CN110991865A - Intelligent threat analysis method for operation and maintenance auditing system - Google Patents
Intelligent threat analysis method for operation and maintenance auditing system Download PDFInfo
- Publication number
- CN110991865A CN110991865A CN201911200459.5A CN201911200459A CN110991865A CN 110991865 A CN110991865 A CN 110991865A CN 201911200459 A CN201911200459 A CN 201911200459A CN 110991865 A CN110991865 A CN 110991865A
- Authority
- CN
- China
- Prior art keywords
- maintenance
- account
- host
- portrait
- early warning
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012423 maintenance Methods 0.000 title claims abstract description 128
- 238000004458 analytical method Methods 0.000 title claims abstract description 43
- 238000010801 machine learning Methods 0.000 claims abstract description 15
- 230000006399 behavior Effects 0.000 claims description 8
- 230000006870 function Effects 0.000 claims description 8
- 238000000034 method Methods 0.000 claims description 5
- 230000006872 improvement Effects 0.000 description 5
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3438—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/20—Administration of product repair or maintenance
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Quality & Reliability (AREA)
- Economics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Marketing (AREA)
- Operations Research (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Game Theory and Decision Science (AREA)
- Artificial Intelligence (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Medical Informatics (AREA)
- Educational Administration (AREA)
- Computing Systems (AREA)
- Development Economics (AREA)
- Mathematical Physics (AREA)
- Computer Hardware Design (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention provides an intelligent threat analysis method of an operation and maintenance auditing system, which comprises the following steps: 1.1) obtaining host resource information needing to be managed in an operation and maintenance auditing system, and using the host resource information as a host resource list needing to be managed; 1.2) configuring an orphan account number judgment condition; 1.3), configuring a ghost account number and an orphan account number early warning period; 1.4), configuring an early warning channel; 1.5), executing a host account scanning task; 1.6), taking the host resource information which does not belong to the host resource list needing hosting obtained in the step 1.1 in the host resource account list obtained in the step 1.5 as a ghost account; 1.7) the host resource information meeting the judgment condition of the orphan account obtained in the step 1.2 is used as the orphan account; 1.8), sending early warning information. The invention defines an orphan account number, a ghost account number and a threat analysis method, collects the operation habits of an operation and maintenance user through machine learning, and carries out operation and maintenance threat analysis and early warning through establishing an operation and maintenance user portrait mode.
Description
Technical Field
The invention relates to an intelligent threat analysis method, in particular to an intelligent threat analysis method of an operation and maintenance auditing system.
Background
With more and more data leakage events in China being exposed, operation and maintenance operation accidents frequently occur in large-scale enterprises, so that direct economic loss and negative effects are caused, and enterprise units pay more and more attention to IT operation and maintenance internal control safety; with the implementation of the network security law, the law and regulation of related policies such as the equal insurance of 2.0 and the like, the requirement on operation and maintenance audit is higher and higher; while the existing operation and maintenance auditing system products in China have basic access control and operation and maintenance auditing functions and meet the basic requirements of customers, threat risk early warning which is possibly more intuitive and more accurate cannot be provided, for example, a corresponding threat analysis model is established from massive auditing logs through machine learning; for example, the host resource account number hosted by the operation and maintenance auditing system is regularly checked, and the behavior of illegal unauthorized account number establishment is alarmed.
Although the existing operation and maintenance auditing system products in China have basic access control and operation and maintenance auditing functions and meet the basic requirements of customers, threat risk early warning which is possibly more intuitive and more accurate cannot be provided, for example, a corresponding threat analysis model is established from massive auditing logs through machine learning; for example, the host resource account number hosted by the operation and maintenance auditing system is regularly checked, and the behavior of illegal unauthorized account number establishment is alarmed.
Accordingly, there is a need for improvements in the art.
Disclosure of Invention
The invention aims to provide an efficient intelligent threat analysis method for an operation and maintenance auditing system.
In order to solve the technical problem, the invention provides an intelligent threat analysis method of an operation and maintenance auditing system, which comprises the following steps:
1.1) obtaining host resource information needing to be managed in an operation and maintenance auditing system, and using the host resource information as a host resource list needing to be managed;
1.2) configuring an orphan account number judgment condition;
1.3), configuring a ghost account number and an orphan account number early warning period;
1.4), configuring an early warning channel;
1.5) executing a host account scanning task according to the statistical time period to obtain a host resource account list;
1.6), taking the host resource information which does not belong to the host resource list needing hosting obtained in the step 1.1 in the host resource account list obtained in the step 1.5 as a ghost account to obtain a ghost account list;
1.7), in the host resource list needing to be managed obtained in the step 1.1, the host resource information meeting the judgment condition of the orphan account obtained in the step 1.2 is used as the orphan account to obtain an orphan account list;
1.8) sending the corresponding ghost account list and the orphan account list to early warning information through an early warning channel.
The intelligent threat analysis method of the operation and maintenance auditing system is improved as follows:
step 1.1, the host resource information to be managed includes basic information such as an IP, a host name, an account name, a password and the like.
As a further improvement of the intelligent threat analysis method of the operation and maintenance auditing system, the method comprises the following steps:
step 1.2, the judgment conditions of the orphan account are as follows: and counting the time period and how long the unused account is an orphan account.
As a further improvement of the intelligent threat analysis method of the operation and maintenance auditing system, the method comprises the following steps:
step 1.4, configuring an early warning file encryption password by using an early warning channel of a mailbox, a short message and the like;
step 1.8, after encrypting the corresponding ghost account and the orphan account list through the early warning file encryption password, sending early warning information through an early warning channel preset in step 1.4.
The invention also provides an operation and maintenance portrait threat analysis method, which comprises the following steps:
2.1), starting a machine;
2.2) configuring and selecting operation and maintenance portrait analysis dimensions;
in step 2.2, the operation and maintenance portrait analysis dimension comprises a source IP, an operation and maintenance host access time period, an operation and maintenance operation instruction, file uploading, file downloading and the like;
2.3), configuring a credibility threshold percentage;
2.4) obtaining operation and maintenance data;
2.5) obtaining an portrait database according to the operation and maintenance portrait analysis dimensionality obtained in the step 2.2, the configuration credibility threshold percentage obtained in the step 2.3 and the operation and maintenance data obtained in the step 2.4;
2.6), starting the operation and maintenance portrait threat early warning function;
2.7) comparing and analyzing the operation and maintenance access operation behaviors with the operation and maintenance portrait, and performing threat early warning if the operation and maintenance behaviors outside the portrait are found.
As an improvement on the operation and maintenance portrait threat analysis method of the invention:
in step 2.2, the operation and maintenance portrait analysis dimension includes source IP, access time period of the operation and maintenance host, operation and maintenance operation instruction, file uploading, file downloading, etc.
As a further improvement to the operation and maintenance portrait threat analysis method of the invention:
step 2.5 comprises;
2.5.1), counting the times of logging in the source IP of the operation and maintenance auditing system by the operation and maintenance personnel, abandoning the source IP data beyond the credible threshold percentage, and establishing a source IP image library;
2.5.2) counting the time period heat of the operation and maintenance personnel accessing each host, abandoning the access time periods except the credible threshold percentage, and establishing an operation and maintenance host access time image library;
2.5.3) counting the frequency of operation instructions executed by the operation and maintenance personnel in each host, discarding operation instructions beyond the percentage of a credible threshold value, and establishing an operation and maintenance operation instruction image library;
2.5.4) counting the host frequency and time heat of the file uploaded by the operation and maintenance staff, discarding data outside the credible threshold percentage, and establishing a file uploading image library;
2.5.5), counting the host frequency and time heat of file downloading by the operation and maintenance personnel, discarding data beyond the credible threshold percentage, and establishing a file downloading image library;
2.5.6) and by machine learning in a certain time period, the portrait data of all dimensions are integrated to establish independent operation and maintenance portrait for each operator, and the portrait accuracy is improved by continuous machine learning.
The intelligent threat analysis method of the operation and maintenance auditing system has the technical advantages that:
the invention defines an orphan account number, a ghost account number and a threat analysis method, collects the operation habits of an operation and maintenance user through machine learning, and carries out operation and maintenance threat analysis and early warning through establishing an operation and maintenance user portrait mode.
On the basis of host resource information hosted by an operation and maintenance auditing system and operation and maintenance data generated after operation and maintenance operation, key technologies such as mathematical modeling, machine learning and big data analysis are combined to find ghost account and orphan account threats in time, and each operation and maintenance person is drawn with an operation and maintenance portrait, including but not limited to common operation and maintenance time periods, common operation and maintenance servers, common operation instructions and the like, to generated high-risk operation, illegal operation and abnormal behavior are analyzed and alarmed, and effective early warning can be performed on unknown operation and maintenance risks.
Drawings
The following describes embodiments of the present invention in further detail with reference to the accompanying drawings.
FIG. 1 is a schematic flow chart of an account threat analysis according to the present invention;
FIG. 2 is a schematic diagram of the operation and maintenance portrait threat warning process.
Detailed Description
The invention will be further described with reference to specific examples, but the scope of the invention is not limited thereto.
Embodiment 1, an intelligent threat analysis method of an operation and maintenance auditing system, as shown in fig. 1-2, includes account threat analysis and operation and maintenance portrait threat analysis.
1. The account threat analysis module is used for:
brief description of module functions: the module is divided into two parts, wherein one part is mainly used for carrying out regular comparison analysis on a host resource account and an account system hosted by an operation and maintenance auditing system, finding out an unmanaged host resource account in time and carrying out early warning; and secondly, periodically analyzing the account numbers which are managed in the operation and maintenance auditing system, early warning the account numbers which are not used for a long time, and timely cleaning the account numbers.
The method comprises the following implementation steps:
1.1), adding and importing all host resource information needing to be hosted in an operation and maintenance auditing system to serve as a host resource list needing to be hosted;
the host resource information to be managed comprises basic information such as IP, host name, account name, password and the like;
1.2), configuring an orphan account counting time period (namely how often a scanning task is triggered), and setting an account which is not used for a long time as an orphan account;
1.3), configuring a ghost account number and an orphan account number early warning period;
1.4), configuring an early warning channel, such as a mailbox, a short message and the like, and configuring an early warning file encryption password;
1.5) executing a regular host account scanning task according to the statistical time period to obtain a host resource account list which mainly comprises information such as a host IP (Internet protocol), an account name and the like;
1.6) comparing the host resource account list obtained in the step 1.5 with the host resource list needing hosting and obtained in the step 1.1 to obtain a ghost account list;
and (3) taking the host resource information which does not belong to the host resource list needing hosting obtained in the step (1.1) in the host resource account list obtained in the step (1.5) as a ghost account.
For example, an account list which is manually input is arranged in the operation and maintenance auditing system, when a host account is scanned, an account list which exists in a target host is taken, and a comparison result shows that part of accounts exist in the host but are not managed in the operation and maintenance auditing system, and the part of accounts are defined as ghost accounts, which may be created by a person through theft or not managed in time, so that certain risk exists. The ghost account is an account which does not exist in a host resource list hosted in the operation and maintenance auditing system, but actually exists in the host.
1.7), executing an orphan account counting task, analyzing a host account used by no one in a configured time period according to the host resource list needing to be managed in the step 1.1, and obtaining an orphan account list;
and (3) in the host resource list needing to be managed obtained in the step (1.1), the host resource information meeting the unused time in the step (1.2) is used as an orphan account.
The configuration time period refers to a time period artificially defined, such as one month, when an orphan account counting task is executed, the last use time of an account hosted in an operation and maintenance auditing system is analyzed, and if the last use time exceeds one month, the orphan account is determined.
1.8) after encrypting the corresponding ghost account and the orphan account list through an early warning file encryption password, sending early warning information through a preset early warning channel.
2. Operation and maintenance portrait threat analysis module
Description of the module function:
the module establishes a unique operation and maintenance portrait for each operation and maintenance person mainly through a machine learning and data modeling mode, and carries out threat early warning if operations which appear outside the operation and maintenance portrait range are found, such as logging in a host in a common operation and maintenance time period, operating contents being out of an expected range, downloading files irregularly and the like.
2.1), starting a machine learning function;
2.2) configuring and checking operation and maintenance portrait analysis dimensions, source IP, operation and maintenance host access time period, operation and maintenance operation instructions, file uploading, file downloading and the like;
2.3) configuring a credibility threshold percentage, wherein the threshold is used for filtering operation and maintenance sample data, abandoning sample data with larger deviation and improving the credibility of the operation and maintenance portrait;
for example, for a source IP, there may be 100 source IPs in a period of time, but the number of accesses is different, and some IPs may be accessed frequently, and a threshold (a percentage of a trusted threshold), for example, 90%, is set at this time, then 10% of the 100 source IPs with the least access frequency is discarded, so as to prevent dirty data from affecting the accuracy of the image, and the trusted threshold needs to be continuously adjusted and found during the actual use.
2.4) executing operation and maintenance operation to generate operation and maintenance data, and enabling the operation and maintenance data to enter a machine learning module for processing;
2.5), a machine learning module data processing principle;
2.5.1), counting the times of logging in the source IP of the operation and maintenance auditing system by the operation and maintenance personnel, abandoning the source IP data beyond the credible threshold percentage, and establishing a source IP image library;
2.5.2) counting the time period heat of the operation and maintenance personnel accessing each host, abandoning the access time periods except the credible threshold percentage, and establishing an operation and maintenance host access time image library;
2.5.3) counting the frequency of operation instructions executed by the operation and maintenance personnel in each host, discarding operation instructions beyond the percentage of a credible threshold value, and establishing an operation and maintenance operation instruction image library;
2.5.4) counting the host frequency and time heat of the file uploaded by the operation and maintenance staff, discarding data outside the credible threshold percentage, and establishing a file uploading image library;
2.5.5), counting the host frequency and time heat of file downloading by the operation and maintenance personnel, discarding data beyond the credible threshold percentage, and establishing a file downloading image library;
2.5.6), by machine learning in a certain time period, integrating the portrait data of all dimensions, establishing independent operation and maintenance portrait of each operator, and improving portrait accuracy by continuous machine learning;
2.6), starting the operation and maintenance portrait threat early warning function;
2.7) comparing and analyzing the operation and maintenance access operation behaviors with the operation and maintenance portrait, and performing threat early warning if the operation and maintenance behaviors outside the portrait are found.
Finally, it is also noted that the above-mentioned lists merely illustrate a few specific embodiments of the invention. It is obvious that the invention is not limited to the above embodiments, but that many variations are possible. All modifications which can be derived or suggested by a person skilled in the art from the disclosure of the present invention are to be considered within the scope of the invention.
Claims (7)
1. The intelligent threat analysis method of the operation and maintenance auditing system is characterized by comprising the following steps: the method comprises the following steps:
1.1) obtaining host resource information needing to be managed in an operation and maintenance auditing system, and using the host resource information as a host resource list needing to be managed;
1.2) configuring an orphan account number judgment condition;
1.3), configuring a ghost account number and an orphan account number early warning period;
1.4), configuring an early warning channel;
1.5) executing a host account scanning task according to the statistical time period to obtain a host resource account list;
1.6), taking the host resource information which does not belong to the host resource list needing hosting obtained in the step 1.1 in the host resource account list obtained in the step 1.5 as a ghost account to obtain a ghost account list;
1.7), in the host resource list needing to be managed obtained in the step 1.1, the host resource information meeting the judgment condition of the orphan account obtained in the step 1.2 is used as the orphan account to obtain an orphan account list;
1.8) sending the corresponding ghost account list and the orphan account list to early warning information through an early warning channel.
2. The intelligent threat analysis method of the operation and maintenance auditing system of claim 1, characterized in that:
step 1.1, the host resource information to be managed includes basic information such as an IP, a host name, an account name, a password and the like.
3. The intelligent threat analysis method of the operation and maintenance auditing system of claim 2, characterized in that:
step 1.2, the judgment conditions of the orphan account are as follows: and counting the time period and how long the unused account is an orphan account.
4. The intelligent threat analysis method of the operation and maintenance auditing system of claim 3, characterized in that:
step 1.4, configuring an early warning file encryption password by using an early warning channel of a mailbox, a short message and the like;
step 1.8, after encrypting the corresponding ghost account and the orphan account list through the early warning file encryption password, sending early warning information through an early warning channel preset in step 1.4.
5. The operation and maintenance portrait threat analysis method is characterized by comprising the following steps: comprises the following steps:
2.1), starting a machine;
2.2) configuring and selecting operation and maintenance portrait analysis dimensions;
in step 2.2, the operation and maintenance portrait analysis dimension comprises a source IP, an operation and maintenance host access time period, an operation and maintenance operation instruction, file uploading, file downloading and the like;
2.3), configuring a credibility threshold percentage;
2.4) obtaining operation and maintenance data;
2.5) obtaining an portrait database according to the operation and maintenance portrait analysis dimensionality obtained in the step 2.2, the configuration credibility threshold percentage obtained in the step 2.3 and the operation and maintenance data obtained in the step 2.4;
2.6), starting the operation and maintenance portrait threat early warning function;
2.7) comparing and analyzing the operation and maintenance access operation behaviors with the operation and maintenance portrait, and performing threat early warning if the operation and maintenance behaviors outside the portrait are found.
6. The operation and maintenance portrait threat analysis method of claim 5, wherein:
in step 2.2, the operation and maintenance portrait analysis dimension includes source IP, access time period of the operation and maintenance host, operation and maintenance operation instruction, file uploading, file downloading, etc.
7. The operation and maintenance portrait threat analysis method of claim 6, wherein:
step 2.5 comprises;
2.5.1), counting the times of logging in the source IP of the operation and maintenance auditing system by the operation and maintenance personnel, abandoning the source IP data beyond the credible threshold percentage, and establishing a source IP image library;
2.5.2) counting the time period heat of the operation and maintenance personnel accessing each host, abandoning the access time periods except the credible threshold percentage, and establishing an operation and maintenance host access time image library;
2.5.3) counting the frequency of operation instructions executed by the operation and maintenance personnel in each host, discarding operation instructions beyond the percentage of a credible threshold value, and establishing an operation and maintenance operation instruction image library;
2.5.4) counting the host frequency and time heat of the file uploaded by the operation and maintenance staff, discarding data outside the credible threshold percentage, and establishing a file uploading image library;
2.5.5), counting the host frequency and time heat of file downloading by the operation and maintenance personnel, discarding data beyond the credible threshold percentage, and establishing a file downloading image library;
2.5.6) and by machine learning in a certain time period, the portrait data of all dimensions are integrated to establish independent operation and maintenance portrait for each operator, and the portrait accuracy is improved by continuous machine learning.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911200459.5A CN110991865A (en) | 2019-11-29 | 2019-11-29 | Intelligent threat analysis method for operation and maintenance auditing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911200459.5A CN110991865A (en) | 2019-11-29 | 2019-11-29 | Intelligent threat analysis method for operation and maintenance auditing system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110991865A true CN110991865A (en) | 2020-04-10 |
Family
ID=70088236
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911200459.5A Pending CN110991865A (en) | 2019-11-29 | 2019-11-29 | Intelligent threat analysis method for operation and maintenance auditing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110991865A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113347203A (en) * | 2021-06-29 | 2021-09-03 | 深信服科技股份有限公司 | Network attack detection method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105893212A (en) * | 2016-04-28 | 2016-08-24 | 北京数智源科技股份有限公司 | Audit data security control and display system |
| CN107368521A (en) * | 2017-06-06 | 2017-11-21 | 广东广业开元科技有限公司 | A kind of Promote knowledge method and system based on big data and deep learning |
| CN108540431A (en) * | 2017-03-03 | 2018-09-14 | 阿里巴巴集团控股有限公司 | The recognition methods of account type, device and system |
| CN109376527A (en) * | 2018-09-29 | 2019-02-22 | 广州江南科友科技股份有限公司 | A kind of management method and system based on receipts and trustship in account |
| CN110020687A (en) * | 2019-04-10 | 2019-07-16 | 北京神州泰岳软件股份有限公司 | Abnormal behaviour analysis method and device based on operator's Situation Awareness portrait |
-
2019
- 2019-11-29 CN CN201911200459.5A patent/CN110991865A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105893212A (en) * | 2016-04-28 | 2016-08-24 | 北京数智源科技股份有限公司 | Audit data security control and display system |
| CN108540431A (en) * | 2017-03-03 | 2018-09-14 | 阿里巴巴集团控股有限公司 | The recognition methods of account type, device and system |
| CN107368521A (en) * | 2017-06-06 | 2017-11-21 | 广东广业开元科技有限公司 | A kind of Promote knowledge method and system based on big data and deep learning |
| CN109376527A (en) * | 2018-09-29 | 2019-02-22 | 广州江南科友科技股份有限公司 | A kind of management method and system based on receipts and trustship in account |
| CN110020687A (en) * | 2019-04-10 | 2019-07-16 | 北京神州泰岳软件股份有限公司 | Abnormal behaviour analysis method and device based on operator's Situation Awareness portrait |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113347203A (en) * | 2021-06-29 | 2021-09-03 | 深信服科技股份有限公司 | Network attack detection method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220210200A1 (en) | Ai-driven defensive cybersecurity strategy analysis and recommendation system | |
| US20220224723A1 (en) | Ai-driven defensive cybersecurity strategy analysis and recommendation system | |
| US7401083B2 (en) | Methods and systems for managing user access to computer software application programs | |
| US20170295197A1 (en) | Method and system to detect discrepancy in infrastructure security configurations from translated security best practice configurations in heterogeneous environments | |
| US8280844B2 (en) | Anomalous activity detection | |
| US11727143B2 (en) | Live discovery of enterprise threats based on security query activity | |
| US20150121461A1 (en) | Method and system for detecting unauthorized access to and use of network resources with targeted analytics | |
| CN104717085B (en) | A kind of daily record analysis method and device | |
| US20140337971A1 (en) | Computer infrastructure security management | |
| US20170214711A1 (en) | Creating a security report for a customer network | |
| KR20140035146A (en) | Apparatus and method for information security | |
| US11775639B2 (en) | File integrity monitoring | |
| CN111177480B (en) | Block chain directory archive system | |
| CN113516337A (en) | Method and device for monitoring data security operation | |
| CN113034028A (en) | Responsibility traceability confirmation system | |
| GB2614426A (en) | Enterprise network threat detection | |
| JP2004054706A (en) | Security risk management system, program, and recording medium thereof | |
| WO2023064007A1 (en) | Augmented threat investigation | |
| CN110991865A (en) | Intelligent threat analysis method for operation and maintenance auditing system | |
| GB2618652A (en) | Aggregating security events | |
| Velpula et al. | Behavior-anomaly-based system for detecting insider attacks and data mining | |
| US20230247048A1 (en) | Early malware detection | |
| US20230334150A1 (en) | Restricted execution mode for network-accessible devices | |
| US20220385683A1 (en) | Threat management using network traffic to determine security states | |
| Alam et al. | DATA QUALITY FOR IOT |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200410 |