CN113486342A - Information security processing method and system based on user behavior analysis - Google Patents
Information security processing method and system based on user behavior analysis Download PDFInfo
- Publication number
- CN113486342A CN113486342A CN202110770162.3A CN202110770162A CN113486342A CN 113486342 A CN113486342 A CN 113486342A CN 202110770162 A CN202110770162 A CN 202110770162A CN 113486342 A CN113486342 A CN 113486342A
- Authority
- CN
- China
- Prior art keywords
- query request
- request information
- information
- target
- historical
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The application provides an information security processing method and system based on user behavior analysis, and relates to the technical field of information security. In the application, firstly, target query request information for performing information query on target internet of things equipment is obtained; secondly, acquiring a plurality of pieces of historical query request information for querying information of target Internet of things equipment historically; and then, analyzing the target query request information based on the plurality of pieces of historical query request information to obtain a corresponding target analysis result, wherein the target analysis result is used for representing whether the information query operation corresponding to the target query request information belongs to abnormal operation. Based on the method, the problem that in the existing information security technology, great potential safety hazards exist during information query of the Internet of things equipment can be solved.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to an information security processing method and system based on user behavior analysis.
Background
The internet of things equipment can be used for data acquisition and the like, so that the data of the internet of things equipment can be queried and the like in the internet of things technology. However, the inventor researches and discovers that the conventional information security technology has a problem of great potential safety hazard when inquiring information.
Disclosure of Invention
In view of this, an object of the present application is to provide an information security processing method and system based on user behavior analysis, so as to solve the problem that a large potential safety hazard exists in the existing information security technology when information of an internet of things device is queried.
In order to achieve the above purpose, the embodiment of the present application adopts the following technical solutions:
an information security processing method based on user behavior analysis is applied to information security processing equipment and comprises the following steps:
acquiring target query request information for performing information query on target Internet of things equipment, wherein the target Internet of things equipment is in communication connection with the information security processing equipment, and the target query request information is generated based on information query operation performed by a target user terminal equipment which is in communication connection with the information security processing equipment and responds to a corresponding target query user;
acquiring a plurality of pieces of historical query request information for querying information of the target Internet of things equipment historically, wherein each piece of historical query request information is generated based on information query operation of other query users corresponding to other user terminal equipment responses;
and analyzing the target query request information based on the plurality of pieces of historical query request information to obtain corresponding target analysis results, wherein the target analysis results are used for representing whether the information query operation corresponding to the target query request information belongs to abnormal operation or not.
In a possible embodiment, in the information security processing method based on user behavior analysis, the step of analyzing the target query request information based on the plurality of pieces of historical query request information to obtain a corresponding target analysis result includes:
screening the plurality of pieces of historical query request information to obtain a plurality of pieces of corresponding target historical query request information;
and analyzing the target query request information based on the plurality of pieces of target historical query request information to obtain corresponding target analysis results.
In a possible embodiment, in the information security processing method based on user behavior analysis, the step of performing parsing processing on the target query request information based on the plurality of pieces of target historical query request information to obtain a corresponding target parsing result includes:
analyzing the plurality of pieces of target historical query request information to obtain query behavior characteristic information of a user queried historically;
and determining whether the information query operation corresponding to the target query request information belongs to abnormal operation or not based on the query behavior characteristic information.
In a possible embodiment, in the information security processing method based on user behavior analysis, the step of performing a filtering process on the plurality of pieces of historical query request information to obtain corresponding plurality of pieces of target historical query request information includes:
based on the generation time information of each piece of historical query request information, sequencing the plurality of pieces of historical query request information according to the sequence of generation time from morning to evening to obtain a corresponding historical query request information sequence;
determining first historical query request information corresponding to the target query request information in the historical query request information sequence, wherein the first historical query request information is one of the plurality of pieces of historical query request information, which has the largest information similarity with the target query request information;
determining second historical query request information corresponding to the target query request information in the historical query request information sequence, wherein the second historical query request information is one of the plurality of pieces of historical query request information, and the time similarity between the generation time information and the generation time information of the target query request information is the largest;
and determining a plurality of pieces of target historical query request information based on the first historical query request information and the second historical query request information in the plurality of pieces of historical query request information included in the historical query request information sequence.
In a possible embodiment, in the information security processing method based on user behavior analysis, the step of determining, from the plurality of pieces of historical query request information included in the historical query request information sequence, a plurality of pieces of target historical query request information based on the first historical query request information and the second historical query request information includes:
determining the quantity of the historical query request information between the first historical query request information and the second historical query request information in the historical query request information sequence to obtain a first quantity;
calculating a first adjustment coefficient corresponding to the first historical query request information and a second adjustment coefficient corresponding to the second historical query request information respectively with the first number to obtain a corresponding second number and a third number, wherein the first adjustment coefficient and the second adjustment coefficient are generated based on coefficient configuration operation performed by the information security processing equipment in response to a corresponding management user;
in the historical query request information sequence, determining a first information interval by taking the first historical query request information as a center and the second quantity as a radius, and determining a second information interval by taking the second historical query request information as a center and the third quantity as a radius;
generating a corresponding candidate historical query request information sequence based on each piece of historical query request information included in the first information interval and the second information interval;
and determining a plurality of pieces of target historical query request information from a plurality of pieces of historical query request information included in the candidate historical query request information sequence.
In a possible embodiment, in the information security processing method based on user behavior analysis, the step of determining a plurality of pieces of target historical query request information from among a plurality of pieces of historical query request information included in the candidate historical query request information sequence includes:
determining third history query request information from a plurality of pieces of history query request information included in the candidate history query request information sequence, wherein the third history query request information is history query request information in which information similarity between the candidate history query request information sequence and the target query request information is greater than a first similarity threshold and time similarity between the candidate history query request information sequence and the generation time information of the target query request information is greater than a second similarity threshold;
determining a third information interval corresponding to each piece of third history query request information in the candidate history query request information sequence, wherein the third information interval is determined based on a first coefficient of the corresponding third history query request information, the first coefficient of each piece of third history query request information is obtained by performing weighted summation calculation according to the first adjustment coefficient and the second adjustment coefficient based on information similarity between the third information interval and the target query request information and time similarity between the third information interval and generation time information of the target query request information, and the sum of the first adjustment coefficient and the second adjustment coefficient is 1;
and taking each piece of history query request information included in each third information interval as target history query request information to obtain a plurality of pieces of target history query request information.
The application also provides an information security processing system based on user behavior analysis, which is applied to information security processing equipment, and the information security processing system comprises:
the target query request information acquisition module is used for acquiring target query request information for performing information query on target Internet of things equipment, wherein the target Internet of things equipment is in communication connection with the information security processing equipment, and the target query request information is generated based on information query operation performed by a target user terminal equipment in communication connection with the information security processing equipment in response to a corresponding target query user;
the history query request information acquisition module is used for acquiring a plurality of pieces of history query request information for historically querying information of the target Internet of things equipment, wherein each piece of history query request information is generated based on information query operation of other query users corresponding to other user terminal equipment responses;
and the target query request information analysis module is used for analyzing the target query request information based on the plurality of pieces of historical query request information to obtain a corresponding target analysis result, wherein the target analysis result is used for representing whether the information query operation corresponding to the target query request information belongs to abnormal operation.
In a possible embodiment, in the information security processing system based on user behavior analysis, the target query request information parsing module includes:
the historical query request information screening submodule is used for screening the plurality of pieces of historical query request information to obtain a plurality of pieces of corresponding target historical query request information;
and the target query request information analysis submodule is used for analyzing the target query request information based on the plurality of pieces of target historical query request information to obtain a corresponding target analysis result.
In a possible embodiment, in the information security processing system based on user behavior analysis, the target query request information parsing sub-module is specifically configured to:
analyzing the plurality of pieces of target historical query request information to obtain query behavior characteristic information of a user queried historically;
and determining whether the information query operation corresponding to the target query request information belongs to abnormal operation or not based on the query behavior characteristic information.
In a possible embodiment, in the information security processing system based on user behavior analysis, the historical query request information screening sub-module is specifically configured to:
based on the generation time information of each piece of historical query request information, sequencing the plurality of pieces of historical query request information according to the sequence of generation time from morning to evening to obtain a corresponding historical query request information sequence;
determining first historical query request information corresponding to the target query request information in the historical query request information sequence, wherein the first historical query request information is one of the plurality of pieces of historical query request information, which has the largest information similarity with the target query request information;
determining second historical query request information corresponding to the target query request information in the historical query request information sequence, wherein the second historical query request information is one of the plurality of pieces of historical query request information, and the time similarity between the generation time information and the generation time information of the target query request information is the largest;
and determining a plurality of pieces of target historical query request information based on the first historical query request information and the second historical query request information in the plurality of pieces of historical query request information included in the historical query request information sequence.
According to the information security processing method and system based on user behavior analysis, when the target query request information for performing information query on the target Internet of things equipment is obtained, the target query request information is analyzed and processed based on the historical query request information, so that whether the information query operation corresponding to the target query request information belongs to abnormal operation or not is determined, the information query operation can be monitored, the information query safety is improved, and the problem of large potential safety hazard in the information query of the Internet of things equipment in the existing information security technology is solved.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
Fig. 1 is a block diagram of an information security processing apparatus according to an embodiment of the present application.
Fig. 2 is a schematic flowchart illustrating steps included in an information security processing method based on user behavior analysis according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
As shown in fig. 1, an embodiment of the present application provides an information security processing apparatus. Wherein the information security processing device may include a memory and a processor.
In detail, the memory and the processor are electrically connected directly or indirectly to realize data transmission or interaction. For example, they may be electrically connected to each other via one or more communication buses or signal lines. The memory may have stored therein at least one software function (a computer program, such as an information security processing system based on user behavior analysis, which is described later) that may be present in the form of software or firmware (firmware). The processor may be configured to execute the executable computer program stored in the memory, so as to implement the information security processing method based on user behavior analysis provided in the embodiments (described later) of the present application.
Alternatively, the Memory may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), a System on Chip (SoC), and the like; but may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components.
Moreover, the structure shown in fig. 1 is only an illustration, and the information security processing device may further include more or fewer components than those shown in fig. 1, or have a different configuration from that shown in fig. 1, and for example, may include a communication unit for information interaction with other devices (such as an internet of things device).
In an alternative example, the information security processing device may be a server with data processing capability.
With reference to fig. 2, an embodiment of the present application further provides an information security processing method based on user behavior analysis, which is applicable to the information security processing device. The method steps defined by the flow related to the information security processing method based on the user behavior analysis can be realized by the information security processing equipment. The specific process shown in FIG. 2 will be described in detail below.
Step S110, target query request information for performing information query on the target internet of things device is obtained.
In this embodiment, the information security processing device may first acquire target query request information for performing information query on a target internet of things device.
The target internet of things device is in communication connection with the information security processing device, and the target query request information is generated based on information query operation performed by a target user terminal device (such as a mobile phone) in communication connection with the information security processing device in response to a corresponding target query user.
Step S120, obtaining a plurality of pieces of historical query request information for performing information query on the target internet of things device historically.
In this embodiment, after obtaining the target query request information based on step S110, the information security processing device may obtain a plurality of pieces of historical query request information that are used for historically querying information of the target internet of things device, for example, the historical query request information may be obtained from a database, where the database may be a local database of the information security processing device or a remote database of the information security processing device.
Each piece of the historical query request information is generated based on information query operation performed by other user terminal devices in response to corresponding other query users, that is, the target query request information may be query request information sent by the target user terminal device to perform information query on the target internet of things device for the first time.
Step S130, analyzing the target query request information based on the plurality of pieces of historical query request information to obtain corresponding target analysis results.
In this embodiment, after obtaining the plurality of pieces of historical query request information based on step S120, the information security processing device may perform parsing on the target query request information based on the plurality of pieces of historical query request information to obtain corresponding target parsing results. Thus, if it is determined that the information query operation corresponding to the target request information belongs to an abnormal operation, the target request information may be discarded to refuse to provide a corresponding information query service, and the like.
And the target analysis result is used for representing whether the information query operation corresponding to the target query request information belongs to abnormal operation or not.
Based on the method, the target query request information for performing information query on the target internet of things equipment is acquired, and the target query request information is analyzed and processed based on the historical query request information to determine whether the information query operation corresponding to the target query request information belongs to abnormal operation, so that the monitoring of the information query operation can be realized, the safety of information query is improved, and the problem of larger potential safety hazard in the information query of the internet of things equipment in the existing information safety technology is further improved.
It is understood that, in an alternative example, the target query request information may be parsed based on the following steps to obtain a corresponding target parsing result:
firstly, screening the plurality of pieces of historical query request information to obtain a plurality of pieces of corresponding target historical query request information;
secondly, analyzing the target query request information based on the plurality of pieces of target historical query request information to obtain corresponding target analysis results.
It is understood that, in yet another alternative example, the plurality of pieces of historical query request information may be filtered based on the following steps to obtain corresponding pieces of target historical query request information:
firstly, based on the generation time information of each piece of historical query request information, sequencing the plurality of pieces of historical query request information according to the sequence of generation time from morning to evening to obtain a corresponding historical query request information sequence;
secondly, determining first historical query request information corresponding to the target query request information in the historical query request information sequence, wherein the first historical query request information is one of the plurality of pieces of historical query request information which has the largest information similarity (the similarity corresponding to the system action is described above) with the target query request information;
then, in the historical query request information sequence, determining second historical query request information corresponding to the target query request information, wherein the second historical query request information is one of the plurality of pieces of historical query request information, the time similarity between the generation time information and the generation time information of the target query request information is the largest;
finally, in the plurality of pieces of historical query request information included in the historical query request information sequence, a plurality of pieces of target historical query request information are determined based on the first historical query request information and the second historical query request information.
It will be appreciated that, in an alternative example, a plurality of target historical query request information may be determined from the plurality of pieces of historical query request information included in the sequence of historical query request information based on:
firstly, determining third history query request information from a plurality of pieces of history query request information included in the candidate history query request information sequence, wherein the third history query request information is history query request information in which information similarity between the candidate history query request information sequence and the target query request information is greater than a first similarity threshold and time similarity between the candidate history query request information sequence and generation time information of the target query request information is greater than a second similarity threshold, and the first similarity threshold and the second similarity threshold can be generated based on configuration operation performed by the information security processing device in response to a corresponding management user according to an actual application scenario;
secondly, determining a third information interval corresponding to each piece of the third history query request information in the candidate history query request information sequence, wherein the third information interval is determined based on a first coefficient of the corresponding third history query request information (for example, in the candidate history query request information sequence, the corresponding third information interval can be determined by taking the position of the third history query request information as a central position and the first coefficient as a radius), the first coefficient of each piece of the third history query request information is obtained by performing weighted summation calculation according to the first adjustment coefficient and the second adjustment coefficient based on the information similarity between the piece of the third history query request information and the target query request information and the time similarity between the piece of the third history query request information and the generation time information of the target query request information, wherein the sum of the first adjustment coefficient and the second adjustment coefficient is 1, the first adjustment coefficient and the second adjustment coefficient may be generated based on a configuration operation performed by the information security processing device in response to a corresponding management user according to an actual application scenario;
then, each piece of history query request information included in each third information interval is used as target history query request information, and a plurality of pieces of target history query request information are obtained.
It is understood that, in an alternative example, the target query request information may be parsed based on the plurality of pieces of target historical query request information to obtain corresponding target parsing results based on the following steps:
firstly, analyzing the plurality of pieces of target historical query request information to obtain query behavior feature information of a user queried historically (for example, a complete query may include a plurality of continuous query actions, such as querying part a information, querying part B information, and querying part C information, so that a series of query actions may be formed, and thus, a plurality of series of query actions may be extracted from the plurality of pieces of target historical query request information as query behavior feature information);
then, it is determined whether the information query operation corresponding to the target query request information belongs to an abnormal operation based on the query behavior feature information (for example, a query action corresponding to the target query request information is matched with a query action corresponding to the query behavior feature information, if the matching indicates that the information query operation does not belong to the abnormal operation, the information query operation belongs to the abnormal operation).
The embodiment of the application also provides an information security processing system based on user behavior analysis, which can be applied to the information security processing equipment. The information security processing system based on the user behavior analysis can comprise:
the target query request information acquisition module can be used for acquiring target query request information for performing information query on target internet of things equipment, wherein the target internet of things equipment is in communication connection with the information security processing equipment, and the target query request information is generated based on information query operation performed by a target user terminal equipment in communication connection with the information security processing equipment in response to a corresponding target query user;
the history query request information acquisition module can be used for acquiring a plurality of pieces of history query request information for historically querying information of the target internet of things equipment, wherein each piece of history query request information is generated based on information query operation of other user terminal equipment responding to other corresponding query users;
the target query request information analyzing module may be configured to analyze the target query request information based on the plurality of pieces of historical query request information to obtain a corresponding target analysis result, where the target analysis result is used to represent whether an information query operation corresponding to the target query request information belongs to an abnormal operation.
It is understood that the specific functions of the target query request information obtaining module, the historical query request information obtaining module and the target query request information parsing module may refer to the above explanation of step S110, step S120 and step S130.
It is to be appreciated that in an alternative example, the target query request information parsing module may include:
the historical query request information screening submodule is used for screening the plurality of pieces of historical query request information to obtain a plurality of pieces of corresponding target historical query request information;
and the target query request information analysis submodule is used for analyzing the target query request information based on the plurality of pieces of target historical query request information to obtain a corresponding target analysis result.
It is to be appreciated that in an alternative example, the target query request information parsing sub-module is specifically configured to: analyzing the plurality of pieces of target historical query request information to obtain query behavior characteristic information of a user queried historically; and determining whether the information query operation corresponding to the target query request information belongs to abnormal operation or not based on the query behavior characteristic information.
It is understood that, in an alternative example, the historical query request information filtering sub-module is specifically configured to: based on the generation time information of each piece of historical query request information, sequencing the plurality of pieces of historical query request information according to the sequence of generation time from morning to evening to obtain a corresponding historical query request information sequence; determining first historical query request information corresponding to the target query request information in the historical query request information sequence, wherein the first historical query request information is one of the plurality of pieces of historical query request information, which has the largest information similarity with the target query request information; determining second historical query request information corresponding to the target query request information in the historical query request information sequence, wherein the second historical query request information is one of the plurality of pieces of historical query request information, and the time similarity between the generation time information and the generation time information of the target query request information is the largest; and determining a plurality of pieces of target historical query request information based on the first historical query request information and the second historical query request information in the plurality of pieces of historical query request information included in the historical query request information sequence.
In summary, according to the information security processing method and system based on user behavior analysis provided by the application, when target query request information for performing information query on target internet of things equipment is acquired, the target query request information is analyzed and processed based on historical query request information so as to determine whether the information query operation corresponding to the target query request information belongs to abnormal operation, so that monitoring of the information query operation can be realized, the security of information query is improved, and the problem of great potential safety hazard in information query on the internet of things equipment in the existing information security technology is further improved.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus and method embodiments described above are illustrative only, as the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, an electronic device, or a network device) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. An information security processing method based on user behavior analysis is applied to information security processing equipment, and the information security processing method comprises the following steps:
acquiring target query request information for performing information query on target Internet of things equipment, wherein the target Internet of things equipment is in communication connection with the information security processing equipment, and the target query request information is generated based on information query operation performed by a target user terminal equipment which is in communication connection with the information security processing equipment and responds to a corresponding target query user;
acquiring a plurality of pieces of historical query request information for querying information of the target Internet of things equipment historically, wherein each piece of historical query request information is generated based on information query operation of other query users corresponding to other user terminal equipment responses;
and analyzing the target query request information based on the plurality of pieces of historical query request information to obtain corresponding target analysis results, wherein the target analysis results are used for representing whether the information query operation corresponding to the target query request information belongs to abnormal operation or not.
2. The information security processing method based on user behavior analysis according to claim 1, wherein the step of analyzing the target query request information based on the plurality of pieces of historical query request information to obtain a corresponding target analysis result includes:
screening the plurality of pieces of historical query request information to obtain a plurality of pieces of corresponding target historical query request information;
and analyzing the target query request information based on the plurality of pieces of target historical query request information to obtain corresponding target analysis results.
3. The information security processing method based on user behavior analysis according to claim 2, wherein the step of analyzing the target query request information based on the plurality of pieces of target historical query request information to obtain corresponding target analysis results comprises:
analyzing the plurality of pieces of target historical query request information to obtain query behavior characteristic information of a user queried historically;
and determining whether the information query operation corresponding to the target query request information belongs to abnormal operation or not based on the query behavior characteristic information.
4. The information security processing method based on user behavior analysis according to claim 2, wherein the step of performing filtering processing on the plurality of pieces of historical query request information to obtain corresponding plurality of pieces of target historical query request information includes:
based on the generation time information of each piece of historical query request information, sequencing the plurality of pieces of historical query request information according to the sequence of generation time from morning to evening to obtain a corresponding historical query request information sequence;
determining first historical query request information corresponding to the target query request information in the historical query request information sequence, wherein the first historical query request information is one of the plurality of pieces of historical query request information, which has the largest information similarity with the target query request information;
determining second historical query request information corresponding to the target query request information in the historical query request information sequence, wherein the second historical query request information is one of the plurality of pieces of historical query request information, and the time similarity between the generation time information and the generation time information of the target query request information is the largest;
and determining a plurality of pieces of target historical query request information based on the first historical query request information and the second historical query request information in the plurality of pieces of historical query request information included in the historical query request information sequence.
5. The information security processing method based on user behavior analysis according to claim 4, wherein the step of determining a plurality of target historical query request information based on the first historical query request information and the second historical query request information from the plurality of pieces of historical query request information included in the historical query request information sequence comprises:
determining the quantity of the historical query request information between the first historical query request information and the second historical query request information in the historical query request information sequence to obtain a first quantity;
calculating a first adjustment coefficient corresponding to the first historical query request information and a second adjustment coefficient corresponding to the second historical query request information respectively with the first number to obtain a corresponding second number and a third number, wherein the first adjustment coefficient and the second adjustment coefficient are generated based on coefficient configuration operation performed by the information security processing equipment in response to a corresponding management user;
in the historical query request information sequence, determining a first information interval by taking the first historical query request information as a center and the second quantity as a radius, and determining a second information interval by taking the second historical query request information as a center and the third quantity as a radius;
generating a corresponding candidate historical query request information sequence based on each piece of historical query request information included in the first information interval and the second information interval;
and determining a plurality of pieces of target historical query request information from a plurality of pieces of historical query request information included in the candidate historical query request information sequence.
6. The information security processing method based on user behavior analysis according to claim 5, wherein the step of determining a plurality of target historical query request information from a plurality of pieces of historical query request information included in the candidate historical query request information sequence comprises:
determining third history query request information from a plurality of pieces of history query request information included in the candidate history query request information sequence, wherein the third history query request information is history query request information in which information similarity between the candidate history query request information sequence and the target query request information is greater than a first similarity threshold and time similarity between the candidate history query request information sequence and the generation time information of the target query request information is greater than a second similarity threshold;
determining a third information interval corresponding to each piece of third history query request information in the candidate history query request information sequence, wherein the third information interval is determined based on a first coefficient of the corresponding third history query request information, the first coefficient of each piece of third history query request information is obtained by performing weighted summation calculation according to the first adjustment coefficient and the second adjustment coefficient based on information similarity between the third information interval and the target query request information and time similarity between the third information interval and generation time information of the target query request information, and the sum of the first adjustment coefficient and the second adjustment coefficient is 1;
and taking each piece of history query request information included in each third information interval as target history query request information to obtain a plurality of pieces of target history query request information.
7. An information security processing system based on user behavior analysis, which is applied to an information security processing device, the information security processing system comprising:
the target query request information acquisition module is used for acquiring target query request information for performing information query on target Internet of things equipment, wherein the target Internet of things equipment is in communication connection with the information security processing equipment, and the target query request information is generated based on information query operation performed by a target user terminal equipment in communication connection with the information security processing equipment in response to a corresponding target query user;
the history query request information acquisition module is used for acquiring a plurality of pieces of history query request information for historically querying information of the target Internet of things equipment, wherein each piece of history query request information is generated based on information query operation of other query users corresponding to other user terminal equipment responses;
and the target query request information analysis module is used for analyzing the target query request information based on the plurality of pieces of historical query request information to obtain a corresponding target analysis result, wherein the target analysis result is used for representing whether the information query operation corresponding to the target query request information belongs to abnormal operation.
8. The system of claim 7, wherein the target query request information parsing module comprises:
the historical query request information screening submodule is used for screening the plurality of pieces of historical query request information to obtain a plurality of pieces of corresponding target historical query request information;
and the target query request information analysis submodule is used for analyzing the target query request information based on the plurality of pieces of target historical query request information to obtain a corresponding target analysis result.
9. The information security processing system based on user behavior analysis according to claim 8, wherein the target query request information parsing sub-module is specifically configured to:
analyzing the plurality of pieces of target historical query request information to obtain query behavior characteristic information of a user queried historically;
and determining whether the information query operation corresponding to the target query request information belongs to abnormal operation or not based on the query behavior characteristic information.
10. The system according to claim 8, wherein the historical query request information filtering sub-module is specifically configured to:
based on the generation time information of each piece of historical query request information, sequencing the plurality of pieces of historical query request information according to the sequence of generation time from morning to evening to obtain a corresponding historical query request information sequence;
determining first historical query request information corresponding to the target query request information in the historical query request information sequence, wherein the first historical query request information is one of the plurality of pieces of historical query request information, which has the largest information similarity with the target query request information;
determining second historical query request information corresponding to the target query request information in the historical query request information sequence, wherein the second historical query request information is one of the plurality of pieces of historical query request information, and the time similarity between the generation time information and the generation time information of the target query request information is the largest;
and determining a plurality of pieces of target historical query request information based on the first historical query request information and the second historical query request information in the plurality of pieces of historical query request information included in the historical query request information sequence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110770162.3A CN113486342A (en) | 2021-07-07 | 2021-07-07 | Information security processing method and system based on user behavior analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110770162.3A CN113486342A (en) | 2021-07-07 | 2021-07-07 | Information security processing method and system based on user behavior analysis |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113486342A true CN113486342A (en) | 2021-10-08 |
Family
ID=77937975
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110770162.3A Withdrawn CN113486342A (en) | 2021-07-07 | 2021-07-07 | Information security processing method and system based on user behavior analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113486342A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114647636A (en) * | 2022-05-13 | 2022-06-21 | 杭银消费金融股份有限公司 | Big data anomaly detection method and system |
-
2021
- 2021-07-07 CN CN202110770162.3A patent/CN113486342A/en not_active Withdrawn
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114647636A (en) * | 2022-05-13 | 2022-06-21 | 杭银消费金融股份有限公司 | Big data anomaly detection method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110839016B (en) | Abnormal flow monitoring method, device, equipment and storage medium | |
| CN106649831B (en) | Data filtering method and device | |
| CN111352808B (en) | Alarm data processing method, device, equipment and storage medium | |
| CN107870849B (en) | Processing method and device of test log | |
| CN111078513A (en) | Log processing method, device, equipment, storage medium and log alarm system | |
| CN113992340A (en) | User abnormal behavior recognition method, device, equipment, storage medium and program | |
| CN114780606B (en) | Big data mining method and system | |
| CN111064719B (en) | Method and device for detecting abnormal downloading behavior of file | |
| CN113568952A (en) | Internet of things resource data analysis method | |
| CN113486342A (en) | Information security processing method and system based on user behavior analysis | |
| CN113569965A (en) | User behavior analysis method and system based on Internet of things | |
| CN113609389A (en) | Community platform information pushing method and system | |
| CN115658443B (en) | Log filtering method and device | |
| CN111368858B (en) | User satisfaction evaluation method and device | |
| CN113609111A (en) | Big data testing method and system | |
| CN114416786A (en) | Stream data processing method and device, storage medium and computer equipment | |
| CN113486341A (en) | Smart city data processing method and device | |
| CN113537087A (en) | Intelligent traffic information processing method and device and server | |
| CN113204476A (en) | User behavior data security detection method | |
| CN113328988A (en) | Network security verification method and system based on big data and cloud computing | |
| CN113239381A (en) | Data security encryption method | |
| CN113626419A (en) | Data screening method and system for intelligent cell | |
| CN113486340A (en) | Internet of things equipment intrusion detection method and device based on digital signature | |
| CN112508745B (en) | Document evaluation method and device | |
| CN113489735A (en) | Network information safety diagnosis method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20211008 |
|
| WW01 | Invention patent application withdrawn after publication |