Method and device for identifying IP gang, medium and equipment

A group and preset time period technology, applied in the field of Web network security, can solve the problems of high risk of misjudgment, low similarity of user behavior, and poor interpretability, so as to ensure accuracy, explainability and flexibility sexual effect

Pending Publication Date: 2021-05-14
BEIJING SHU AN XINYUN TECH CO LTD
View PDF5 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Existing web application firewalls are weak in identifying low-frequency group behaviors, the accuracy rate is not high, and the risk of misjudgment is high
The result of the identified group behavior, the similarity of user behavior is not high, and the explainability is not strong

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for identifying IP gang, medium and equipment
  • Method and device for identifying IP gang, medium and equipment
  • Method and device for identifying IP gang, medium and equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] In order to make the purpose, technical solutions and advantages of the embodiments of this paper clearer, the technical solutions in the embodiments of this paper will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of this paper. Obviously, the described embodiments are the Some, but not all, embodiments. Based on the embodiments herein, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts fall within the scope of protection herein. It should be noted that, in the case of no conflict, the embodiments herein and the features in the embodiments can be combined arbitrarily with each other.

[0054] figure 1 It is a flow chart of a method for identifying IP gangs according to an exemplary embodiment. refer to figure 1 , methods for identifying IP gangs, including:

[0055] Step S11, based on the log data within a preset period of time, the URL visited by each I...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method and device for identifying an IP gang, a medium and equipment, and the method for identifying the IP gang comprises the steps of obtaining a URL accessed by each IP and N behavior characteristics based on log data in a preset time period; aggregating all the IPs into different clusters based on the URL accessed by each IP and the N behavior characteristics; and when the cluster satisfies a preset condition, determining that the user corresponding to the IP in the cluster is an IP gang. According to the invention, more accurate gang clustering is realized for user behaviors of web logs, users with similar accessed URLs and similar access behaviors within a period of time are aggregated together, the accuracy of a clustering result is ensured, the method is also effective for low-frequency gangs, and the interpretability and flexibility of an identification result are ensured through specific rule parameters.

Description

technical field [0001] This article relates to Web network security, and in particular to methods, devices, media and equipment for identifying IP gangs. Background technique [0002] IP gang behavior, that is, a group of organized robots that carry out attacks together over a period of time. In web security, the industry generally uses Internet traffic data collected by security devices, and uses data mining algorithms to analyze abnormal user behaviors, such as CC attacks, crawlers, and SQL injections. [0003] In related technologies, existing web application firewalls usually analyze abnormal user behaviors by analyzing offline web logs and using data mining algorithms. Currently, there is no relatively mature solution for identifying specific gang behaviors. Existing web application firewalls are weak in identifying low-frequency group behaviors, the accuracy rate is not high, and the risk of misjudgment is high. As a result of the identified gang behavior, the simila...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06F16/955G06K9/62H04L29/06
CPCG06F21/552G06F16/9566H04L63/1425H04L2463/146G06F18/23
Inventor 潘廷珅丛磊
Owner BEIJING SHU AN XINYUN TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap