CN107395585A - A kind of acquisition methods, system and the equipment of the abnormal index based on timing node - Google Patents

A kind of acquisition methods, system and the equipment of the abnormal index based on timing node Download PDF

Info

Publication number
CN107395585A
CN107395585A CN201710579192.XA CN201710579192A CN107395585A CN 107395585 A CN107395585 A CN 107395585A CN 201710579192 A CN201710579192 A CN 201710579192A CN 107395585 A CN107395585 A CN 107395585A
Authority
CN
China
Prior art keywords
verification certificate
timing node
login
abnormal index
newest
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710579192.XA
Other languages
Chinese (zh)
Other versions
CN107395585B (en
Inventor
黄丽诗
胡泽柱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SF Technology Co Ltd
SF Tech Co Ltd
Original Assignee
SF Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SF Technology Co Ltd filed Critical SF Technology Co Ltd
Priority to CN201710579192.XA priority Critical patent/CN107395585B/en
Publication of CN107395585A publication Critical patent/CN107395585A/en
Application granted granted Critical
Publication of CN107395585B publication Critical patent/CN107395585B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/535Tracking the activity of the user

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention relates to a kind of acquisition methods, system and the equipment of the abnormal index based on timing node.Comprise the following steps:Obtain successful verification certificate/logon data of the user in history preset time section;According to the success verification certificate/logon data, create verification certificate/login according to timing node order and be accustomed to table;The timing node of newest verification certificate/logon data is obtained, with the verification certificate/login custom table contrast;If the duration interval of timing node where newest verification certificate/logon data and the normal value of the timing node on verification certificate/login custom table is less than or equal to predetermined threshold value, for normal verification certificate/login;If the duration interval of timing node where newest verification certificate/logon data and the normal value of the timing node on verification certificate/login custom table is more than predetermined threshold value, for abnormal verification certificate/login, abnormal index is taken according to duration interval generation.Simple to operate, quick, because whether verification certificate/login is that passage time node data is judged extremely, therefore accuracy is high.

Description

A kind of acquisition methods, system and the equipment of the abnormal index based on timing node
Technical field
The present invention relates to data switching networks, more particularly to a kind of acquisition methods of the abnormal index based on timing node, System and equipment.
Background technology
Verification certificate is typically based on extremely at present alerts or detects verification certificate user after verification certificate quantity is ranked up and whether there is The features such as machine verification certificate judge anomalous event.
Log in it is abnormal it is more logged in by morning, different-place login, repeatedly access the common dimension such as unsuccessfully, judge anomalous event.
Above-mentioned user's exception verification certificate/login test mode low precision, has substantial amounts of spurious alarm, causes investigator can not Covering investigation anomalous event one by one, causes real anomalous event not found by investigation, it is possible to which being brought to such as express company can not The loss made up.
The content of the invention
In order to solve the above-mentioned technical problem, it is an object of the invention to provide a kind of abnormal index based on timing node Acquisition methods, system and equipment.
According to an aspect of the invention, there is provided a kind of acquisition methods of the abnormal index based on timing node, it is special Sign is,
Obtain successful verification certificate/logon data of the user in history preset time section;
According to the success verification certificate/logon data, create verification certificate/login according to timing node order and be accustomed to table;
The timing node of newest verification certificate/logon data is obtained, with the verification certificate/login custom table contrast;
If the normal value of timing node where newest verification certificate/logon data and the timing node on verification certificate/login custom table Duration interval be less than or equal to predetermined threshold value, then be normal verification certificate/login;
If the normal value of timing node where newest verification certificate/logon data and the timing node on verification certificate/login custom table Duration interval be more than predetermined threshold value, then be abnormal verification certificate/login, according to the duration interval generation take abnormal index.
Further, it is described to include according to timing node order establishment verification certificate/login custom table:
Minimum verification certificate/login times in each timing node of user in acquisition history preset time section;
Each timing node is traveled through, verification certificate/login times of each timing node and minimum verification certificate/login times are contrasted,
If being more than or equal to minimum verification certificate/login times, by the timing node labeled as the first mark;
If it is less than minimum verification certificate/login times, and adjacent timing node is the first mark, then marks the timing node For the first mark;
Generation custom table.
Number of the counting user in the success verification certificate/login of each timing node;
Calculate the average value and standard deviation of its verification certificate/login times;
Define minimum verification certificate/login times=average value-n × standard deviation of user;
Wherein, n=0-2.N can be set according to specific business scenario, generally take 1.
Further, also include before custom table is generated,
Search the isolated timing node of unmarked first mark;
The position of isolated timing node is obtained, judges the timing node whether between two first marks;
If so, then by the isolated timing node labeled as the second mark;
If it is not, then by the isolated timing node labeled as the 3rd mark.
Further, if timing node where newest verification certificate/logon data and the timing node on verification certificate/login custom table The distance of normal value be more than predetermined threshold value, abnormal index is generated according to the duration interval, including:
Judge that the newest verification certificate/login time nodal distance first identifies or second identifies whether in default duration scope It is interior, to be abnormal if preset duration scope is exceeded, and abnormal index is generated according to its when long range beyond preset duration scope.
If the normal value of timing node where newest verification certificate/logon data and the timing node on verification certificate/login custom table Distance be less than or equal to predetermined threshold value, including:
Judge that the newest verification certificate/login time nodal distance first identifies or second identifies whether in default duration scope It is interior, it is normal if not less than preset duration scope.
Further, based on judging that the newest verification certificate/login time nodal distance first identifies or second identifies whether In the range of default duration, judge whether verification certificate/login is abnormal, including:
If the newest verification certificate/login time node just corresponds to the first mark or the second mark, verification certificate/login is normal, If identifying not corresponding, exception with the first mark or second, according to the when long range for deviateing nearest first mark or the second mark Obtain abnormal index.
When user adds up insufficient preset time section without history success verification certificate/logon data or success verification certificate/logon data, Abnormal index assignment is then 0%.
The timing node is one hour or half an hour.
Further, it is described to be included according to its when acquisition abnormal index over long distances beyond preset duration scope:
Exception level is divided according to duration interval, and generates abnormal index corresponding to exception level.
Further, it is described that exception level is divided according to duration interval, and generate abnormal index bag corresponding to exception level Include:
Judge the timing node of whether corresponding first mark of the newest verification certificate/login time node or the second mark, if so, Then abnormal index is 0%;
The duration of the first nearest mark of the newest verification certificate/login time nodal distance or the second mark is judged, if duration Less than two hours, then abnormal index was 50%;
The duration of the first nearest mark of the newest verification certificate/login time nodal distance or the second mark is judged, if duration It was less than more than two hours three hours, then abnormal index is 80%;
The duration of the first nearest mark of the newest verification certificate/login time nodal distance or the second mark is judged, if duration More than four hours, then abnormal index was 100%.
According to another aspect of the present invention, there is provided a kind of acquisition system of the abnormal index based on timing node, bag Include:
Collecting unit:Obtain successful verification certificate/logon data of the user in history preset time section;
Custom table establishes unit:According to the success verification certificate/logon data, verification certificate/step on is created according to timing node order Record custom table;
Abnormal deciding means:The timing node of newest verification certificate/logon data is obtained, with the verification certificate/login custom table Contrast, judge whether the verification certificate/login is abnormal.
The acquisition system of the abnormal index based on timing node is based on the different of timing node based on above-mentioned any one The system of the acquisition methods of ordinary index, the establishment of verification certificate/login custom table and the when segmentum intercalaris by newest verification certificate/logon data Point, judge the verification certificate/login whether extremely etc. the step such as exception based on timing node with the custom table contrast of the verification certificate/login Described in the acquisition methods part of index.
According to another aspect of the present invention, there is provided a kind of acquisition equipment of the abnormal index based on timing node, bag The computer-readable medium for being stored with computer program is included, described program is run for performing:
Obtain successful verification certificate/logon data of the user in history preset time section;
According to the success verification certificate/logon data, create verification certificate/login according to timing node order and be accustomed to table;
The timing node of newest verification certificate/logon data is obtained, with the verification certificate/login custom table contrast;
If the normal value of timing node where newest verification certificate/logon data and the timing node on verification certificate/login custom table Duration interval be less than or equal to predetermined threshold value, then be normal verification certificate/login;
If the normal value of timing node where newest verification certificate/logon data and the timing node on verification certificate/login custom table Duration interval be more than predetermined threshold value, then be abnormal verification certificate/login, and according to the time interval obtain abnormal index.
The acquisition equipment of the abnormal index based on timing node is based on the different of timing node based on above-mentioned any one The equipment of the acquisition methods of ordinary index, the establishment of verification certificate/login custom table and the when segmentum intercalaris by newest verification certificate/logon data Point, judge the verification certificate/login whether extremely etc. the step such as exception based on timing node with the custom table contrast of the verification certificate/login Described in the acquisition methods part of index.
Compared with prior art, the invention has the advantages that:
1st, the acquisition methods of the abnormal index based on timing node of example of the present invention, are preset by obtaining user in history Successful verification certificate/logon data in time section;According to the success verification certificate/logon data, created according to timing node order Verification certificate/login custom table;The timing node of newest verification certificate/logon data is obtained, only by being accustomed to table with the verification certificate/login Contrast, you can judge whether the verification certificate/login is abnormal, by checking that it deviates the timing node on verification certificate/login custom table The duration interval of normal value can provide the size of abnormal index, simple to operate, quick, due to verification certificate/login whether be extremely Passage time node data is judged, therefore accuracy is high.
2nd, the acquisition system of the abnormal index based on timing node of example of the present invention, user is obtained by collecting unit and existed Successful verification certificate/logon data in history preset time section;Unit is established according to the success verification certificate/login by custom table Data, create verification certificate/login according to timing node order and be accustomed to table;Newest verification certificate/login is obtained by abnormal deciding means The timing node of data, with the verification certificate/login custom table contrast, judge whether the verification certificate/login is abnormal, is looked into according to deviation The duration interval of the normal value of timing node on list/login custom table filters out abnormal index high score data and investigated, and enters One step determines whether abnormal verification certificate/login, effectively improves the security of account.
3. the acquisition equipment of the abnormal index based on timing node of example of the present invention, by being stored with computer program Computer-readable medium, described program are run for creating verification certificate/login custom table, by each timing node and verification certificate/ Log in custom table to compare, judge whether exception, the abnormal verification certificate/login shoots straight.
Brief description of the drawings
Fig. 1 is flow chart of the present invention.
Embodiment
In order to be better understood by technical scheme, with reference to specific embodiment, Figure of description to the present invention It is described further.
Embodiment one:
As shown in figure 1, a kind of acquisition methods of the abnormal index based on timing node are present embodiments provided, including:
1) half a year verification certificate/logon data in the past is obtained;
2) data of successfully verification certificate/login are screened;
3) it polymerize according to the timing node (per hour) of job number, verification certificate/login and is successfully looked into altogether in each small time point per job number The number of list/login;
4) average value (mean) and standard deviation (sd) of half a year verification certificate/login times in the past are counted according to job number;
5) each small time point is begun stepping through from 0 point:
Define minimum verification certificate/login times Count=mean-1 × sd of each user;
Travel through for the first time:
If the small time point verification certificate/login times are more than or equal to Count, 1 is masked as;
If the small time point verification certificate/login times are less than Count, but the small time point of a neighbouring hour is more than or equal to Count, it is masked as 1;
Second of traversal:
The small time point " isolated " is checked whether, if by traveling through for the first time, having time be present does not have a flag bit 1, but
Two are masked as among 1 small time point, then are masked as 2;Other times point is masked as 0, forms user's verification certificate/login Time is accustomed to table;
6) user less than 1 month is added up for verification certificate/logon data, not carrying out verification certificate/login time point to the user beats Label;
7) when new verification certificate/logon data to user is handled:
If the verification certificate of user/login time point contrast user verification certificate/login custom table, if the label of the time point is 1 or 2, Then the abnormal index of the verification certificate/login is 0%;
If the verification certificate/login time point is from nearest one 1 or 2 labels, 1 to 2 hours of distance, exceptional value is arranged to 50%;
3 hours of distance, exceptional value are arranged to 80%;
4 hour arrangement above of distance are 100%;
If user is entered as 0% without history tab, abnormal index.
The timing node of newest verification certificate/logon data is obtained by abnormal deciding means, is accustomed to the verification certificate/login Table contrasts, and judges whether the verification certificate/login is abnormal, according to the normal value for deviateing the timing node on verification certificate/login custom table Duration interval filters out abnormal index high score data and investigated, and further determines whether for abnormal verification certificate/login, to effectively improve The security of account.
A kind of acquisition system of the abnormal index based on timing node is present embodiments provided, including:
Collecting unit:Obtain successful verification certificate/logon data of the user in history preset time section;
Custom table establishes unit:According to the success verification certificate/logon data, verification certificate/step on is created according to timing node order Record custom table;
Abnormal deciding means:The timing node of newest verification certificate/logon data is obtained, with the verification certificate/login custom table Contrast, judge whether the verification certificate/login is abnormal.
A kind of acquisition equipment of the abnormal index based on timing node is present embodiments provided, including is stored with computer journey The computer-readable medium of sequence, described program are run for performing:
Obtain successful verification certificate/logon data of the user in history preset time section;
According to the success verification certificate/logon data, create verification certificate/login according to timing node order and be accustomed to table;
The timing node of newest verification certificate/logon data is obtained, with the verification certificate/login custom table contrast;
If the normal value of timing node where newest verification certificate/logon data and the timing node on verification certificate/login custom table Duration interval be less than or equal to predetermined threshold value, then be normal verification certificate/login;
If the normal value of timing node where newest verification certificate/logon data and the timing node on verification certificate/login custom table Duration interval be more than predetermined threshold value, then be abnormal verification certificate/login, and according to the time interval obtain abnormal index.
Embodiment two
The present embodiment repeats no more with the identical feature of embodiment one, and the present embodiment feature different from embodiment one exists In:
In the acquisition methods of the abnormal index based on timing node of the present embodiment,
4) average value (mean) and standard deviation (sd) of half a year verification certificate/login times in the past are counted according to job number;
5) each small time point is begun stepping through from 0 point:
Define minimum verification certificate/login times Count=mean-2 × sd of each user;
7) when new verification certificate/logon data to user is handled:
If the verification certificate/login time point is from nearest one 1 or 2 labels, 1 to 2 hours of distance, exceptional value is arranged to 60%;
3 hours of distance, exceptional value are arranged to 85%;
4 hour arrangement above of distance are 100%.
Embodiment three
The present embodiment repeats no more with the identical feature of embodiment one, and the present embodiment feature different from embodiment one exists In:
In the acquisition methods of the abnormal index based on timing node of the present embodiment,
4) average value (mean) and standard deviation (sd) of half a year verification certificate/login times in the past are counted according to job number;
5) each small time point is begun stepping through from 0 point:
Define minimum verification certificate/login times Count=mean of each user.
Example IV
The present embodiment repeats no more with the identical feature of embodiment one, and the present embodiment feature different from embodiment one exists In:
In the acquisition methods of the abnormal index based on timing node of the present embodiment,
Obtain 1 year verification certificate/logon data in the past.
Verification certificate/login time point (per half an hour) polymerization succeeded the number of verification certificate/login altogether per job number in each and a half hours point.
Above description is only the preferred embodiment of the application and the explanation to institute's application technology principle.People in the art Member should be appreciated that invention scope involved in the application, however it is not limited to the technology that the particular combination of above-mentioned technical characteristic forms Scheme, while should also cover in the case where not departing from the inventive concept, carried out by above-mentioned technical characteristic or its equivalent feature The other technical schemes for being combined and being formed.Such as features described above has similar work(with (but not limited to) disclosed herein Energy.

Claims (10)

1. a kind of acquisition methods of the abnormal index based on timing node, it is characterized in that,
Obtain successful verification certificate/logon data of the user in history preset time section;
According to the success verification certificate/logon data, create verification certificate/login according to timing node order and be accustomed to table;
The timing node of newest verification certificate/logon data is obtained, with the verification certificate/login custom table contrast;
If timing node where newest verification certificate/logon data and the normal value of the timing node on verification certificate/login custom table when Long interval is less than or equal to predetermined threshold value, then is normal verification certificate/login;
If timing node where newest verification certificate/logon data and the normal value of the timing node on verification certificate/login custom table when Long interval is more than predetermined threshold value, then is abnormal verification certificate/login, and abnormal index is taken according to duration interval generation.
2. the acquisition methods of the abnormal index according to claim 1 based on timing node, it is characterized in that,
It is described to include according to timing node order establishment verification certificate/login custom table:
Minimum verification certificate/login times in each timing node of user in acquisition history preset time section;
Each timing node is traveled through, verification certificate/login times of each timing node and minimum verification certificate/login times are contrasted,
If being more than or equal to minimum verification certificate/login times, by the timing node labeled as the first mark;
If it is less than minimum verification certificate/login times, and adjacent timing node is the first mark, then by the timing node labeled as the One mark;
Generation custom table.
3. the acquisition methods of the abnormal index according to claim 2 based on timing node, it is characterized in that, it is pre- to obtain history If minimum verification certificate/login times include in each timing node of user in time section:
Number of the counting user in the success verification certificate/login of each timing node;
Calculate the average value and standard deviation of its verification certificate/login times;
Define minimum verification certificate/login times=average value-n × standard deviation of user;
Wherein, n=0-2.
4. the acquisition methods of the abnormal index according to claim 2 based on timing node, it is characterized in that, it is accustomed in generation Also include before table,
Search the isolated timing node of unmarked first mark;
The position of isolated timing node is obtained, judges the timing node whether between two first marks;
If so, then by the isolated timing node labeled as the second mark;
If it is not, then by the isolated timing node labeled as the 3rd mark.
5. the acquisition methods of the abnormal index according to claim 4 based on timing node, it is characterized in that, if newest look into The distance of timing node where list/logon data and the normal value of the timing node on verification certificate/login custom table is more than default threshold Value, abnormal index is generated according to the duration interval, including:
Judge that the newest verification certificate/login time nodal distance first identifies or second identifies whether in the range of default duration, To be abnormal if preset duration scope is exceeded, and abnormal index is generated according to its when long range beyond preset duration scope.
6. the acquisition methods of the abnormal index according to claim 4 based on timing node, it is characterized in that, if newest look into The distance of timing node where list/logon data and the normal value of the timing node on verification certificate/login custom table is less than or equal to pre- If threshold value, including:
Judge that the newest verification certificate/login time nodal distance first identifies or second identifies whether in the range of default duration, It is normal if not less than preset duration scope.
7. the acquisition methods of the abnormal index according to claim 5 based on timing node, it is characterized in that, it is described according to it When acquisition abnormal index over long distances beyond preset duration scope includes:
Exception level is divided according to duration interval, and generates abnormal index corresponding to exception level.
8. the acquisition methods of the abnormal index according to claim 7 based on timing node, it is characterized in that, it is described according to when Interval division exception level is grown, and generate abnormal index corresponding to exception level to include:
The timing node of whether corresponding first mark of the newest verification certificate/login time node or the second mark is judged, if so, then different Ordinary index is 0%;
The duration of the first nearest mark of the newest verification certificate/login time nodal distance or the second mark is judged, if duration is less than Two hours, then abnormal index is 50%;
The duration of the first nearest mark of the newest verification certificate/login time nodal distance or the second mark is judged, if duration is more than It is less than within two hours three hours, then abnormal index is 80%;
The duration of the first nearest mark of the newest verification certificate/login time nodal distance or the second mark is judged, if duration is more than Four hours, then abnormal index is 100%.
9. a kind of acquisition system of the abnormal index based on timing node, it is characterized in that, including:
Collecting unit:Obtain successful verification certificate/logon data of the user in history preset time section;
Custom table establishes unit:According to the success verification certificate/logon data, create verification certificate/login according to timing node order and practise Used table;
Abnormal deciding means:The timing node of newest verification certificate/logon data is obtained, is contrasted with the verification certificate/login custom table, Judge whether the verification certificate/login is abnormal.
10. a kind of acquisition equipment of the abnormal index based on timing node, it is characterized in that, including it is stored with the meter of computer program Calculation machine computer-readable recording medium, described program are run for performing:
Obtain successful verification certificate/logon data of the user in history preset time section;
According to the success verification certificate/logon data, create verification certificate/login according to timing node order and be accustomed to table;
The timing node of newest verification certificate/logon data is obtained, with the verification certificate/login custom table contrast;
If timing node where newest verification certificate/logon data and the normal value of the timing node on verification certificate/login custom table when Long interval is less than or equal to predetermined threshold value, then is normal verification certificate/login;
If timing node where newest verification certificate/logon data and the normal value of the timing node on verification certificate/login custom table when Long interval is more than predetermined threshold value, then is abnormal verification certificate/login, and obtains abnormal index according to the time interval.
CN201710579192.XA 2017-07-17 2017-07-17 Method, system and equipment for acquiring anomaly index based on time node Active CN107395585B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710579192.XA CN107395585B (en) 2017-07-17 2017-07-17 Method, system and equipment for acquiring anomaly index based on time node

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710579192.XA CN107395585B (en) 2017-07-17 2017-07-17 Method, system and equipment for acquiring anomaly index based on time node

Publications (2)

Publication Number Publication Date
CN107395585A true CN107395585A (en) 2017-11-24
CN107395585B CN107395585B (en) 2019-12-27

Family

ID=60339896

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710579192.XA Active CN107395585B (en) 2017-07-17 2017-07-17 Method, system and equipment for acquiring anomaly index based on time node

Country Status (1)

Country Link
CN (1) CN107395585B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114500315A (en) * 2021-12-31 2022-05-13 深圳云天励飞技术股份有限公司 Equipment state monitoring method and device, computer equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102325062A (en) * 2011-09-20 2012-01-18 北京神州绿盟信息安全科技股份有限公司 Abnormal login detecting method and device
CN103532797A (en) * 2013-11-06 2014-01-22 网之易信息技术(北京)有限公司 Abnormity monitoring method and device for user registration
CN104796275A (en) * 2014-01-21 2015-07-22 腾讯科技(深圳)有限公司 Abnormal state processing method, system and device
CN105471819A (en) * 2014-08-19 2016-04-06 腾讯科技(深圳)有限公司 Account abnormity detection method and account abnormity detection device
US20160255078A1 (en) * 2014-01-24 2016-09-01 Tencent Technology (Shenzhen) Company Limited Method and system for verifying an account operation
CN106126996A (en) * 2016-07-15 2016-11-16 北京元支点信息安全技术有限公司 The safe logging method of a kind of Behavior-based control rule and system
CN106936806A (en) * 2015-12-31 2017-07-07 阿里巴巴集团控股有限公司 A kind of recognition methods of account abnormal login and device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102325062A (en) * 2011-09-20 2012-01-18 北京神州绿盟信息安全科技股份有限公司 Abnormal login detecting method and device
CN103532797A (en) * 2013-11-06 2014-01-22 网之易信息技术(北京)有限公司 Abnormity monitoring method and device for user registration
CN104796275A (en) * 2014-01-21 2015-07-22 腾讯科技(深圳)有限公司 Abnormal state processing method, system and device
US20160255078A1 (en) * 2014-01-24 2016-09-01 Tencent Technology (Shenzhen) Company Limited Method and system for verifying an account operation
CN105471819A (en) * 2014-08-19 2016-04-06 腾讯科技(深圳)有限公司 Account abnormity detection method and account abnormity detection device
CN106936806A (en) * 2015-12-31 2017-07-07 阿里巴巴集团控股有限公司 A kind of recognition methods of account abnormal login and device
CN106126996A (en) * 2016-07-15 2016-11-16 北京元支点信息安全技术有限公司 The safe logging method of a kind of Behavior-based control rule and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114500315A (en) * 2021-12-31 2022-05-13 深圳云天励飞技术股份有限公司 Equipment state monitoring method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN107395585B (en) 2019-12-27

Similar Documents

Publication Publication Date Title
CN107172104B (en) Login abnormity detection method, system and equipment
CN110008254B (en) Transformer equipment standing book checking processing method
CN106506556A (en) A kind of network flow abnormal detecting method and device
CN106250258B (en) A kind of disk failure localization method and device
JP2008192091A (en) Log analysis program, log analysis device, and log analysis method
CN107645709A (en) A kind of method and device for determining personal information
CN110209675A (en) Credit data querying method and its device on block chain
CN107346478A (en) Shipping paths planning method, server and system based on historical data
CN104317823A (en) Method for carrying out data detection by utilizing data fingerprints
CN110197133A (en) It will test the method and apparatus that waveform is aligned
CN110222483A (en) Data processing method, data processing equipment, terminal and storage medium
CN107357712A (en) A kind of verification certificate method for detecting abnormality, system and equipment
CN117272386A (en) Internet big data information security encryption method, device, equipment and system
CN107395585A (en) A kind of acquisition methods, system and the equipment of the abnormal index based on timing node
CN109144801A (en) It is a kind of to be directed to the test method of MOC card, device and equipment in server
CN105046147B (en) The monitoring method and device of system under fire degree
CN105991574A (en) Risk behavior monitoring method and apparatus thereof
CN106503071A (en) The processing method and processing device of POI
CN109344604A (en) A kind of method and system judging user password risk based on user's habit
CN111814459A (en) Traffic rule data processing method and device, storage medium and electronic equipment
CN108399266A (en) Data pick-up method, apparatus, electronic equipment and computer readable storage medium
JP7081695B2 (en) Priority determination device, priority determination method, and control program
CN108229586B (en) The detection method and system of a kind of exceptional data point in data
CN115660622A (en) Data processing method and system applied to travel
CN110232525A (en) A kind of business risk monitoring method, device, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant