User behavior anomaly detection method and system of embedded tense

An anomaly detection and behavior technology, applied in transmission systems, file systems, file system functions, etc., can solve the problem of high false positive rate and false negative rate of abnormal user behavior detection, and achieve a high false positive rate and high false negative rate. , the effect of improving accuracy, improving accuracy and efficiency

Pending Publication Date: 2022-04-29
航天科工网络信息发展有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the present invention is to provide a method and system for detecting abnormal user behavior embedded in tense, so as to improve the accuracy of detecting abnormal user behavior and solve the problem of false alarm rate and false negative rate in the detection of abnormal user behavior existing in the prior art. high problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • User behavior anomaly detection method and system of embedded tense
  • User behavior anomaly detection method and system of embedded tense
  • User behavior anomaly detection method and system of embedded tense

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0057] Such as figure 2 and Figure 4 As shown, the present embodiment provides a temporal-embedded user behavior anomaly detection method, which embeds temporal information into user behavior, and applies the Transformer anomaly detection model based on the attention mechanism for anomaly detection, specifically including the following steps :

[0058] Step S1, collecting user behavior log information.

[0059] Such as image 3 As shown, collecting user behavior log information specifically includes the following steps:

[0060] Step S1.1, use Kafka software to process and calculate the system raw data, and generate user behavior log information. Such as figure 1 As shown, the raw data of the system includes terminals and applications accessed by users, based on data such as events, logs, network flows, context information, and human resource information.

[0061] Step S1.2, using the Druid database to pre-aggregate the user behavior log information, build a query inde...

Embodiment 2

[0084] Such as Figure 5 As shown, this embodiment provides a temporally embedded user behavior abnormality detection system, the functions of each module and unit of the system are the same as the steps of the method in Embodiment 1 and correspond one-to-one, and the system specifically includes:

[0085] The user behavior log information collection module M1 is used to collect user behavior log information.

[0086] The user behavior log information collection module M1 specifically includes:

[0087] The user behavior log information generation unit M1-1 is used to use Kafka software to process and calculate the original data of the system to generate user behavior log information;

[0088] The user behavior log information storage unit M1-2 is used to pre-aggregate the user behavior log information using the Druid database, build a query index, and store it in the MySQL database.

[0089] The user behavior log information preprocessing module M2 is configured to preproce...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a tense-embedded user behavior anomaly detection method and system, and belongs to the field of behavior anomaly detection and recognizing.The method comprises the steps that firstly, user behavior log information is collected; preprocessing the user behavior log information, coding the user behavior characteristics according to time, and generating a user behavior time sequence; a Transform anomaly detection model based on an attention mechanism is constructed; based on the user behavior time sequence, training a Transform anomaly detection model to obtain a trained Transform anomaly detection model; and inputting user behavior characteristics corresponding to user behavior information to be processed into the trained Transform anomaly detection model to obtain a user behavior anomaly detection result. According to the method, the accuracy of user behavior anomaly detection can be improved, and the problems of high false alarm rate and missing report rate of user behavior anomaly detection in the prior art are solved.

Description

technical field [0001] The invention relates to the field of abnormal behavior detection and recognition, in particular to a temporally embedded user behavior abnormal detection method and system. Background technique [0002] With the rapid development of the new generation of information technology, enterprises and organizations are also facing more network security threats. The use of artificial intelligence, big data, cloud computing and other technologies for anomaly detection of user behavior can efficiently detect existing network threats. The current network security threat detection mainly adopts User and Entity Behavior Analytics (UEBA) technology, which associates user activities with other related entities, including terminals and applications accessed by users, through system log analysis. , network traffic analysis, identity analysis and other data analysis capabilities, model the normal behavior of user entities, and then perform risk assessment and alarm dur...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F16/17G06F16/215G06F16/22G06F16/2458G06F16/28G06K9/62G06N3/04G06N3/08H04L9/40H04L67/1396
CPCG06F16/1734G06F16/215G06F16/2228G06F16/2474G06F16/284G06N3/08H04L63/1425G06N3/045G06F18/2135
Inventor 杜笑天牛中盈伍高飞白亚南邵元勋
Owner 航天科工网络信息发展有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap