Unlock instant, AI-driven research and patent intelligence for your innovation.
A high-risk operation identification method and system based on user behavior analysis
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A technology of behavior analysis and identification methods, applied in the field of network security and deep learning, can solve problems such as the inability to meet network security, and achieve the effect of improving accuracy and preventing overfitting
Active Publication Date: 2022-05-27
ZHEJIANG PONSHINE INFORMATION TECH CO LTD
View PDF25 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0002] With the continuous expansion of the overall network scale of telecommunications and Internet companies, multi-level network security threats and security risks are also increasing, and network attacks are developing towards distribution, scale, and complexity. Can no longer meet the needs of network security
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0044] like figure 1 As shown, the method for identifying high-risk operations based on user behavior analysis in this embodiment includes the following steps:
[0045] (1) Data collection
[0046] Collect the log information to be tested corresponding to user behavior in the target network.
[0047] Specifically, relying on log collection probes and big data architecture, the collection of different types of access logs, login logs, and operation logs for hosts and applications in the target network is completed, and the collected log information is used as the input for data standardization processing; it mainly involves the systemLogging logs, WEB access logs, operation and maintenance operation logs, etc., and related devices include different data sources such as network devices, hosts, and application systems. The big datastream computing architecture is used to realize real-time data collection, and the log information is standardized and metadata is subsequently use...
Embodiment 2
[0120] The difference between the high-risk operation identification method based on user behavior analysis in this embodiment and Embodiment 1 is:
[0121] The identification method of high-risk operations based on user behavior analysis also includes:
[0122] In the subsequent prediction process, the output and status values of the three abnormal indicators are output once a day, and the status values of the seven-day observation sequence are predicted every week to calibrate the daily output results and further improve the recognition accuracy. ;
[0123] For other steps, refer to Example 1;
[0124] The difference between the high-risk operation identification system based on user behavior analysis of this embodiment and Embodiment 1 is:
[0125] It also includes a calibration module, which is used to output the output and state values of the three abnormal indicators once a day in the subsequent prediction process, and predict the state values of the seven-day ...
Embodiment 3
[0128] The difference between the high-risk operation identification system based on user behavior analysis of this embodiment and Embodiment 1 is:
[0129] Linkage with 4A and other account management platforms to connect account blocking capabilities to enable / disable user accounts, log off users, and log out sessions;
[0130] For other architectures, refer to Embodiment 1.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The present invention specifically relates to a high-risk operation identification method and system based on user behavior analysis. The high-risk operation identification method includes the following steps: collecting historical log information corresponding to user behavior in the target network, and performing data standardizationprocessing on the historical log information, Obtain the target information; obtain the server operation habit characteristics and operation instruction habit characteristics according to the target information; based on the target information, deduplicate the operation instructions and calculate the Levenstein distance and the longest common subsequence to obtain the Levenstein distance and The characteristics of the number of instructions whose longest common subsequence exceeds the corresponding threshold; the training of the high-risk operation recognition model; collect the log information corresponding to the user behavior to be tested, and input it into the high-risk operation recognition model to obtain the state value output by the high-risk operation recognition model, and according to The state value predicts the state of user behavior. The present invention provides multi-dimensional feature basis for subsequent user behavior research and judgment, and improves the accuracy of user behavior analysis.
Description
technical field [0001] The invention belongs to the technical field of network security and deep learning, and in particular relates to a high-risk operation identification method and system based on user behavior analysis. Background technique [0002] With the continuous expansion of the overall network scale of telecommunications and Internet companies, the multi-layered network security threats and security risks are also increasing, and network attacks are developing towards a distributed, large-scale and complex trend. It can no longer meet the needs of network security. [0003] Aiming at the direction of user behavior analysis, new technologies are urgently needed to detect abnormal user behavior in time, grasp the network security situation in real time, and gradually shift from the previous in-process and post-event processing to automatic analysis and prediction before the event, dynamic processing during the event, and reduce network security. risk. SUMMARY OF...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More