Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for detecting abnormal behavior of internal users in an enterprise

An internal user and detection method technology, applied in the field of network security, can solve the problems of ignoring user behavior details, over-reliance on manual determination and extraction of user behavior characteristics, and failure of internal threat detection to achieve the effect of solving the lack of details

Active Publication Date: 2020-12-11
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU +2
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 1. The determination and extraction of user behavior characteristics rely too much on manual work, and the extracted features are mostly simple statistical information, ignoring a large number of user behavior details
[0007] 2. The currently popular method of labeling user behavior portraits in the Internet, statistics and analysis of basic data such as website visits, and discovers the rules of user visits from it. This type of method is suitable for business operations and business recommendations. Internal The Threat Detection Field Doesn't Work

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting abnormal behavior of internal users in an enterprise
  • Method and device for detecting abnormal behavior of internal users in an enterprise
  • Method and device for detecting abnormal behavior of internal users in an enterprise

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0063] like figure 1 As shown, a method for detecting an abnormal behavior of an enterprise internal user of the present invention includes the following steps:

[0064] Step S101: Divide the historical behavior log data of internal users in the enterprise into different data streams according to the user ID, and perform different processing in the analysis process for the historical behavior log data corresponding to different behaviors, and analyze each historical behavior log data as a five-tuple.

[0065] Step S102: Build an index for the analyzed historical behavior log data and store it in the full-text search engine database as the basic data for the initial search. When new behavior log data is received, search for the five-element corresponding to the new behavior log data The group extracts the corresponding behavior detail information, retrieves the frequency and time node information of each behavior detail information in the historical behavior, completes the com...

Embodiment 2

[0069] Another method for detecting abnormal behavior of internal users in an enterprise of the present invention includes the following steps:

[0070] Step S201: Divide the historical behavior log data of internal users in the enterprise into different data streams according to the user ID, and perform different processing in the analysis process for the historical behavior log data corresponding to different behaviors, and analyze each historical behavior log data is a five-tuple;

[0071] In order to ensure that legitimate users can effectively access protected resources, prevent unauthorized access by illegal users, and retain user behavior records for violation investigation, log analysis and auditing have become important means to protect enterprise information security and monitor internal user behavior compliance. In the audit system, various sensors deployed in the enterprise will continuously record user operation behaviors, generate relevant logs, and store them in...

Embodiment 3

[0109] like Image 6 As shown, a device for detecting abnormal behaviors of internal users in an enterprise of the present invention includes:

[0110] The behavior log acquisition and preprocessing module 301 is used to divide the historical behavior log data of the internal users of the enterprise into different data streams according to the user ID, and perform different processing in the parsing process for the historical behavior log data corresponding to different behaviors, Parse each piece of historical behavior log data into a five-tuple;

[0111] Behavior detail modeling module 302, used for building an index for the historical behavior log data after analysis, storing in the full-text search engine database, as the basic data of initial search, when receiving new behavior log data, by searching new behavior log data The five-tuple corresponding to the log data extracts the corresponding behavior details, retrieves the frequency and time node information of each beh...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the technical field of network security, in particular to a method and a device for detecting abnormal behavior of users within an enterprise. The invention discloses a method for detecting abnormal behaviors of internal users in an enterprise, and also discloses a device for detecting abnormal behaviors of internal users in an enterprise, including: a behavior log acquisition and preprocessing module; a behavior detail modeling module; a business state transfer prediction module; a malicious behavior scoring and judging module . The present invention uses an unsupervised machine learning method, makes full use of unmarked historical behavior log data in the enterprise to build a user behavior model, improves the accuracy of abnormal behavior detection, reduces the rate of false positives and false positives, and provides a basis for detecting internal Threats provide effective means.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and a device for detecting abnormal behavior of users within an enterprise. Background technique [0002] The losses caused by deliberate sabotage or unintentional dereliction of duty by internal users account for an increasing proportion of global enterprises every year, and internal threats have increasingly become the focus of enterprise security concerns. Attackers come from within the enterprise, and attacks often occur during working hours. Malicious behavior is embedded in a large amount of normal data, which increases the difficulty of data mining and analysis. At the same time, attackers often have relevant knowledge of organizational security defense mechanisms and can take measures to evade security detection. However, there are various attack modes of insider threats, it is costly and difficult to obtain attack samples, the workload of manual determi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06F16/18G06F16/955G06K9/62
CPCH04L63/1425G06F18/23213G06F18/2411G06F18/295
Inventor 郭渊博刘春辉孔菁朱智强常朝稳李亚东段刚
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com