High-risk operation identification method and system based on user behavior analysis

A technology of behavior analysis and recognition method, which is applied in the field of network security and deep learning, can solve problems that cannot meet network security, achieve the effect of improving accuracy and preventing overfitting

Active Publication Date: 2022-03-29
ZHEJIANG PONSHINE INFORMATION TECH CO LTD
View PDF25 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] With the continuous expansion of the overall network scale of telecommunications and Internet companies, multi-level network security threats and security risks are also increasing, and network attacks are developing towards distribution, scale, and complexity. Can no longer meet the needs of network security

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • High-risk operation identification method and system based on user behavior analysis
  • High-risk operation identification method and system based on user behavior analysis
  • High-risk operation identification method and system based on user behavior analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] like figure 1 As shown, the high-risk operation identification method based on user behavior analysis in this embodiment includes the following steps:

[0045] (1) Data collection

[0046] Collect the log information to be tested corresponding to user behavior in the target network.

[0047] Specifically, relying on the log collection probe and big data architecture, the collection of different types of access logs, login logs, and operation logs such as hosts and applications in the target network is completed, and the collected log information is used as input for data standardization processing; mainly involves system Login logs, WEB access logs, operation and maintenance operation logs and other types, related devices include different data sources such as network devices, hosts, and application systems. The big data stream computing architecture is used to realize real-time data collection, and subsequent standardization of log information and metadata Extraction...

Embodiment 2

[0120] The difference between the method for identifying high-risk operations based on user behavior analysis in this embodiment and Embodiment 1 is that:

[0121] The high-risk operation identification method based on user behavior analysis also includes:

[0122] In the follow-up forecasting process, the output and status values ​​of the three abnormal indicators are output once a day, and the status values ​​of the seven-day observation sequence are predicted every week to calibrate and judge the daily output results to further improve the accuracy of recognition ;

[0123] Other steps can refer to embodiment 1;

[0124] The difference between the high-risk operation identification system based on user behavior analysis in this embodiment and Embodiment 1 is that:

[0125] It also includes a calibration module, which is used to output the output and status values ​​of the three abnormal indicators once a day in the subsequent forecasting process, and forecast the status v...

Embodiment 3

[0128] The difference between the high-risk operation identification system based on user behavior analysis in this embodiment and Embodiment 1 is that:

[0129] Linkage with 4A and other account management platforms, connect with account blocking capabilities, and realize user account enable / disable, user logout and session logout operations;

[0130] For other frameworks, refer to Example 1.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention specifically relates to a high-risk operation identification method and system based on user behavior analysis, and the method comprises the following steps: collecting historical log information corresponding to user behaviors in a target network, and carrying out the data standardization processing of the historical log information, and obtaining target information; obtaining server operation habit features and operation instruction habit features according to the target information; based on the target information, de-duplication processing is carried out on the operation instruction, and calculation of the lewinstein distance and the longest common subsequence is carried out, so that the instruction number characteristic that the lewinstein distance and the longest common subsequence both exceed corresponding threshold values is obtained; training a high-risk operation identification model; and collecting log information to be detected corresponding to user behaviors, inputting the log information to the high-risk operation identification model to obtain a state value output by the high-risk operation identification model, and predicting a user behavior state according to the state value. According to the invention, a multi-dimensional feature basis is provided for subsequent user behavior research and judgment, and the accuracy of user behavior analysis is improved.

Description

technical field [0001] The invention belongs to the technical field of network security and deep learning, and in particular relates to a high-risk operation identification method and system based on user behavior analysis. Background technique [0002] With the continuous expansion of the overall network scale of telecommunications and Internet companies, multi-level network security threats and security risks are also increasing, and network attacks are developing towards distribution, scale, and complexity. It can no longer meet the needs of network security. [0003] For the direction of user behavior analysis, there is an urgent need for new technologies to detect abnormal user behavior in a timely manner, grasp the network security situation in real time, and gradually turn the previous processing and post-event processing into automatic analysis and prediction before the event, dynamic processing during the event, and reduce network security. risk. Contents of the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06K9/62G06N3/08G06N7/00H04L9/40H04L41/16
CPCG06N3/086G06N3/088G06N3/084H04L63/1416H04L63/1425H04L63/20H04L41/16G06N7/01G06F18/2321G06F18/2433G06F18/2411G06F18/295
Inventor 林建洪陈晓莉张晶晶赵祥廷魏亚洁章亮
Owner ZHEJIANG PONSHINE INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap