Method and device compatible with structured and unstructured privileged threat behavior data

An unstructured and structured technology, applied in the field of abnormal behavior detection of privileged threats, can solve problems such as difficult detection, inconsistency of audit log data, and data islands, and achieve the effect of low risk

Inactive Publication Date: 2019-12-03
广州海颐信息安全技术有限公司
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

It is very difficult for traditional tools or systems to detect abnormal behaviors of privilege threats. The main reason is that the audit log data of various operating systems, applications, databases, network devices, security devices, etc. are not uniform, and there are many unstructured data, which is difficult to conduct Unified access, parsing, and association detection, resulting in data islands

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device compatible with structured and unstructured privileged threat behavior data
  • Method and device compatible with structured and unstructured privileged threat behavior data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0025] In the embodiment of the method and device compatible with structured and unstructured privileged threat behavior data of the present invention, the method for compatible with structured and unstructured privileged threat behavior data is applied to a privileged threat analysis system, and the privileged threat analysis system includes interconnection Intelligent threat audit unit, real-time threat monitoring unit and overall configuration management uni...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a device compatible with structured and unstructured privilege threat behavior data. The method comprises the following steps: accessing privilege account sessionlog data and privilege account terminal operation audit log data; planning classified storage indexes for the privileged account session log data and the privileged account terminal operation audit log data as required, wherein the classified storage indexes comprise a structured log data structure and an unstructured log data structure; respectively defining corresponding analysis templates for the structured log data structure and the unstructured log data structure, and manually updating the analysis templates as required; according to the analysis template, carrying out isomorphism processing on various abnormal log data; and associating various types of heterogeneous privilege threat abnormal behavior data as required, and detecting privilege threat abnormal behaviors. According to the method, various heterogeneous log data can be accessed and analyzed in a perfect adaptation manner, and a guarantee is provided for subsequent privilege threat abnormal behavior detection and analysis, so that the risk of loss caused by privilege threat abnormal behaviors of enterprises is reduced to the minimum.

Description

technical field [0001] The invention relates to the field of privilege threat abnormal behavior detection, in particular to a method and device compatible with structured and unstructured privilege threat behavior data. Background technique [0002] Privileged accounts refer to accounts with high risk (such as administrator accounts that can start and stop devices) or high value (such as application accounts that can read business-sensitive data). More than half of major security incidents each year are due to privileged accounts being This behavior of using privileged accounts to cause damage or loss to enterprises is called privileged threat abnormal behavior. It is very difficult for traditional tools or systems to detect abnormal behaviors of privilege threats. The main reason is that the audit log data of various operating systems, applications, databases, network devices, security devices, etc. are not uniform, and there are many unstructured data, which is difficult t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/45G06F16/22G06F16/31G06F16/23
CPCG06F16/2228G06F16/23G06F16/313G06F21/45
Inventor 邓帧恒董明易伟增
Owner 广州海颐信息安全技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap