CN115221509A - Authentication behavior portrait method based on 5W1H account - Google Patents
Authentication behavior portrait method based on 5W1H account Download PDFInfo
- Publication number
- CN115221509A CN115221509A CN202210843238.5A CN202210843238A CN115221509A CN 115221509 A CN115221509 A CN 115221509A CN 202210843238 A CN202210843238 A CN 202210843238A CN 115221509 A CN115221509 A CN 115221509A
- Authority
- CN
- China
- Prior art keywords
- behavior
- model
- data
- analysis
- algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 230000006399 behavior Effects 0.000 claims abstract description 100
- 238000004422 calculation algorithm Methods 0.000 claims description 50
- 238000005516 engineering process Methods 0.000 claims description 48
- 238000004458 analytical method Methods 0.000 claims description 35
- 238000007405 data analysis Methods 0.000 claims description 32
- 230000002159 abnormal effect Effects 0.000 claims description 21
- 238000012550 audit Methods 0.000 claims description 18
- 238000007619 statistical method Methods 0.000 claims description 16
- 238000012896 Statistical algorithm Methods 0.000 claims description 13
- 238000010219 correlation analysis Methods 0.000 claims description 13
- 238000005065 mining Methods 0.000 claims description 12
- 238000012795 verification Methods 0.000 claims description 9
- 238000003384 imaging method Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 7
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 6
- 238000007418 data mining Methods 0.000 claims description 6
- 238000013499 data model Methods 0.000 claims description 6
- 230000009471 action Effects 0.000 claims description 5
- 230000000694 effects Effects 0.000 claims description 4
- 238000004140 cleaning Methods 0.000 claims description 3
- 238000013500 data storage Methods 0.000 claims description 3
- 230000001939 inductive effect Effects 0.000 claims description 3
- 238000013024 troubleshooting Methods 0.000 claims description 3
- 230000000007 visual effect Effects 0.000 abstract description 2
- 238000007726 management method Methods 0.000 description 13
- 238000012360 testing method Methods 0.000 description 3
- 238000004220 aggregation Methods 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention relates to the technical field of 5W1H account security management, and discloses a 5W1H account-based authentication behavior portrayal method, which analyzes the related behaviors of a user by taking a human as a center, comprises four types of information, namely user login time, authentication behavior, IP address information and behavior frequency, and is used for depicting the daily behaviors of the user and establishing a daily behavior baseline. The invention has the capability of centralized account management in the whole network, can perform centralized, standardized and visual management on account numbers in the whole network, has uniform authentication capability in the whole network, can provide standardized and service management for personnel and business authentication in the whole network, has uniform auditing capability in the whole network, can improve the auditing intelligence degree, is subjected to ground auditing management, realizes real effective auditing, has enhanced platform safety support capability, and provides safety enhancement support for a business system.
Description
Technical Field
The invention relates to the technical field of 5W1H account security management, in particular to an authentication behavior portrait method based on a 5W1H account.
Background
The 5W1H analysis method is also called as a six-analysis method, is a thinking way, can also be an establishment method, is a way for developing and considering six-level questioning problems such as a reason (WHY), a target (whet), an address (WHERE), a time (worn), a Worker (WHO), a way (HOW) and the like for a selected new project, a process flow or actual operation, and is widely applied to development and operation of various industries.
In recent years, a group based on 5W1H forms makes important progress around application system construction of planning, early-stage, infrastructure, production, marketing, management of equivalent value chain link services, system form, quantity and variety are greatly enriched, the information level is comprehensively improved for the group, the important role of creating value is fully played for informatization, and strong support is provided for promoting enterprise transformation upgrading, development quality and benefit and the like, but the complexity of user identity management of a heterogeneous system, a converged network and various devices reaches unprecedented height while the ecological system of a service system is further perfected, and problems related to user security, such as a heterogeneous system, a converged network and various devices, weak passwords, a dead account, redundancy, a false account number, a phishing user, repeated login, remote login, abnormal login, diversified access, decentralized management, difficult audit and the like, become a threat to the water surface ecological system, and become a problem restricting the overall network security of the group and the overall network security are influenced by the following problems:
(1) There are a large number of occupied accounts for applications: the account number (zombie account number), redundant accounts created for many times and the like are not used for a long time, service managers are difficult to comb, the account number is lack of unified centralized management, and application systems, VPNs, network access and the like are lack of unified account number management standards.
(2) The application lacks uniform authentication: VPN, each application system and APP authentication are independent, and a large number of weak passwords exist.
(3) Lack of uniform auditing capabilities: the existing service system has too many audit logs and limited auditors, and cannot effectively achieve the ground audit capability.
In addition, by summarizing and analyzing data and experience in annual network security special activities of central enterprises participating in national relevant department organizations in recent years, it can be found that user identity management problems become the weakest link, the greatest management difficulty and the highest management cost in network security systems of central enterprises, and are also the preferred targets and directions for attackers to attack.
Disclosure of Invention
The invention aims to provide a portrait authentication method based on a 5W1H account, which aims to solve the technical problems.
In order to achieve the purpose, the invention provides the following technical scheme:
the method analyzes the related behaviors of a user by taking a 'person' as a center, comprises four types of information including user login time, authentication behavior, IP address information and behavior frequency, describes the daily behaviors of the user, and establishes a daily behavior baseline, wherein: the data analysis of the login time comprises login account time, access time, resource access time and operation time of the user; the data analysis of the IP address information comprises a login source IP address, an authentication source IP address, an access source IP address and an operation source IP address of the user; the data analysis of the behavior frequency comprises account login frequency, account authentication frequency, resource access frequency and operation behavior frequency of the user; the authentication behavior is characterized in that the person portrait behavior analysis is carried out according to the user login time, IP address information and behavior frequency, an analysis model is established by adopting a mean value statistical algorithm, a statistical analysis algorithm or/and a correlation analysis algorithm, the daily behavior of the user is classified through algorithm learning, and the classified daily behavior is used as a standard base line for supervising normal behavior through a model strategy-based technology, a proximity technology, a density technology and a data analysis model;
the data model establishing process of the user behavior analysis comprises the following steps:
s1, data are collected in a centralized mode, and user login time, IP address information and behavior frequency information are collected in a centralized mode through the big data storage capacity and the data mining technology under the big data technology;
s2, analyzing and mining, analyzing and classifying user behaviors by using a mean statistical algorithm, a statistical analysis algorithm and a data analysis algorithm of a correlation analysis algorithm, and establishing a model based on a dynamic baseline technology;
s3, establishing a model, performing algorithm analysis by using a model strategy-based technology, a proximity-based technology, a density-based technology and a data analysis model, and extracting abnormal data in the algorithm model;
and S4, finding problems, extracting safety events corresponding to abnormal data after the algorithm model is analyzed, analyzing 5W1H corresponding elements for abnormal analysis and troubleshooting, and feeding back and circulating to the step of data analysis and mining until the algorithm model is in dynamic balance.
Preferably, the figure portrait behavior analysis of the authentication behavior, which is a mean statistical algorithm, a statistical analysis algorithm and a correlation analysis algorithm adopted by establishing an analysis model, has the following characteristics:
a. the average value statistical algorithm is an algorithm for calculating a corresponding average value as threshold value data for reporting and upper layer statistical analysis by calculating an average value threshold value used by a service scene based on standardized logs and calculating;
b. a statistical analysis algorithm, which is based on standardized logs and intermediate data, carries out grouping frequency statistics according to attribute dimensions in an audit subject, an audit object and an audit action, analyzes and compares a statistical result with a set threshold value to find abnormal and illegal operation behaviors, and carries out early warning reminding through an early warning strategy, wherein the strategy result supports automatic generation of data to be reviewed in an audit task;
c. and (3) correlation analysis algorithm: analyzing rule configuration is carried out based on attributes, self-defined model elements and heterogeneous events in the 5W1H model, a reasonable audit strategy is formulated for the context with the association relation information, the operation behavior properties are judged by combining and judging a plurality of heterogeneous events, the hidden correlation is excavated, and possible illegal behaviors are found.
Preferably, the portrait behavior analysis of the authentication behavior, which is based on a model policy technology, a proximity technology, a density technology and a data analysis model adopted by the prisoner's standard baseline, is characterized as follows:
a. finding out unqualified or unsatisfied data through pre-analysis based on a model strategy technology;
b. classifying and inducing the large-scale aggregated objects based on a proximity technology, wherein the abnormal objects are the objects far away from the large-scale aggregation;
c. classifying and summarizing the objects appearing in the areas with higher density based on the density technology, wherein the objects appearing in the areas with low density are abnormal;
d. data analysis model, including with post, with the region, and while length, wherein:
the same post refers to modeling of individuals or groups of organizations on the same post, analyzing normal rules and mining abnormal behaviors;
the same region means that the group modeling of individuals or organizations in the same region is used for analyzing normal rules and mining abnormal literary texts;
the same time length means that the group modeling of individuals or organizations with the same time length and span is adopted, the normal rule is analyzed, and abnormal behaviors are mined.
Preferably, a user behavior analysis model is established, and an implementation process of the user behavior analysis model includes:
s1, defining problems, analyzing rules, searching for anomalies, mining information and analyzing data from mass data, and finding out problems in the data;
s2, preparing data, and determining and dividing the data analysis range;
s3, browsing the data, and performing corresponding data cleaning by adopting a data algorithm;
s4, generating a model, applying various modeling technologies, optimizing parameters and comparing modeling effects;
s5, previewing/verifying the model, based on business scene verification and model tuning, feeding back verification data to the model through repeated verification of the model, and improving the quality of the data model;
and S6, deploying and modifying the model, and deploying the confirmed model into the service system.
Preferably, the analysis of the user behavior and action abnormity comprises: the method comprises the steps of login address abnormity, login time abnormity, login frequency abnormity, login sequence abnormity, login of multiple accounts in the same IP and operation behavior abnormity.
Compared with the prior art, the invention has the beneficial effects that:
the invention has the capability of centralized account management in the whole network, can perform centralized, standardized and visual management on account numbers in the whole network, has uniform authentication capability in the whole network, can provide standardized and service management for personnel and business authentication in the whole network, has uniform auditing capability in the whole network, can improve the auditing intelligence degree, is subjected to ground auditing management, realizes real effective auditing, has enhanced platform safety support capability, and provides safety enhancement support for a business system.
Detailed Description
In the embodiment of the invention, a behavior portrait method based on a 5W1H account number analyzes related behaviors of a user by taking a person as a center, comprises four types of information including user login time, authentication behavior, IP address information and behavior frequency, describes the daily behaviors of the user, and establishes a daily behavior baseline, wherein:
the data analysis of the login time comprises login account time, access time, resource access time and operation time of the user;
the data analysis of the IP address information comprises a login source IP address, an authentication source IP address, an access source IP address and an operation source IP address of the user;
the data analysis of the behavior frequency comprises account login frequency, account authentication frequency, resource access frequency and operation behavior frequency of the user;
the authentication behavior is characterized in that the person portrait behavior is analyzed according to the user login time, IP address information and behavior frequency, an analysis model is established mainly through a mean value statistical algorithm, a statistical analysis algorithm and a correlation analysis algorithm, the daily behavior of the user is classified through algorithm learning, and the daily behavior of the user is used as a standard baseline for monitoring normal behavior through a model strategy technology, a proximity technology, a density technology and a data analysis model.
The figure portrait behavior analysis of the authentication behavior, which is a mean value statistical algorithm, a statistical analysis algorithm and a correlation analysis algorithm adopted by establishing an analysis model, has the following characteristics:
a. the average value statistical algorithm is an algorithm for calculating a corresponding average value as threshold value data for reporting and upper layer statistical analysis by calculating an average value threshold value used by a service scene based on standardized logs and calculating;
b. a statistical analysis algorithm, which is based on standardized logs and intermediate data, carries out grouping frequency statistics according to attribute dimensions in an audit subject, an audit object and an audit action, analyzes and compares a statistical result with a set threshold value to find abnormal and illegal operation behaviors, and carries out early warning reminding through an early warning strategy, wherein the strategy result supports automatic generation of data to be reviewed in an audit task;
c. and (3) correlation analysis algorithm: analyzing rule configuration is carried out based on attributes, self-defined model elements and heterogeneous events in the 5W1H model, a reasonable audit strategy is formulated for the context with the association relation information, the operation behavior properties are judged by combining and judging a plurality of heterogeneous events, the hidden correlation is excavated, and possible illegal behaviors are found.
The figure portrait behavior analysis of the authentication behavior adopts a model-based strategy technology, a proximity-based technology, a density-based technology and a data analysis model based on a prison standard baseline, and has the characteristics as follows:
a. based on a model strategy technology, a series of models and strategies are established in advance, data are analyzed, and data which are unqualified or do not meet the models and strategies are found out;
b. classifying the large-scale aggregated objects based on a proximity technology, and inducing a certain expression rule, wherein the abnormal objects are the objects far away from the large-scale aggregation;
c. classifying objects appearing in a region with higher density based on a density technology, classifying the objects into certain performance classification, and determining that the objects appearing in a region with low density are abnormal;
d. data analysis model, including with post, with the region, and while length, wherein:
the same post refers to modeling of individuals or groups of organizations on the same post, analyzing normal rules and mining abnormal behaviors;
the same region means that the group modeling of individuals or organizations in the same region is used for analyzing normal rules and mining abnormal literary texts;
the same time length means that the group modeling of individuals or organizations with the same time length and span is adopted, the normal rule is analyzed, and abnormal behaviors are mined.
The data model establishing process of the user behavior analysis comprises the following steps:
s1, data are collected in a centralized mode, and user login time, IP address information and behavior frequency information are collected in a centralized mode through the big data storage capacity and the data mining technology under the big data technology;
s2, analyzing and mining, analyzing and classifying user behaviors by using a mean statistical algorithm, a statistical analysis algorithm and a data analysis algorithm of a correlation analysis algorithm, and establishing a model based on a dynamic baseline technology;
s3, establishing a model, performing algorithm analysis by using a model strategy-based technology, a proximity-based technology, a density-based technology and a data analysis model, and extracting abnormal data in the algorithm model;
and S4, finding problems, extracting safety events corresponding to abnormal data after the algorithm model is analyzed, analyzing 5W1H corresponding elements for abnormal analysis and troubleshooting, and feeding back and circulating to the step of data analysis and mining until the algorithm model is in dynamic balance.
The implementation process of the user behavior analysis model is as follows:
s1, defining problems, analyzing rules, searching for anomalies, mining information and analyzing data from mass data, and finding out problems in the data;
s2, preparing data, and determining and dividing the data analysis range;
s3, browsing the data, and performing corresponding data cleaning by adopting a data algorithm;
s4, generating a model, applying various modeling technologies, adjusting parameters, and comparing modeling effects;
s5, previewing/verifying the model, based on business scene verification and model tuning, feeding back verification data to the model through repeated verification of the model, and improving the quality of the data model;
and S6, deploying and modifying the model, and deploying the confirmed model into the service system.
The analysis of the user behavior abnormity comprises login address abnormity, login time abnormity, login frequency abnormity, login sequence abnormity, login of a plurality of accounts in the same IP and operation behavior abnormity.
Test examples
According to the authentication behavior imaging method based on the 5W1H account, behaviors of users accessing internal services of a company are evaluated, a plurality of groups of test accounts are registered, malicious access behaviors are simulated through the test accounts, and the result shows that the authentication behavior imaging method based on the 5W1H account can accurately identify the malicious access behaviors.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention are equivalent to or changed within the technical scope of the present invention.
Claims (8)
1. A method for imaging an authentication behavior based on a 5W1H account is characterized in that the method analyzes the related behaviors of a user by taking a person as a center, comprises four types of information including user login time, authentication behavior, IP address information and behavior frequency, describes the daily behavior of the user, and establishes a daily behavior baseline, wherein: the data analysis of the login time comprises login account time, access time, resource access time and operation time of the user; the data analysis of the IP address information comprises a login source IP address, an authentication source IP address, an access source IP address and an operation source IP address of the user; the data analysis of the behavior frequency comprises account login frequency, account authentication frequency, resource access frequency and operation behavior frequency of the user; the authentication behavior is characterized in that the person portrait behavior analysis is carried out according to the user login time, IP address information and behavior frequency, an analysis model is established by adopting a mean value statistical algorithm, a statistical analysis algorithm or/and a correlation analysis algorithm, the daily behavior of the user is classified through algorithm learning, and the classified daily behavior is used as a standard base line for supervising normal behavior through a model strategy-based technology, a proximity technology, a density technology and a data analysis model;
the data model establishing process of the user behavior analysis comprises the following steps:
s1, data are collected in a centralized mode, and user login time, IP address information and behavior frequency information are collected in a centralized mode through the big data storage capacity and the data mining technology under the big data technology;
s2, analyzing and mining, analyzing and classifying user behaviors by using a mean statistical algorithm, a statistical analysis algorithm and a data analysis algorithm of a correlation analysis algorithm, and establishing a model based on a dynamic baseline technology;
s3, establishing a model, performing algorithm analysis by using a model strategy-based technology, a proximity-based technology, a density-based technology and a data analysis model, and extracting abnormal data in the algorithm model;
s4, finding problems, extracting safety events corresponding to abnormal data after the algorithm model is analyzed, analyzing corresponding elements of 5W1H, conducting abnormal analysis and troubleshooting, and feeding back and circulating to the data analysis and mining step until the algorithm model is in dynamic balance.
2. The method of claim 1, wherein the person image behavior analysis of the authentication behavior comprises a mean statistical algorithm, a statistical analysis algorithm and a correlation analysis algorithm used for establishing an analysis model.
3. The method for imaging the authentication behavior based on the 5W1H account number according to claim 2, wherein the mean statistical algorithm, the statistical analysis algorithm and the correlation analysis algorithm are characterized as follows:
a. the average value statistical algorithm is an algorithm for calculating a corresponding average value as threshold value data for reporting and upper layer statistical analysis by calculating an average value threshold value used by a service scene based on standardized logs and calculating;
b. a statistical analysis algorithm, which is based on standardized logs and intermediate data, carries out grouping frequency statistics according to attribute dimensions in an audit subject, an audit object and an audit action, analyzes and compares a statistical result with a set threshold value to find abnormal and illegal operation behaviors, and carries out early warning reminding through an early warning strategy, wherein the strategy result supports automatic generation of data to be reviewed in an audit task;
c. and (3) correlation analysis algorithm: analyzing rule configuration is carried out based on attributes, self-defined model elements and heterogeneous events in the 5W1H model, a reasonable audit strategy is formulated for the context with the association relation information, the operation behavior properties are judged by combining and judging a plurality of heterogeneous events, the hidden correlation is excavated, and possible illegal behaviors are found.
4. The method of claim 1, wherein the person image behavior analysis of the authentication behavior is based on a model-based policy technique, a proximity-based technique, a density-based technique, and a data analysis model applied to a baseline of proctoring criteria.
5. The authentication behavior imaging method based on the 5W1H account number, according to claim 4, is characterized in that the characteristics of the model-based strategy technology, the proximity-based technology, the density-based technology and the data analysis model are as follows:
a. finding out unqualified or unsatisfied data through pre-analysis based on a model strategy technology;
b. classifying and inducing the objects which are gathered in a large scale based on a proximity technology, wherein the abnormity is the objects which are far away from the large scale gathering;
c. classifying and summarizing objects appearing in a region with higher density based on a density technology, wherein the pair appearing in a region with low density is abnormal;
d. the data analysis model comprises the same post, the same region and the same time length.
6. The method for imaging the authentication behavior based on the 5W1H account number according to claim 5, wherein in a data analysis model:
the same post refers to modeling of individuals or groups of organizations on the same post, analyzing normal rules and mining abnormal behaviors;
the same region means that the group modeling of individuals or organizations in the same region is used for analyzing normal rules and mining abnormal literary texts;
the same time length means that the group modeling of individuals or organizations with the same time length and span is adopted, the normal rule is analyzed, and abnormal behaviors are mined.
7. The authentication behavior imaging method based on the 5W1H account number according to claim 1, wherein a user behavior analysis model is established, and the implementation process of the user behavior analysis model comprises the following steps:
s1, defining problems, analyzing rules, searching for anomalies, mining information and analyzing data from mass data, and finding out problems in the data;
s2, preparing data, and determining and dividing the data analysis range;
s3, browsing the data, and performing corresponding data cleaning by adopting a data algorithm;
s4, generating a model, applying various modeling technologies, optimizing parameters and comparing modeling effects;
s5, previewing/verifying the model, based on business scene verification and model tuning, feeding back verification data to the model through repeated verification of the model, and improving the quality of the data model;
and S6, deploying and modifying the model, and deploying the confirmed model into the service system.
8. The method for imaging the authentication behavior based on the 5W1H account number according to claim 1, wherein the analysis of the behavior and action abnormity of the user comprises the following steps: the method comprises the steps of login address abnormity, login time abnormity, login frequency abnormity, login sequence abnormity, login of multiple accounts in the same IP and operation behavior abnormity.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210843238.5A CN115221509A (en) | 2022-07-18 | 2022-07-18 | Authentication behavior portrait method based on 5W1H account |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210843238.5A CN115221509A (en) | 2022-07-18 | 2022-07-18 | Authentication behavior portrait method based on 5W1H account |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115221509A true CN115221509A (en) | 2022-10-21 |
Family
ID=83612243
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210843238.5A Pending CN115221509A (en) | 2022-07-18 | 2022-07-18 | Authentication behavior portrait method based on 5W1H account |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115221509A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117040927A (en) * | 2023-10-08 | 2023-11-10 | 深圳奥联信息安全技术有限公司 | Password service monitoring system and method |
-
2022
- 2022-07-18 CN CN202210843238.5A patent/CN115221509A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117040927A (en) * | 2023-10-08 | 2023-11-10 | 深圳奥联信息安全技术有限公司 | Password service monitoring system and method |
| CN117040927B (en) * | 2023-10-08 | 2024-02-06 | 深圳奥联信息安全技术有限公司 | Password service monitoring system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kumar et al. | Practical machine learning for cloud intrusion detection: Challenges and the way forward | |
| CN208227074U (en) | Electric power monitoring system network security monitors terminal | |
| WO2021017614A1 (en) | Threat intelligence data collection and processing method and system, apparatus, and storage medium | |
| Mukkamala et al. | Detecting denial of service attacks using support vector machines | |
| CN111917793B (en) | Attack chain information analysis method, system and storage medium | |
| CN110020687A (en) | Abnormal behaviour analysis method and device based on operator's Situation Awareness portrait | |
| CN106779485A (en) | Total management system and data processing method based on SOA framework | |
| CN107506408A (en) | To the method and system of magnanimity event distribution formula association matching | |
| Stergiopoulos et al. | Automatic network restructuring and risk mitigation through business process asset dependency analysis | |
| Bode et al. | Risk analysis in cyber situation awareness using Bayesian approach | |
| CN115221509A (en) | Authentication behavior portrait method based on 5W1H account | |
| Haris | Risk Assessment on Information Asset an academic Application Using ISO 27001 | |
| Kersten et al. | 'Give Me Structure': Synthesis and Evaluation of a (Network) Threat Analysis Process Supporting Tier 1 Investigations in a Security Operation Center | |
| CN117421735A (en) | Mining evaluation method based on big data vulnerability mining | |
| Best et al. | Machine‐independent audit trail analysis—a tool for continuous audit assurance | |
| Malik et al. | Dynamic risk assessment and analysis framework for large-scale cyber-physical systems | |
| Bhatt et al. | Selecting Best Software Vulnerability Scanner Using Intuitionistic Fuzzy Set TOPSIS. | |
| Tse et al. | Risks facing smart city information security in Hangzhou | |
| Gyamfi et al. | A Model-Agnostic XAI Approach for Developing Low-Cost IoT Intrusion Detection Dataset | |
| CN117879970B (en) | Network security protection method and system | |
| Naik et al. | An Approach for Building Intrusion Detection System by Using Data Mining Techniques | |
| de Oliveira Silva | CSAI-4-CPS: A Cyber Security characterization model based on Artificial Intelligence For Cyber Physical Systems | |
| Qu et al. | Application of comprehensive fuzzy evaluation in Lan security | |
| Emran et al. | A system architecture for computer intrusion detection | |
| Hong et al. | Intrusion prevention system in the network of digital mine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |