CN106383768A - Mobile device operation behavior-based supervision analysis system and method - Google Patents
Mobile device operation behavior-based supervision analysis system and method Download PDFInfo
- Publication number
- CN106383768A CN106383768A CN201610826262.2A CN201610826262A CN106383768A CN 106383768 A CN106383768 A CN 106383768A CN 201610826262 A CN201610826262 A CN 201610826262A CN 106383768 A CN106383768 A CN 106383768A
- Authority
- CN
- China
- Prior art keywords
- subsystem
- mobile device
- user
- data
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3065—Monitoring arrangements determined by the means or processing involved in reporting the monitored data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3055—Monitoring arrangements for monitoring the status of the computing system or of the computing system component, e.g. monitoring if the computing system is on, off, available, not available
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention provides a mobile device operation behavior-based supervision analysis system. The supervision analysis system comprises a data acquisition subsystem, a storage subsystem, a sensitive information detection subsystem, an abnormal behavior detection subsystem, a machine learning subsystem, an asynchronous association analysis subsystem, a management and configuration subsystem, a remote control service subsystem and a third-party application service interface. By applying the system, the use of a mobile device by a user can be effectively supervised, so that the user data security is guaranteed; and report data of a mobile device usage behavior of the user is obtained by analysis, so that the user behavior can be known more visually.
Description
Technical field
The present invention relates to information monitoring field is and in particular to a kind of regulatory analysis system based on mobile device operation behavior
And its method, refer in particular to by gather mobile device operation behavioral data formed complete set collection user management, behavior supervision,
Behavior analysiss are in the regulatory analysis system and method for one.
Background technology
Constantly update with global information technology, the popularization and application of mobile device, mobile device is more and more intelligent, people
Demand using mobile device is more and more stronger.Mobile device is as the carrier of information, the individual number being produced by mobile device
It is believed that breath is more and more, the safety problem simultaneously occurring is also increasingly severe.Due to the portability of mobile device, set by movement
Standby situation about divulging a secret is increasingly severe.In the case of using in the field of need for confidentiality for mobile device, develop a kind of base
Very necessary in the regulatory analysis system of mobile device operation behavior.
In prior art, for the monitoring and managing method of mobile device, mostly artificial supervision or the self consciousness relying on individual,
Cause mobile device lawless person can not be led to be stolen secret information by mobile device by effective management and control.Because mobile device is compact,
Process of stealing secret information is hidden, and no record can inquire about it is difficult to timely find, postmortem analysiies difficulty is big.The regulatory analysis system of the present invention
Real-time monitoring can be carried out to all operations behavior of mobile device, and can be analyzed recalling afterwards, realize movement is set
Standby effective management and control.
Content of the invention
Present invention aims to current mobile device, using extensive, functional diversities, is needing safeguard protection
The problem that region cannot be supervised, provides a kind of regulatory analysis system of the operation behavior based on mobile device, can effectively stop
Information leakage, ensures data safety.
Described regulatory analysis system includes mutually synergistic data acquisition subsystem, storage subsystem, sensitive information
Detection subsystem, unusual checking subsystem, Machine Learning Subsystem, asynchronous association analysiss subsystem, management and configuration
System, remote control service subsystem and third-party application service interface.
In a kind of preferred embodiment of regulatory analysis system based on mobile device operation behavior that the present invention provides, described
Data acquisition subsystem gathers mobile device operation behavioral data:Described data acquisition subsystem includes being deployed in mobile device
Client, be deployed in the service end of server, described client be responsible for all operations behavioral data that mobile device is produced by
The data form record of regulation simultaneously returns to described service end;Described service end receives the described operation row from described client
For data, and classification process is carried out to described operation behavior data, be provided to distributed row in described storage subsystem
It is daily record warehouse and described sensitive information detection subsystem.
In a kind of preferred embodiment of regulatory analysis system based on mobile device operation behavior that the present invention provides, described
Storage subsystem include distributed user behaviors log warehouse, user basic information storehouse, policy library, APP storehouse, analysis result storehouse, detection
Model library and cloud backup library, are described data acquisition subsystem, described Machine Learning Subsystem, described asynchronous association analysiss subsystem
System and described management and configuration subsystem provide memory space.
In a kind of preferred embodiment of regulatory analysis system based on mobile device operation behavior that the present invention provides, described
Sensitive information detects that call, short multimedia message, data message that subsystem is used for mobile device is sent are filtered, if existing sensitive
Data then sends order by described remote control service subsystem and is blocked.
In a kind of preferred embodiment of regulatory analysis system based on mobile device operation behavior that the present invention provides, described
Unusual checking subsystem is used for detecting that the behavior of user whether there is extremely, if existing abnormal, by described remotely control
Service subsystem sends order and is alerted, and blocks.
In a kind of preferred embodiment of regulatory analysis system based on mobile device operation behavior that the present invention provides, described
Machine Learning Subsystem is used for learning the user behavior data in described distributed user behaviors log warehouse, is described sensitive information inspection
Survey subsystem and described unusual checking subsystem provides accurately user's detection model, described Machine Learning Subsystem includes
Characteristic extracting module, behavior modeling module, model evaluation module, Modifying model module, described Machine Learning Subsystem sets up essence
The flow process of mutatis mutandis family detection model comprises the steps:
Step A1:Described characteristic extracting module is by the operation behavior data characterization of user;
Step A2:Described behavior modeling module sets up user model by the characterization data of user;
Step A3:The user model that described model evaluation module produces to described behavior modeling module/revised user
Model is estimated testing, and test user model is the need of correction, if desired, then carrying out step A4, if not needing, carrying out
Step A5;
Step A4:If the result display user model of assessment needs to revise, by being artificially adjusted to user model,
It is modified by described Modifying model module, obtain revised user model, execution step A3.
Step A5:The user model that described behavior modeling module is produced is put into detection model storehouse and is supplied described Deviant Behavior inspection
Survey subsystem and described sensitive information detection subsystem uses.
In a kind of preferred embodiment of regulatory analysis system based on mobile device operation behavior that the present invention provides, described
Asynchronous association analysiss subsystem is used for analyzing the user operation behavioral data collected by described data acquisition subsystem, obtains user
Audit statement, various dimensions information report, be stored in described analysis result storehouse.
In a kind of preferred embodiment of regulatory analysis system based on mobile device operation behavior that the present invention provides, described
Management and configuration subsystem are used for carrying out authentic authentication, rights management to mobile device, and APP in mobile device is pacified
Tubulature reason, management of process, schema management, by sending instruction, sending described policy library to described remote control service subsystem
In strategy, send the APP Trusted List in described APP storehouse simultaneously, realize the unified management to mobile device, described management with
Configuration subsystem management process comprises the steps:
Step B1:Mobile device manufacture built-in digital certificate when dispatching from the factory first, when mobile device first time uses, needs
Described management and configuration subsystem to be registered, the digital certificate of the identity information of user and mobile device is submitted to
Described management and configuration subsystem, form user basic information storehouse, for the authentic authentication of user identity;
Step B2:Manager according to the data message of user and the identity information of user in described analysis result storehouse,
In described management and configuration subsystem, generation strategy is stored in described policy library, generates APP Trusted List simultaneously and is stored in APP storehouse;
Step B3:Described management and configuration subsystem pass through described remote control service subsystem and refer to for mobile device transmission
Make, strategy and APP Trusted List.
In a kind of preferred embodiment of regulatory analysis system based on mobile device operation behavior that the present invention provides, described
Remote control service subsystem be used for receive described management and configuration subsystem administration order to mobile device send instruction and
Strategy;Receive described sensitive information and detect that subsystem and the order of described unusual checking subsystem are supervised to mobile device
Pipe.
In a kind of preferred embodiment of regulatory analysis system based on mobile device operation behavior that the present invention provides, described
Third-party application service interface reserves interface, and the management end of the application software that third party is developed is integrated into described management and configures
In subsystem, can achieve the unified management of all third-party application software management ends.
In the monitoring and managing method of the above-mentioned regulatory analysis system based on mobile device operation behavior of the present invention also offer, specifically
Comprise the steps:
Step C1:Described data acquisition subsystem gathers the data of mobile device;
Step C2:Described data acquisition subsystem detects subsystem mistake to described sensitive information the data is activation collecting
Filter analysis;
Step C3:Described sensitive information detection subsystem carries out sensitivity analyses to data, if there is sensitive information, enters
Row step C6, if no sensitive information, carries out step C4;
Step C4:Send the data to described unusual checking subsystem;
Step C5:Described unusual checking subsystem detects to the data of mobile device, judges the behavior of user
With the presence or absence of abnormal, if existing abnormal, carrying out step C6, otherwise carrying out normal data message transmission;
Step C6:Block the transmission of data, and warning message is sent by described remote control service subsystem.
Meanwhile, the monitoring and managing method of the described regulatory analysis system based on mobile device operation behavior walks simultaneously parallel as follows
Suddenly:
Step D1:Described data acquisition subsystem gathers the data of mobile device;
Step D2:Described data acquisition subsystem enters the data is activation collecting to described distributed user behaviors log warehouse
Row storage, is described Machine Learning Subsystem and described asynchronous association analysiss subsystem provides data to support;
Step D3:Described Machine Learning Subsystem, according to the data in described distributed user behaviors log warehouse, sets up user
Model, is stored in described detection model storehouse;
Step D4:Described asynchronous association analysiss subsystem, according to the data in described distributed user behaviors log warehouse, is analyzed
Obtain the statistical data report messages that user uses mobile device, be stored in described analysis result storehouse, be described management and configuration
Subsystem provides user data information;
Step D5:Manager goes out the strategy of user according to the user data form information in described analysis result storehouse, decision-making
Storehouse, APP storehouse and the order controlling mobile device, are sent to remote control service subsystem;
Step D6:Described remote control service subsystem receives described management and the policy library of configuration subsystem, APP storehouse
And control command, mobile device is controlled manage.
Compared to prior art, the beneficial effect of the technical scheme of the offer of the present invention is:
Described regulatory analysis system collection data acquisition subsystem, storage subsystem, sensitive information detection subsystem, abnormal row
For detection subsystem, Machine Learning Subsystem, asynchronous association analysiss subsystem, management and configuration subsystem, remote control service
Subsystem and third-party application service interface are in one, various dimensions, the multi-level operation behavior supervising mobile device user, tool
There are prison and pipe dual-use function.
By data acquisition subsystem, described regulatory analysis system can understand that user uses the state of mobile device in real time;
Subsystem and unusual checking subsystem are detected by sensitive information and can effectively block user and leaked using mobile device
Sensitive information, and the row that may determine that, predict user's future with reference to Machine Learning Subsystem and asynchronous association analysiss subsystem
For whether being possible to leak sensitive information;Preserving user by distributed user behaviors log warehouse uses the history of mobile device to record
Record, provides the statistical data report messages of user in conjunction with asynchronous association analysiss subsystem, can analyze the historical data letter of user
Breath, the operation behavior of audit user, can be analyzed recalling afterwards;Can be realized to by third-party application service interface
The one-stop management in described management and configuration subsystem of the application management end of tripartite's exploitation;Can realize using by cloud backup library
Recovered by cloud backup library after the carrying out safety backup of user data, user data loss or damage;Regulatory analysis system passes through each height
The effective management and control to mobile device is realized in the mutual collaborative work of system.
Brief description
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, embodiment will be described below used in
Accompanying drawing be briefly described it should be apparent that, drawings in the following description are only some embodiments of the present invention, for ability
For the those of ordinary skill of domain, on the premise of not paying creative work, can also be obtained other attached according to these accompanying drawings
Figure, wherein:
Fig. 1 is the regulatory analysis system integrated stand composition based on mobile device operation behavior that the present invention provides;
Fig. 2 is the regulatory analysis system structure schematic diagram based on mobile device operation behavior that the present invention provides;
Fig. 3 is the composition figure of storage subsystem of the present invention;
Fig. 4 is that Machine Learning Subsystem sets up detection model flow chart;
Fig. 5 is management configuration subsystem work flow chart;
Fig. 6 is regulatory analysis system supervisory flow chart;
Fig. 7 is regulatory analysis SDA system data analysis flow chart;
Fig. 8 is regulatory analysis working-flow figure taking mobile phone communication as a example.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes it is clear that described embodiment is only a part of embodiment of the present invention.
Refer to Fig. 1, Fig. 1 is the regulatory analysis system overall architecture based on mobile device operation behavior that the present invention provides
Figure.Described regulatory analysis system includes data acquisition subsystem 1, storage subsystem 2, sensitive information detection subsystem 3, abnormal row
For detection subsystem 4, Machine Learning Subsystem 5, asynchronous association analysiss subsystem 6, management and configuration subsystem 7, remotely control
Service subsystem 8 and third-party application service interface 9.
Described data acquisition subsystem 1 includes the client being deployed in mobile device, the service end being deployed in server, institute
State client and be responsible for all operations behavioral data that mobile device is produced and by the data form record of regulation and return to described
Service end;Described service end receives the described operation behavior data from described client, and to described operation behavior data
Carry out classification process, be provided to described storage subsystem 2 and described sensitive information detection subsystem 3.
See also Fig. 1, Fig. 2 and Fig. 3, Fig. 2 is dividing based on the supervision of mobile device operation behavior of present invention offer
Analysis system structure principle chart, Fig. 3 is the composition figure of storage subsystem of the present invention.Described storage subsystem 2 includes user's base
This information bank 21, distributed user behaviors log warehouse 22, analysis result storehouse 23, APP storehouse 24, policy library 25, cloud backup library 26, detection
Model library 27, provides data space for described data acquisition subsystem 1, the analysis also producing for described regulatory analysis system
Result and journal file provide memory space, provide memory space for user data backup.
Described sensitive information detects that call, short multimedia message, data message that subsystem 3 is used for mobile device is sent are examined
Survey, if the call that sends of mobile device, short multimedia message, data message have sensitive information and pass through described remote control service subsystem
System 8 sends instruction to mobile device to carry out blocking operation, there is not sensitive information and is normal operating.By described sensitive information
Filtering of detection subsystem 3 detects the probability that can effectively reduce user by mobile device propagation sensitive information.
Described unusual checking subsystem 4 is used for detecting that the behavior of user whether there is extremely, if there is abnormal, institute
State remote control service subsystem 8 mobile device transmission instruction is alerted, block.Described unusual checking subsystem 4
According to the user's normal behaviour model comprising in the detection model storehouse 27 in described storage subsystem 2, described unusual checking
Call after described sensitive information detection subsystem 3 filters, short multimedia message, data message are carried out characterization and carry by subsystem 4
Win the confidence breath, generate corresponding user model, then with described storage subsystem 2 in described detection model storehouse 27 in just conventional
Family model carries out detection and judges, if described unusual checking subsystem 4 is judged as a kind of Deviant Behavior, is alerted, instead
It, then normal operating.Be whether there is different by the operation behavior that described unusual checking subsystem 4 can effectively judge user
Often, find risk in time and stop.
Described Machine Learning Subsystem 5 learns the user behavior data in described distributed user behaviors log warehouse 22, sets up
Accurately described detection model storehouse 27.Described Machine Learning Subsystem 5 includes behavior characteristic extraction module 51, behavior modeling module
52nd, model evaluation module 53, Modifying model module 54, described Machine Learning Subsystem 5 sets up accurately described detection model storehouse
27 flow process refers to Fig. 4, and Fig. 4 is that Machine Learning Subsystem sets up detection model flow chart, specifically includes following steps:
Step A1:Described characteristic extracting module 51 is by the operation behavior data characterization of user;
Step A2:Described behavior modeling module 52 sets up user model by the characterization data of user;
Step A3:Described model evaluation module 53 produces to Modifying model module 54 described in described behavior modeling module 52/
User model be estimated test, test user model the need of correction.If desired, then carry out step A4, if not needing
Then carry out step A5;
Step A4:If the result display user model of assessment needs to revise, by being artificially adjusted to user model,
It is modified by described Modifying model module 54, obtain revised user model, execution step A3.
Step A5:The user model that described behavior modeling module 52 is produced puts into described detection model storehouse 27 for described different
Often behavioral value subsystem 4 and sensitive information detection subsystem 3 use.
Described asynchronous association analysiss subsystem 6 is used for analyzing the user operation row collected by described data acquisition subsystem 1
For data, and detect the data of subsystem 3 and described unusual checking subsystem 4 through described sensitive information, used
The statistical report form data at family, provides data to support for manager's decision-making.By asynchronous association analysiss subsystem 6 to user using shifting
Being analyzed of all data of dynamic equipment, can obtain a lot of statistical information of personal user, such as to certain user
The website that using mobile device duration, often browses, commonly used APP software etc. are analyzed whether to obtain its work and rest
Rule, often pays close attention to any content, if like social, game etc..
Described management and configuration subsystem 7 are used for the authentic authentication to mobile device, rights management, and to mobile device
The installation of middle application software, process, schema management, realize the unified management of all mobile devices.By described third-party application
Service interface 9 can the one-stop management of management end to all third-party application softwares in described management and configuration subsystem 7,
Refer to Fig. 5, Fig. 5 is management configuration subsystem work flow chart, specifically includes following steps:
Step B1:Mobile device manufacture built-in digital certificate when dispatching from the factory first, when mobile device first time uses, needs
Described management and configuration subsystem 7 to be registered, the digital certificate of the identity information of user and mobile device is submitted to
To described management and configuration subsystem 7, form user basic information storehouse 21, for the authentic authentication of user identity;
Step B2:Manager according to the data message of user and the identity information of user in described analysis result storehouse 23,
Generate described policy library 25 and described APP storehouse 24 and administration order in described management and configuration subsystem 7;
Step B3:Described management and configuration subsystem 7 pass through described remote control service subsystem 8 and send for mobile device
Instruction, described policy library 25 and described APP storehouse 24 and management control command.
APP on described policy library 25 and described APP storehouse 24 management mobile device can install, and after installation, process can not
Can start, and when can start, described regulatory analysis system provides data backup and the management of mobile device
Third-party application service interface 9, is managed collectively third-party application by management and configuration subsystem 7, without each application
There is a management end, cause managerial confusion.
Described remote control service subsystem 8 is for receiving the administration order of described management and configuration subsystem 7 to movement
Equipment sends instruction and strategy;Receive the order that described sensitive information detects subsystem 3 and described unusual checking subsystem 4
Mobile device is supervised.
Described third-party application service interface 9 reserves interface in described regulatory analysis system, by answering that third party develops
It is integrated in described management and configuration subsystem 7 with the management end of software, can achieve all third-party application software management ends
Unified management.
See also Fig. 6 and Fig. 7, the monitoring and managing method bag of the above-mentioned regulatory analysis system based on mobile device operation behavior
Include following steps:
Step C1:Data acquisition subsystem 1 gathers the data of mobile device;
Step C2:Described 1 data is activation collecting of data acquisition subsystem detects subsystem 2 to described sensitive information
Filter analysis;
Step C3:Described sensitive information detection subsystem 2 carries out sensitivity analyses to data, if there is sensitive information, enters
Row step C6, if no sensitive information, carries out step C4;
Step C4:Send the data to unusual checking subsystem 4;
Step C5:Unusual checking subsystem 4 detects to the data of mobile device, whether judges the behavior of user
Exist abnormal, if existing abnormal, carrying out step C6, otherwise carrying out normal data message transmission;
Step C6:Block the transmission of data, and warning message is sent by described remote control service subsystem 8.
Meanwhile, described regulatory analysis system is also collaborative carries out following supervision flow:
Step D1:Data acquisition subsystem 1 gathers the data of mobile device;
Step D2:Described 1 data is activation collecting of data acquisition subsystem gives described distributed user behaviors log warehouse
22 are stored, and are described Machine Learning Subsystem 5 and described asynchronous association analysiss subsystem 6 offer data support;
Step D3:Described Machine Learning Subsystem 5, according to the data in described distributed user behaviors log warehouse 22, is set up and is used
Family model, is stored in described detection model storehouse 27;
Step D4:Described asynchronous association analysiss subsystem 6, according to the data in described distributed user behaviors log warehouse 22, divides
Analysis obtain user use mobile device statistical data report messages, be stored in described analysis result storehouse 23, be described management and
Configuration subsystem 7 provides user data information;
Step D5:Manager goes out the plan of user according to the user data form information in described analysis result storehouse 23, decision-making
The order being slightly stored in policy library 25, the Trusted List of APP is stored in APP storehouse 24 and controlling mobile device, is sent to remotely control
Service subsystem 8;
Step D6:Described remote control service subsystem 8 receives management and the policy information of configuration subsystem 7, APP can
Letter list and control command, are controlled to mobile device managing.
Refer to Fig. 8, Fig. 8 is regulatory analysis working-flow figure taking mobile phone communication as a example.Described regulatory analysis system
System workflow be:
Step S1:User produces a behavior by mobile phone dialing phone, and described data acquisition subsystem 1 obtains this row
For, and be sent to described distributed user behaviors log warehouse by certain data form and check in 22 that storage records this behavior, phone
Conversed after putting through;
Step S2:Described sensitive information detection subsystem 3 filters to communicating data, if there is sensitive information, passes through
Described remote control service subsystem 8 blocks conversing, and gives a warning, if there is not sensitive information, normal talking;
Step S3:Described Deviant Behavior analyzing subsystem 4 is analyzed to communicating data detecting, if there is Deviant Behavior,
Blocked conversing by described remote control service subsystem 8, and give a warning, if there is not Deviant Behavior, normal talking;
Step S4:The data of call is saved in the distributed user behaviors log warehouse of described storage subsystem 2, described machine
The study subsystem 5 and described asynchronous association analysiss subsystem 6 further analysis mining to communicating data, obtains the relevant mode of user
Type and the correlation analysiss form of user;
Step S5:All data of user can be checked in described management configuration subsystem 7, all mobile devices are led to
Words data is managed collectively.
Compared to prior art, the described regulatory analysis system that the present invention provides has multi-level safety to mobile device
Safeguard function, can also pass through the data of big data analytical user, excavate valuable associated data information, also
The historical data that user can be provided facilitates for offer of tracing afterwards.By data acquisition subsystem 1, storage subsystem 2, sensitivity
Infomation detection subsystem 3, unusual checking subsystem 4, Machine Learning Subsystem 5, asynchronous association analysiss subsystem 6, management
And the synergism between configuration subsystem 7, remote control service subsystem 8 and third-party application service interface 9, realize to shifting
The unified management of dynamic equipment.
The foregoing is only embodiments of the invention, not thereby limit the present invention the scope of the claims, every using this
Equivalent structure or equivalent flow conversion that bright description is made, or directly or indirectly it is used in the technology neck of other correlations
Domain, is all included in the same manner within the scope of patent protection of the present invention.
Claims (12)
1. a kind of regulatory analysis system based on mobile device operation behavior is it is characterised in that include mutually synergistic number
According to acquisition subsystem, storage subsystem, sensitive information detection subsystem, unusual checking subsystem, Machine Learning Subsystem,
Asynchronous association analysiss subsystem, management and configuration subsystem, remote control service subsystem and third-party application service interface.
2. the regulatory analysis system based on mobile device operation behavior according to claim 1 it is characterised in that:Described number
Gather mobile device operation behavioral data according to acquisition subsystem:Described data acquisition subsystem includes the visitor being deployed in mobile device
Family end, it is deployed in the service end of server, described client is responsible for all operations behavioral data producing mobile device by rule
Fixed data form record simultaneously returns to described service end;Described service end receives the described operation behavior from described client
Data, and described operation behavior data is processed, it is provided to described storage subsystem and the inspection of described sensitive information
Survey subsystem.
3. the regulatory analysis system based on mobile device operation behavior according to claim 2 it is characterised in that:Described deposit
Storage subsystem includes distributed user behaviors log warehouse, user basic information storehouse, policy library, APP storehouse, analysis result storehouse, detection mould
Type storehouse and cloud backup library, are described data acquisition subsystem, described Machine Learning Subsystem, described asynchronous association analysiss subsystem
And described management and configuration subsystem provide memory space.
4. the regulatory analysis system based on mobile device operation behavior according to claim 3 it is characterised in that:Described quick
The call that sense infomation detection subsystem is used for mobile device is sent, short multimedia message, data message filter, if there is sensitive number
Blocked according to then order being sent by described remote control service subsystem.
5. the regulatory analysis system based on mobile device operation behavior according to claim 4 it is characterised in that:Described different
Often behavioral value subsystem is used for detecting that the behavior of user whether there is extremely, if existing abnormal, is taken by described remotely control
Business subsystem sends order and is alerted, and blocks.
6. the regulatory analysis system based on mobile device operation behavior according to claim 5 it is characterised in that:Described machine
Device learns subsystem and is used for learning the user behavior data in described distributed user behaviors log warehouse, is described sensitive information detection
Subsystem and unusual checking subsystem provide accurately user's detection model, and described Machine Learning Subsystem includes feature and carries
Delivery block, behavior modeling module, model evaluation module, Modifying model module, described Machine Learning Subsystem sets up accurate user
The flow process of detection model comprises the steps:
Step A1:Described characteristic extracting module is by the operation behavior data characterization of user;
Step A2:Described behavior modeling module sets up user model by the characterization data of user;
Step A3:The user model that described model evaluation module produces to described behavior modeling module/revised user model
It is estimated testing, test user model is the need of correction, if desired, then carrying out step A4, if not needing, carrying out step
A5;
Step A4:If the result display user model of assessment needs to revise, by being artificially adjusted to user model, pass through
Described Modifying model module is modified, and obtains revised user model, execution step A3.
Step A5:The user model that described behavior modeling module is produced puts into described detection model storehouse, for described Deviant Behavior
Detection subsystem and described sensitive information detection subsystem use.
7. the regulatory analysis system based on mobile device operation behavior according to claim 6 it is characterised in that:Described different
Step association analysiss subsystem is used for analyzing the user operation behavioral data collected by described data acquisition subsystem, obtains user's
Audit statement, various dimensions information report, are stored in described analysis result storehouse.
8. the regulatory analysis system based on mobile device operation behavior according to claim 7 it is characterised in that:Described pipe
Reason and configuration subsystem are used for carrying out authentic authentication, rights management to mobile device, and APP in mobile device is installed
Management, management of process, schema management, by sending instruction, sending in described policy library to described remote control service subsystem
Strategy, send the APP Trusted List in described APP storehouse simultaneously, realize the unified management to mobile device, described management with join
Put management subsystem process to comprise the steps:
Step B1:Mobile device manufacture built-in digital certificate when dispatching from the factory first, when mobile device first time uses, needs to exist
Register in described management and configuration subsystem, the digital certificate of the identity information of user and mobile device is submitted to described
Management and configuration subsystem, form user basic information storehouse, for the authentic authentication of user identity;
Step B2:Manager according to the data message of user and the identity information of user in described analysis result storehouse, described
In management and configuration subsystem, generation strategy is stored in described policy library, generates APP Trusted List simultaneously and is stored in described APP storehouse;
Step B3:Described management and configuration subsystem by described remote control service subsystem be mobile device send instruct,
Strategy and APP Trusted List.
9. the regulatory analysis system based on mobile device operation behavior according to claim 8 it is characterised in that:Described remote
Process control service subsystem is used for receiving described management and the administration order of configuration subsystem sends instruction and plan to mobile device
Slightly;Receive described sensitive information and detect that subsystem and the order of described unusual checking subsystem are supervised to mobile device
Pipe.
10. the regulatory analysis system based on mobile device operation behavior according to claim 9 it is characterised in that:Described
Third-party application service interface reserves interface, and the management end of the application software that third party is developed is integrated into described management and configures
In subsystem, can achieve the unified management of all third-party application software management ends.
A kind of 11. monitoring and managing methods based on the regulatory analysis system based on mobile device operation behavior described in claim 10, its
It is characterised by:Comprise the steps:
Step C1:Described data acquisition subsystem gathers the data of mobile device;
Step C2:Described data acquisition subsystem gives described sensitive information detection subsystem filtration point the data is activation collecting
Analysis;
Step C3:Described sensitive information detection subsystem carries out sensitivity analyses to data, if there is sensitive information, is walked
Rapid C6, if no sensitive information, carries out step C4;
Step C4:Send the data to described unusual checking subsystem;
Step C5:Described unusual checking subsystem detects to the data of mobile device, whether judges the behavior of user
Exist abnormal, if existing abnormal, carrying out step C6, otherwise carrying out normal data message transmission;
Step C6:Block the transmission of data, and warning message is sent by described remote control service subsystem.
12. according to claim 11 the regulatory analysis system based on mobile device operation behavior monitoring and managing method, its feature
It is:Described monitoring and managing method also includes following parallel step:
Step D1:Described data acquisition subsystem gathers the data of mobile device;
Step D2:Described data acquisition subsystem is deposited the data is activation collecting to described distributed user behaviors log warehouse
Storage, is described Machine Learning Subsystem and described asynchronous association analysiss subsystem provides data to support;
Step D3:Described Machine Learning Subsystem, according to the data in described distributed user behaviors log warehouse, sets up user model,
It is stored in described detection model storehouse;
Step D4:Described asynchronous association analysiss subsystem obtains according to the data in described distributed user behaviors log warehouse, analysis
User uses the statistical data report messages of mobile device, is stored in described analysis result storehouse, is described management and configuration subsystem
System provides user data information;
Step D5:Manager according to the user data form information in described analysis result storehouse, decision-making go out user policy library,
APP storehouse and the order controlling mobile device, are sent to remote control service subsystem;
Step D6:Described remote control service subsystem receives management and policy library, APP storehouse and the control of configuration subsystem
Order, is controlled to mobile device managing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610826262.2A CN106383768A (en) | 2016-09-14 | 2016-09-14 | Mobile device operation behavior-based supervision analysis system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610826262.2A CN106383768A (en) | 2016-09-14 | 2016-09-14 | Mobile device operation behavior-based supervision analysis system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106383768A true CN106383768A (en) | 2017-02-08 |
Family
ID=57935668
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610826262.2A Pending CN106383768A (en) | 2016-09-14 | 2016-09-14 | Mobile device operation behavior-based supervision analysis system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106383768A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107302520A (en) * | 2017-05-15 | 2017-10-27 | 北京明朝万达科技股份有限公司 | A kind of dynamic anti-leak of data and method for early warning and system |
| CN107862033A (en) * | 2017-11-03 | 2018-03-30 | 福建中金在线信息科技有限公司 | A kind of user behavior analysis method and system |
| CN108668306A (en) * | 2017-03-28 | 2018-10-16 | 江苏北弓智能科技有限公司 | A kind of data collecting system built in Mobile operating system |
| CN108921399A (en) * | 2018-06-14 | 2018-11-30 | 北京新广视通科技有限公司 | A kind of intelligence direct management system and method |
| CN110633872A (en) * | 2019-09-26 | 2019-12-31 | 山东鲁能软件技术有限公司 | Violation behavior identification method and system based on big data analysis |
| CN111176236A (en) * | 2019-12-31 | 2020-05-19 | 四川红华实业有限公司 | Industrial control safety protection system of centrifugal plant and safety protection operation method thereof |
| CN111581621A (en) * | 2020-05-07 | 2020-08-25 | 中芯集成电路(宁波)有限公司 | Data security processing method, device, system and storage medium |
| CN112052149A (en) * | 2020-09-06 | 2020-12-08 | 厦门理工学院 | Big data information acquisition system and use method |
| CN112703712A (en) * | 2018-09-17 | 2021-04-23 | 微软技术许可有限责任公司 | Supervised learning system for identity hazard risk calculation |
| CN114641968A (en) * | 2019-07-03 | 2022-06-17 | 向心网络公司 | Method and system for efficient network protection of mobile devices |
| CN114791893A (en) * | 2021-12-15 | 2022-07-26 | 许磊 | Serialization system for random data access |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101764704A (en) * | 2009-12-10 | 2010-06-30 | 陕西鼎泰科技发展有限责任公司 | Method for auditing internet sensitive contents and device thereof |
| CN102413143A (en) * | 2011-12-01 | 2012-04-11 | 江苏华丽网络工程有限公司 | Security audit system and method based on cloud computing |
| CN104361282A (en) * | 2014-10-31 | 2015-02-18 | 中国联合网络通信集团有限公司 | Mobile terminal security protecting method and device |
| CN105897807A (en) * | 2015-01-14 | 2016-08-24 | 江苏博智软件科技有限公司 | Mobile intelligent terminal abnormal code cloud detection method based on behavioral characteristics |
-
2016
- 2016-09-14 CN CN201610826262.2A patent/CN106383768A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101764704A (en) * | 2009-12-10 | 2010-06-30 | 陕西鼎泰科技发展有限责任公司 | Method for auditing internet sensitive contents and device thereof |
| CN102413143A (en) * | 2011-12-01 | 2012-04-11 | 江苏华丽网络工程有限公司 | Security audit system and method based on cloud computing |
| CN104361282A (en) * | 2014-10-31 | 2015-02-18 | 中国联合网络通信集团有限公司 | Mobile terminal security protecting method and device |
| CN105897807A (en) * | 2015-01-14 | 2016-08-24 | 江苏博智软件科技有限公司 | Mobile intelligent terminal abnormal code cloud detection method based on behavioral characteristics |
Non-Patent Citations (1)
| Title |
|---|
| 王玉婉: "移动互联网行为审计***的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108668306B (en) * | 2017-03-28 | 2021-10-22 | 江苏北弓智能科技有限公司 | Data acquisition system with built-in mobile operating system |
| CN108668306A (en) * | 2017-03-28 | 2018-10-16 | 江苏北弓智能科技有限公司 | A kind of data collecting system built in Mobile operating system |
| CN107302520A (en) * | 2017-05-15 | 2017-10-27 | 北京明朝万达科技股份有限公司 | A kind of dynamic anti-leak of data and method for early warning and system |
| CN107862033A (en) * | 2017-11-03 | 2018-03-30 | 福建中金在线信息科技有限公司 | A kind of user behavior analysis method and system |
| CN108921399A (en) * | 2018-06-14 | 2018-11-30 | 北京新广视通科技有限公司 | A kind of intelligence direct management system and method |
| CN112703712A (en) * | 2018-09-17 | 2021-04-23 | 微软技术许可有限责任公司 | Supervised learning system for identity hazard risk calculation |
| CN112703712B (en) * | 2018-09-17 | 2023-04-18 | 微软技术许可有限责任公司 | Supervised learning system for identity hazard risk calculation |
| US11899763B2 (en) | 2018-09-17 | 2024-02-13 | Microsoft Technology Licensing, Llc | Supervised learning system for identity compromise risk computation |
| CN114641968A (en) * | 2019-07-03 | 2022-06-17 | 向心网络公司 | Method and system for efficient network protection of mobile devices |
| CN110633872A (en) * | 2019-09-26 | 2019-12-31 | 山东鲁能软件技术有限公司 | Violation behavior identification method and system based on big data analysis |
| CN111176236A (en) * | 2019-12-31 | 2020-05-19 | 四川红华实业有限公司 | Industrial control safety protection system of centrifugal plant and safety protection operation method thereof |
| CN111581621A (en) * | 2020-05-07 | 2020-08-25 | 中芯集成电路(宁波)有限公司 | Data security processing method, device, system and storage medium |
| CN112052149A (en) * | 2020-09-06 | 2020-12-08 | 厦门理工学院 | Big data information acquisition system and use method |
| CN114791893A (en) * | 2021-12-15 | 2022-07-26 | 许磊 | Serialization system for random data access |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106383768A (en) | Mobile device operation behavior-based supervision analysis system and method | |
| US10339309B1 (en) | System for identifying anomalies in an information system | |
| CN104283889B (en) | APT attack detectings and early warning system inside electric system based on the network architecture | |
| CN102568148B (en) | Early warning method and early warning system | |
| CN109818942A (en) | A kind of user account number method for detecting abnormality and device based on temporal aspect | |
| CN107689954A (en) | Power information system monitoring method and device | |
| CN106778253A (en) | Threat context aware information security Initiative Defense model based on big data | |
| CN106209893A (en) | The inside threat detecting system excavated based on business process model and detection method thereof | |
| CN104378228B (en) | Network data security manages system and method | |
| CN108123939A (en) | Malicious act real-time detection method and device | |
| CN114881808B (en) | Big data-based accurate identification method for electric power larceny and electric power larceny prevention system | |
| CN105573291B (en) | A kind of threat detection method and safety device based on key parameter fusion verification | |
| CN109583711A (en) | A kind of security risk assessment whole process management system | |
| CN105069354A (en) | Attack tree model based Android software hybrid detection method | |
| CN109347808A (en) | A kind of safety analytical method based on user group behavioral activity | |
| CN108233323A (en) | A kind of current leakage detection system | |
| CN109684863A (en) | Data leakage prevention method, device, equipment and storage medium | |
| CN109388949B (en) | Data security centralized management and control method and system | |
| CN105933458A (en) | Multilevel cloud monitoring platform | |
| CN115378711A (en) | Industrial control network intrusion detection method and system | |
| CN107644165A (en) | Security protection platform and safety protecting method and device | |
| KR20090087372A (en) | Ubiquitous cultural property protection and management system | |
| CN109255335A (en) | Identification monitoring system for construction site excavator | |
| Salehie et al. | Adaptive security and privacy in smart grids: A software engineering vision | |
| Zhao et al. | Research of intrusion detection system based on neural networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170208 |