A high-risk operation identification method and system based on user behavior analysis
A technology of behavior analysis and identification methods, applied in the field of network security and deep learning, can solve problems such as the inability to meet network security, and achieve the effect of improving accuracy and preventing overfitting
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Image
Examples
Embodiment 1
[0044] like figure 1 As shown, the method for identifying high-risk operations based on user behavior analysis in this embodiment includes the following steps:
[0045] (1) Data collection
[0046] Collect the log information to be tested corresponding to user behavior in the target network.
[0047] Specifically, relying on log collection probes and big data architecture, the collection of different types of access logs, login logs, and operation logs for hosts and applications in the target network is completed, and the collected log information is used as the input for data standardization processing; it mainly involves the system Logging logs, WEB access logs, operation and maintenance operation logs, etc., and related devices include different data sources such as network devices, hosts, and application systems. The big data stream computing architecture is used to realize real-time data collection, and the log information is standardized and metadata is subsequently use...
Embodiment 2
[0120] The difference between the high-risk operation identification method based on user behavior analysis in this embodiment and Embodiment 1 is:
[0121] The identification method of high-risk operations based on user behavior analysis also includes:
[0122] In the subsequent prediction process, the output and status values of the three abnormal indicators are output once a day, and the status values of the seven-day observation sequence are predicted every week to calibrate the daily output results and further improve the recognition accuracy. ;
[0123] For other steps, refer to Example 1;
[0124] The difference between the high-risk operation identification system based on user behavior analysis of this embodiment and Embodiment 1 is:
[0125] It also includes a calibration module, which is used to output the output and state values of the three abnormal indicators once a day in the subsequent prediction process, and predict the state values of the seven-day ...
Embodiment 3
[0128] The difference between the high-risk operation identification system based on user behavior analysis of this embodiment and Embodiment 1 is:
[0129] Linkage with 4A and other account management platforms to connect account blocking capabilities to enable / disable user accounts, log off users, and log out sessions;
[0130] For other architectures, refer to Embodiment 1.
PUM
Abstract
Description
Claims
Application Information
- R&D Engineer
- R&D Manager
- IP Professional
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com