A high-risk operation identification method and system based on user behavior analysis

A technology of behavior analysis and identification methods, applied in the field of network security and deep learning, can solve problems such as the inability to meet network security, and achieve the effect of improving accuracy and preventing overfitting

Active Publication Date: 2022-05-27
ZHEJIANG PONSHINE INFORMATION TECH CO LTD
View PDF25 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] With the continuous expansion of the overall network scale of telecommunications and Internet companies, multi-level network security threats and security risks are also increasing, and network attacks are developing towards distribution, scale, and complexity. Can no longer meet the needs of network security

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A high-risk operation identification method and system based on user behavior analysis
  • A high-risk operation identification method and system based on user behavior analysis
  • A high-risk operation identification method and system based on user behavior analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] like figure 1 As shown, the method for identifying high-risk operations based on user behavior analysis in this embodiment includes the following steps:

[0045] (1) Data collection

[0046] Collect the log information to be tested corresponding to user behavior in the target network.

[0047] Specifically, relying on log collection probes and big data architecture, the collection of different types of access logs, login logs, and operation logs for hosts and applications in the target network is completed, and the collected log information is used as the input for data standardization processing; it mainly involves the system Logging logs, WEB access logs, operation and maintenance operation logs, etc., and related devices include different data sources such as network devices, hosts, and application systems. The big data stream computing architecture is used to realize real-time data collection, and the log information is standardized and metadata is subsequently use...

Embodiment 2

[0120] The difference between the high-risk operation identification method based on user behavior analysis in this embodiment and Embodiment 1 is:

[0121] The identification method of high-risk operations based on user behavior analysis also includes:

[0122] In the subsequent prediction process, the output and status values ​​of the three abnormal indicators are output once a day, and the status values ​​of the seven-day observation sequence are predicted every week to calibrate the daily output results and further improve the recognition accuracy. ;

[0123] For other steps, refer to Example 1;

[0124] The difference between the high-risk operation identification system based on user behavior analysis of this embodiment and Embodiment 1 is:

[0125] It also includes a calibration module, which is used to output the output and state values ​​of the three abnormal indicators once a day in the subsequent prediction process, and predict the state values ​​of the seven-day ...

Embodiment 3

[0128] The difference between the high-risk operation identification system based on user behavior analysis of this embodiment and Embodiment 1 is:

[0129] Linkage with 4A and other account management platforms to connect account blocking capabilities to enable / disable user accounts, log off users, and log out sessions;

[0130] For other architectures, refer to Embodiment 1.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention specifically relates to a high-risk operation identification method and system based on user behavior analysis. The high-risk operation identification method includes the following steps: collecting historical log information corresponding to user behavior in the target network, and performing data standardization processing on the historical log information, Obtain the target information; obtain the server operation habit characteristics and operation instruction habit characteristics according to the target information; based on the target information, deduplicate the operation instructions and calculate the Levenstein distance and the longest common subsequence to obtain the Levenstein distance and The characteristics of the number of instructions whose longest common subsequence exceeds the corresponding threshold; the training of the high-risk operation recognition model; collect the log information corresponding to the user behavior to be tested, and input it into the high-risk operation recognition model to obtain the state value output by the high-risk operation recognition model, and according to The state value predicts the state of user behavior. The present invention provides multi-dimensional feature basis for subsequent user behavior research and judgment, and improves the accuracy of user behavior analysis.

Description

technical field [0001] The invention belongs to the technical field of network security and deep learning, and in particular relates to a high-risk operation identification method and system based on user behavior analysis. Background technique [0002] With the continuous expansion of the overall network scale of telecommunications and Internet companies, the multi-layered network security threats and security risks are also increasing, and network attacks are developing towards a distributed, large-scale and complex trend. It can no longer meet the needs of network security. [0003] Aiming at the direction of user behavior analysis, new technologies are urgently needed to detect abnormal user behavior in time, grasp the network security situation in real time, and gradually shift from the previous in-process and post-event processing to automatic analysis and prediction before the event, dynamic processing during the event, and reduce network security. risk. SUMMARY OF...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06K9/62G06N3/08G06N7/00H04L9/40H04L41/16
CPCG06N3/086G06N3/088G06N3/084H04L63/1416H04L63/1425H04L63/20H04L41/16G06N7/01G06F18/2321G06F18/2433G06F18/2411G06F18/295
Inventor 林建洪陈晓莉张晶晶赵祥廷魏亚洁章亮
Owner ZHEJIANG PONSHINE INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap