Behavior sequence anomaly detection method and system based on unsupervised algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the embodiments of the present invention. Obviously, the described embodiments are part of the present invention Examples, not all examples. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0042] This embodiment provides a behavior sequence anomaly detection method based on an unsupervised algorithm. The method is based on the operation data of the enterprise web system, and calculates the time interval between two operations through the sequence of user operations. According to whether the time interval between two operations is greater than Preset the threshold, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a behavior sequence anomaly detection method based on an unsupervised algorithm. The method comprises the steps: calculating the time interval of two operations based on the operation data of an enterprise web system through the sequence of user operations, and segmenting a user behavior sequence according to whether the time interval of the two operations is greater than a preset threshold or not, and training a probability suffix tree model, outputting a probability value corresponding to the user behavior sequence according to the probability suffix tree model, taking the probability value corresponding to the user as a feature, i.e., input of an isolated forest model, and judging whether the user behavior is abnormal or not according to a model output result.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to an unsupervised algorithm-based behavior sequence anomaly detection method and system. Background technique [0002] In recent years, with the continuous development of cloud computing technology and market demand, the business systems of various industries have grown rapidly, and the accompanying network attack methods have also shown a trend of diversification. Some conventional security protection measures can only Play traditional security protection effect, these capabilities are gradually failing in the current complex network environment. How to quickly and accurately dig out attack threats, malicious users, and malicious behaviors has gradually become more and more difficult. Malicious behaviors such as website attacks, "sweeping wool", and stealing internal data of enterprises are hidden in a large number of normal network behaviors through various camoufla...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06N3/08G06N3/04G06K9/62
CPCH04L63/1425H04L63/1416G06N3/049G06N3/088G06F18/24323G06F18/2415
Inventor 梁淑云刘胜马影陶景龙王启凡魏国富徐明殷钱安余贤喆周晓勇
Owner SHANGHAI GUAN AN INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap