Method and device for detecting abnormal login through stack backtracking

A technology for detecting anomalies and abnormal logins, applied in computer security devices, instruments, electrical digital data processing, etc., can solve the problems of time-consuming and labor-intensive operation and maintenance, inability to effectively detect abnormal logins, and inability to detect the legality of login sources, etc.

Inactive Publication Date: 2021-04-23
安芯网盾(北京)科技有限公司
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In order to solve the above technical problems, the present invention proposes a method and device for detecting abnormal logins through stack backtracking, to solve the problem that the existing technology cannot effectively detect abnormal logins, the operation and maintenance stage is time-consuming and labor-intensive, and the legality of the login sources cannot be detected. sexual technical issues

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting abnormal login through stack backtracking
  • Method and device for detecting abnormal login through stack backtracking

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] In order to make the purpose, technical solution and advantages of the present invention clearer, the technical solution of the present invention will be clearly and completely described below in conjunction with specific embodiments of the present invention and corresponding drawings. Apparently, the described embodiments are only some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0029] combine first figure 1 A flow chart of a method for detecting abnormal login through stack backtracking according to an embodiment of the present invention is illustrated. Such as figure 1 As shown, the method includes the following steps:

[0030] Step S1, when the user login behavior is monitored, the stack information corresponding to the thread of th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and device for detecting abnormal login through stack backtracking, and the method comprises the steps: S1, carrying out the backtracking of stack information corresponding to a thread of a login behavior when the login behavior of a user is monitored, and obtaining an API call sequence; s2, comparing the obtained API calling sequence with a pre-collected white list of the API calling sequence; and S3, if the comparison result is inconsistent, detecting an abnormal login behavior. The scheme of the invention has the characteristics of high detection rate, low false alarm rate, real-time performance and the like.

Description

technical field [0001] The invention relates to the field of computer information security, in particular to a method and device for detecting abnormal login through stack backtracking. Background technique [0002] Abnormal login behavior detection is an important part of asset risk management for administrators. Abnormal logins include abnormal logins from unused addresses, logins using illegal authentication information, and attempted blasting. Currently, the methods for detecting abnormal logins on hosts mainly include the following: detection mechanism. [0003] Judgment based on simple rules: Analyze login behavior by recording account login history information, and set login detection frequency rules, so as to establish a whitelist database based on common IP addresses. Login behaviors that are not in the whitelist database are defined as abnormal logins. This detection mechanism has obvious omissions and false positives. [0004] Judgment based on manual rule match...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55
CPCG06F21/552
Inventor 朱燕涛
Owner 安芯网盾(北京)科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap