CN116628775A - Abnormal access identification method and system for cloud storage data - Google Patents
Abnormal access identification method and system for cloud storage data Download PDFInfo
- Publication number
- CN116628775A CN116628775A CN202310889682.5A CN202310889682A CN116628775A CN 116628775 A CN116628775 A CN 116628775A CN 202310889682 A CN202310889682 A CN 202310889682A CN 116628775 A CN116628775 A CN 116628775A
- Authority
- CN
- China
- Prior art keywords
- access
- abnormal
- data
- characteristic
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000002159 abnormal effect Effects 0.000 title claims abstract description 360
- 238000000034 method Methods 0.000 title claims abstract description 38
- 230000005856 abnormality Effects 0.000 claims abstract description 46
- 238000012795 verification Methods 0.000 claims abstract description 36
- 238000013507 mapping Methods 0.000 claims abstract description 12
- 239000011159 matrix material Substances 0.000 claims description 28
- 238000012549 training Methods 0.000 claims description 28
- 238000011156 evaluation Methods 0.000 claims description 20
- 238000012937 correction Methods 0.000 claims description 8
- 238000010276 construction Methods 0.000 claims description 7
- 238000005192 partition Methods 0.000 claims description 6
- 230000004927 fusion Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 4
- 230000006399 behavior Effects 0.000 description 8
- 238000013528 artificial neural network Methods 0.000 description 5
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses an abnormal access identification method and system for cloud storage data, and relates to the technical field of data identification, wherein the method comprises the following steps: acquiring cloud access record data, including user identity verification information and access behavior information; obtaining access abnormality index information, constructing an access abnormality identification classifier, carrying out abnormality identification on cloud access record data, obtaining abnormality access data information, giving characteristic values to the abnormality access data information, obtaining abnormality access data characteristic value information, mapping the abnormality access data characteristic value information into a mesh coordinate system, generating an abnormality access characteristic mesh map, obtaining abnormality access judgment logic, and evaluating the abnormality access characteristic mesh map to obtain an abnormality access identification result. The method solves the technical problem of low data safety caused by low accuracy of abnormal access identification of the cloud storage data in the prior art, and achieves the technical effect of improving the safety of the cloud storage data by improving the accuracy of abnormal access identification of the data.
Description
Technical Field
The application relates to the technical field of data identification, in particular to an abnormal access identification method and system for cloud storage data.
Background
The cloud storage is an internet online storage mode, and data is stored on a plurality of virtual servers hosted by a third party, so that data storage and service access functions are provided for the outside, the safety of the data is ensured, and the storage space is saved. With the rapid development of cloud technology, the complexity and the scale of cloud storage systems are continuously increased, but safety problems in terms of data access identification still exist.
Disclosure of Invention
The application provides an abnormal access identification method and system for cloud storage data, which are used for solving the technical problem of low data security caused by low accuracy of abnormal access identification of the cloud storage data in the prior art.
The application provides an abnormal access identification method of cloud storage data, which comprises the following steps: acquiring cloud access record data, wherein the cloud access record data comprises user identity verification information and access behavior information; obtaining access abnormality index information, and constructing an access abnormality identification classifier according to the access abnormality index information; performing anomaly identification on the cloud access record data based on the anomaly identification classifier to obtain anomaly access data information; giving characteristic values to the abnormal access data information to obtain abnormal access data characteristic value information; mapping the abnormal access data characteristic value information into a mesh coordinate system to generate an abnormal access characteristic mesh map; and acquiring an abnormal access judgment logic, and evaluating the abnormal access characteristic mesh map based on the abnormal access judgment logic to acquire an abnormal access identification result.
In a second aspect of the present application, there is provided an abnormal access identification system for cloud storage data, the system comprising: the cloud access record data acquisition module is used for acquiring cloud access record data, and the cloud access record data comprises user identity verification information and access behavior information; the access anomaly identification classifier construction module is used for obtaining access anomaly index information and constructing an access anomaly identification classifier according to the access anomaly index information; the abnormal access data information obtaining module is used for carrying out abnormal recognition on the cloud access record data based on the abnormal recognition classifier to obtain abnormal access data information; the abnormal access data characteristic value information obtaining module is used for giving characteristic values to the abnormal access data information to obtain abnormal access data characteristic value information; the abnormal access characteristic mesh map generation module is used for mapping the abnormal access data characteristic value information into a mesh coordinate system to generate an abnormal access characteristic mesh map; the abnormal access identification result obtaining module is used for obtaining abnormal access judgment logic, and evaluating the abnormal access characteristic mesh graph based on the abnormal access judgment logic to obtain an abnormal access identification result.
One or more technical schemes provided by the application have at least the following technical effects or advantages:
the application provides an abnormal access identification method of cloud storage data, which relates to the technical field of data identification, and aims at solving the technical problems of low safety of the data caused by low accuracy of abnormal access identification of the cloud storage data in the prior art by acquiring cloud access record data and access abnormal index information, constructing an access abnormal identification classifier, carrying out abnormal identification on the cloud access record data, acquiring abnormal access data information, endowing the abnormal access data information with characteristic values, acquiring the abnormal access data characteristic value information, mapping the abnormal access data characteristic value information into a mesh coordinate system, generating an abnormal access characteristic mesh map, acquiring abnormal access judgment logic, evaluating the abnormal access characteristic mesh map and acquiring an abnormal access identification result.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of an abnormal access identification method for cloud storage data according to an embodiment of the present application;
fig. 2 is a schematic flow chart of constructing an access anomaly identification classifier in an anomaly access identification method of cloud storage data according to an embodiment of the present application;
fig. 3 is a schematic flow chart of generating an abnormal access characteristic mesh chart in the abnormal access identification method of cloud storage data according to the embodiment of the present application;
fig. 4 is a schematic structural diagram of an abnormal access identification system for cloud storage data according to an embodiment of the present application.
Reference numerals illustrate: the system comprises a cloud access record data acquisition module 11, an access anomaly identification classifier construction module 12, an anomaly access data information acquisition module 13, an anomaly access data characteristic value information acquisition module 14, an anomaly access characteristic mesh map generation module 15 and an anomaly access identification result acquisition module 16.
Description of the embodiments
The application provides an abnormal access identification method of cloud storage data, which is used for solving the technical problem of low data security caused by low accuracy of abnormal access identification of the cloud storage data in the prior art.
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. It will be apparent that the described embodiments are only some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
It is noted that the terms "comprises" and "comprising," and any variations thereof, in the description and claims of the present application and in the foregoing figures, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server comprising a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus, but may include other steps or modules not expressly listed or inherent to such process, method, article, or apparatus.
Examples
As shown in fig. 1, the present application provides an abnormal access identification method for cloud storage data, where the method includes:
s100: acquiring cloud access record data, wherein the cloud access record data comprises user identity verification information and access behavior information;
specifically, cloud access record data is extracted through a management module logging in a cloud storage system, the cloud access record data is record data of the storage data checked by a user accessing the cloud storage system, the record data comprises user identity verification information and access behavior information, the user identity verification information can comprise a user name, a login password, face identification information and the like and can be used for identifying the identity of a visitor, and the access behavior information can be access frequency, access time, access data type, whether data are downloaded or not and the like and can be used for representing the access behavior of the user.
S200: obtaining access abnormality index information, and constructing an access abnormality identification classifier according to the access abnormality index information;
specifically, multiple access exception types are obtained based on big data, such as early morning access, multiple frequent accesses in a short time, multiple failed access password access, system access exception and the like, the access exception types are used as access exception index information, cloud end exception access data are classified according to the access exception index information, multiple sample exception access data of multiple types are obtained, multiple access exception identification models are trained by taking the multiple sample exception access data of multiple types as training data, and an access exception identification classifier is formed by the multiple access exception identification models and can be used for carrying out data exception type identification on the cloud end access record data.
Further, as shown in fig. 2, step S200 of the embodiment of the present application further includes:
s210: obtaining a cloud abnormal access database;
s220: classifying the cloud abnormal access database according to the access abnormal index information to obtain an abnormal index sample data set;
s230: respectively carrying out anomaly identification model training based on the anomaly index sample data set to obtain an access anomaly identification branch model set;
s240: and carrying out equal weight fusion on each branch model in the access anomaly identification branch model set to generate the access anomaly identification classifier.
Specifically, the management module of the cloud storage system is logged in to extract cloud abnormal access data in a past period (which can be one month, three months, one year, etc., and the specific time can be adaptively adjusted according to actual conditions), wherein the cloud abnormal access data is abnormal data access records recorded in the cloud storage system, such as early morning data access records, frequent access records for many times in a short time, access records of multiple transmission error access passwords, etc., a cloud abnormal access database is constructed by the cloud abnormal access data, the data in the cloud abnormal access database is classified and labeled according to the access abnormal index information, corresponding abnormal label and normal label are divided for each index of each group of data, whether each access index in each group of data is abnormal is judged, an abnormal index sample data set is obtained, data in the abnormal index sample data set is used as construction data, an abnormal identification model is constructed by combining with a BP neural network, the BP neural network is a multi-layer feedforward neural network trained according to an error reverse propagation algorithm, a mathematical mapping relation between input and output is not required to be determined in advance, and a certain learning rule is obtained only when a learning value of the BP neural network is closest to a certain expected value. And training the model based on the abnormal index sample data set until the model converges and meets the preset accuracy requirement, obtaining a plurality of access abnormal identification branch models with different indexes, taking the access abnormal identification branch models as an access abnormal identification branch model set, distributing corresponding weight coefficients for each access abnormal identification branch model according to the influence degree of different indexes on data security, and fusing each branch model in the access abnormal identification branch model set according to the corresponding weight coefficients to obtain the access abnormal identification classifier.
Further, step S230 of the embodiment of the present application further includes:
s231: dividing the abnormal index sample data set to obtain an abnormal index training sample set and an abnormal index verification sample set;
s232: respectively determining a training sample abnormal evaluation label and a verification sample abnormal evaluation label according to the abnormal index training sample set and the abnormal index verification sample set;
s233: taking the training sample set of the abnormal indexes and the training sample abnormal evaluation label as training data to obtain an initial visit abnormal recognition branch model set;
s234: and performing model verification based on the abnormal index verification sample set and the verification sample abnormal evaluation label until the model accuracy reaches the standard, and obtaining the access abnormal identification branch model set.
Specifically, the abnormal index sample data set is marked and divided into an abnormal index training sample set and an abnormal index verification sample set by using a uniform random sampling mode, corresponding abnormal evaluation labels are set for different abnormal type data according to the abnormal type of the sample data in the abnormal index training sample set and the abnormal index verification sample set, and the abnormal evaluation labels comprise access time abnormality, access frequency abnormality, user identity abnormality and the like, and the training sample abnormal evaluation labels of the abnormal index training sample set and the verification sample abnormal evaluation labels of the abnormal index verification sample set are respectively determined. Based on BP neural network, constructing a plurality of initial access anomaly identification branch models, wherein each initial access anomaly identification branch model can identify one type of anomaly access data, training the plurality of initial access anomaly identification branch models until the plurality of models reach convergence, obtaining an initial access anomaly identification branch model set, verifying the initial access anomaly identification branch model set by taking the anomaly index verification sample set and the verification sample anomaly evaluation label as verification data until the accuracy rate of all models meets the preset accuracy rate requirement, such as the accuracy rate reaches 90%, obtaining the access anomaly identification branch model set, and using the access anomaly identification branch model set as a basic model for generating the access anomaly identification classifier.
S300: performing anomaly identification on the cloud access record data based on the anomaly identification classifier to obtain anomaly access data information;
specifically, the cloud access record data is input into the anomaly identification classifier to perform anomaly identification, so as to obtain anomaly access data information, wherein the anomaly access data information comprises the condition of anomalies of access frequency, access time, access type and the like of each group of data in the cloud access record data, and can be used for extracting the characteristic value information of the anomaly access data.
S400: giving characteristic values to the abnormal access data information to obtain abnormal access data characteristic value information;
further, step S400 of the embodiment of the present application further includes:
s410: determining an abnormal access characteristic type according to the abnormal access data information;
s420: acquiring an abnormal index attribute subdivision rule, wherein the abnormal index attribute subdivision rule comprises data risk, cloud stability and leakage loss;
s430: evaluating the abnormal access data based on the abnormal access characteristic type and the abnormal index attribute subdivision rule respectively to obtain an abnormal characteristic matrix set;
s440: and taking the element average value of the abnormal characteristic matrix set as the abnormal access data characteristic value information.
Specifically, according to the abnormal access data information, determining an abnormal access characteristic type of the cloud access record data, including identity verification, access frequency, access time, access type and the like, and formulating an abnormal index attribute subdivision rule according to the security requirement of the data, wherein the abnormal index attribute subdivision rule comprises data risk, cloud stability and leakage loss property, the data risk can be the importance degree and the security level of the data, the higher the data risk is, the higher the corresponding security level is, the cloud stability is the stability of a cloud storage system, the leakage loss property is the loss caused by data leakage, and the abnormal index attribute subdivision rule can be used for performing risk evaluation on the abnormal access data. And respectively evaluating the characteristic values of the abnormal access data according to the abnormal access characteristic types according to the abnormal index attribute subdivision rule to obtain data risk, cloud stability and leakage loss evaluation results of each characteristic type of data, sequentially obtaining a plurality of corresponding matrixes according to the evaluation results of each characteristic type to form an abnormal characteristic matrix set, and taking the element values in each type of characteristic matrix in the abnormal characteristic matrix set as the abnormal values of the type of characteristics after carrying out average value calculation to obtain the abnormal values of the type of characteristics, wherein the abnormal access data characteristic value information comprises the abnormal values corresponding to the plurality of abnormal access characteristic type matrixes and can be taken as basic data for generating an abnormal access characteristic mesh map subsequently.
Further, step S430 of the embodiment of the present application further includes:
s431: the entropy weight method is adopted to carry out weight distribution on the abnormal index attribute subdivision rule, and abnormal index attribute weight information is obtained;
s432: generating a weight correction matrix according to the abnormal index attribute weight information;
s433: and correcting the abnormal feature matrix set based on the weight correction matrix to obtain an abnormal feature weighting matrix set.
Specifically, the weight distribution is carried out on the abnormal index attribute subdivision rule by adopting an entropy weight method, the entropy weight method is a method for objectively assigning the index according to the size of index information entropy, and the smaller the information entropy is, the larger the discrete degree representing the index is, the more information is contained and the larger the weight is assigned. According to the information entropy of the data risk, cloud stability and leakage loss in the abnormal index attribute subdivision rule, corresponding weight coefficients are distributed for the data risk, cloud stability and leakage loss, the weight coefficients are used as abnormal index attribute weight information, a weight correction matrix is generated according to the weight distribution condition of the abnormal index attribute weight information, the weight correction matrix is used for carrying out weight calculation on abnormal values in the abnormal feature matrix set to obtain an abnormal feature weight matrix set, the abnormal feature weight matrix set has higher accuracy, the abnormal feature weight matrix set is subjected to element average calculation to obtain abnormal access data feature value information, and the abnormal feature weight matrix set has higher accuracy.
S500: mapping the abnormal access data characteristic value information into a mesh coordinate system to generate an abnormal access characteristic mesh map;
further, as shown in fig. 3, step S500 of the embodiment of the present application further includes:
s510: determining a mesh feature coordinate axis based on the abnormal access feature type;
s520: acquiring a coordinate axis radial partition interval according to the abnormal access data characteristic value information;
s530: generating an abnormal characteristic radial mesh map based on the mesh characteristic coordinate axis and the coordinate axis radial partition interval;
s540: and mapping the abnormal access data characteristic value information to the abnormal characteristic radial mesh map to obtain the abnormal access characteristic mesh map.
Specifically, based on the abnormal access feature types, such as user information abnormality, IP address abnormality, access time abnormality, etc., mesh feature coordinate axes are constructed, wherein each feature type corresponds to one mesh map coordinate axis, and the coordinate axes are radial. The abnormal access data characteristic value information comprises abnormal values corresponding to a plurality of abnormal access characteristic type matrixes, coordinate axis radial interval division is carried out based on the abnormal access data characteristic value information, namely the number of interval division of the coordinate axes of the radial mesh map and the value represented by each interval are determined, the number of interval division is taken as the coordinate axis radial interval, an abnormal characteristic radial mesh map is generated based on the mesh characteristic coordinate axes and the coordinate axis radial interval division, each abnormal value in the abnormal access data characteristic value information is mapped into the abnormal characteristic radial mesh map, the abnormal access characteristic mesh map is obtained, the abnormal access characteristic mesh map can reflect the abnormal access condition in cloud access record data, and further data security risk assessment is carried out according to the abnormal access condition.
S600: and acquiring an abnormal access judgment logic, and evaluating the abnormal access characteristic mesh map based on the abnormal access judgment logic to acquire an abnormal access identification result.
Specifically, according to the data security control requirement, an abnormal access judgment logic of the data is formulated, that is, an abnormal access judgment standard of each abnormal type is formulated, that is, an abnormal value threshold for marking the data as abnormal data is set, when the abnormal value of the data exceeds the abnormal value threshold, the data can be judged to be abnormal data, for example, when the access frequency in one day reaches 10 times, the occurrence of the abnormal access frequency can be judged, when the password input error frequency reaches 3 times, the password input abnormality can be judged, the abnormal access characteristic mesh map is evaluated based on the abnormal access judgment logic, the abnormal access recognition result of the access record data is obtained, the abnormal access of the current cloud storage data can be judged, specific abnormal access information is provided, the accuracy of the abnormal access recognition of the data is improved, and the security of the cloud storage data is further improved.
Further, step S600 of the embodiment of the present application further includes:
s610: surrounding the abnormal access characteristic network graph into an area value as an abnormal access characteristic index;
s620: obtaining an abnormal characteristic reference value according to the abnormal access judgment logic;
s630: obtaining an abnormality judgment reference index based on the area of the mesh map of the abnormality characteristic reference value;
s640: and if the abnormal access characteristic index exceeds the abnormal judgment reference index, carrying out abnormal access marking on the cloud access record data to obtain the abnormal access identification result.
Specifically, calculating an area value enclosed by the abnormal access characteristic mesh map, taking the area value enclosed as an abnormal access characteristic index, and obtaining an abnormal characteristic reference value according to the abnormal access judgment logic, wherein the abnormal characteristic reference value comprises a reference value corresponding to each abnormal characteristic, namely an abnormal value maximum value of each abnormal characteristic, such as the maximum access times in one day. Calculating the area of the mesh map of the abnormal feature reference value, taking the area of the mesh map of the abnormal feature reference value as an abnormal judgment reference index, comparing the abnormal access feature index with the abnormal judgment reference index, namely comparing the area of the two mesh maps, and if the abnormal access feature index exceeds the abnormal judgment reference index, namely the surrounding area of the abnormal access feature mesh map exceeds the area of the mesh map of the abnormal feature reference value, indicating that the cloud access record data has abnormal access conditions, carrying out abnormal access marking on the cloud access record data, and recording the feature type of abnormal access, thereby being used as the abnormal access identification result, and being capable of judging whether the data access of the current cloud storage data is abnormal or not and providing specific abnormal access information.
In summary, the embodiment of the application has at least the following technical effects:
according to the method, cloud access record data including user identity verification information and access behavior information are obtained; obtaining access abnormality index information, constructing an access abnormality identification classifier, carrying out abnormality identification on cloud access record data, obtaining abnormality access data information, giving characteristic values to the abnormality access data information, obtaining abnormality access data characteristic value information, mapping the abnormality access data characteristic value information into a mesh coordinate system, generating an abnormality access characteristic mesh map, obtaining abnormality access judgment logic, and evaluating the abnormality access characteristic mesh map to obtain an abnormality access identification result.
The technical effect of improving the safety of cloud storage data by improving the accuracy of data abnormal access identification is achieved.
Examples
Based on the same inventive concept as the method for identifying abnormal access of cloud storage data in the foregoing embodiment, as shown in fig. 4, the present application provides a system for identifying abnormal access of cloud storage data. Wherein the system comprises:
the cloud access record data acquisition module 11 is used for acquiring cloud access record data, wherein the cloud access record data comprises user identity verification information and access behavior information;
the access anomaly identification classifier construction module 12 is used for obtaining access anomaly index information and constructing an access anomaly identification classifier according to the access anomaly index information;
the abnormal access data information obtaining module 13 is used for carrying out abnormal recognition on the cloud access record data based on the abnormal recognition classifier to obtain abnormal access data information;
an abnormal access data characteristic value information obtaining module 14, where the abnormal access data characteristic value information obtaining module 14 is configured to give a characteristic value to the abnormal access data information, and obtain abnormal access data characteristic value information;
the abnormal access characteristic mesh map generating module 15 is configured to map the abnormal access data characteristic value information into a mesh coordinate system to generate an abnormal access characteristic mesh map;
the abnormal access identification result obtaining module 16 is configured to obtain an abnormal access judgment logic, and evaluate the abnormal access feature mesh graph based on the abnormal access judgment logic to obtain an abnormal access identification result.
Further, the visit abnormality recognition classifier construction module 12 is further configured to perform the following steps:
obtaining a cloud abnormal access database;
classifying the cloud abnormal access database according to the access abnormal index information to obtain an abnormal index sample data set;
respectively carrying out anomaly identification model training based on the anomaly index sample data set to obtain an access anomaly identification branch model set;
and carrying out equal weight fusion on each branch model in the access anomaly identification branch model set to generate the access anomaly identification classifier.
Further, the visit abnormality recognition classifier construction module 12 is further configured to perform the following steps:
dividing the abnormal index sample data set to obtain an abnormal index training sample set and an abnormal index verification sample set;
respectively determining a training sample abnormal evaluation label and a verification sample abnormal evaluation label according to the abnormal index training sample set and the abnormal index verification sample set;
taking the training sample set of the abnormal indexes and the training sample abnormal evaluation label as training data to obtain an initial visit abnormal recognition branch model set;
and performing model verification based on the abnormal index verification sample set and the verification sample abnormal evaluation label until the model accuracy reaches the standard, and obtaining the access abnormal identification branch model set.
Further, the abnormal access data characteristic value information obtaining module 14 is further configured to perform the following steps:
determining an abnormal access characteristic type according to the abnormal access data information;
acquiring an abnormal index attribute subdivision rule, wherein the abnormal index attribute subdivision rule comprises data risk, cloud stability and leakage loss;
evaluating the abnormal access data based on the abnormal access characteristic type and the abnormal index attribute subdivision rule respectively to obtain an abnormal characteristic matrix set;
and taking the element average value of the abnormal characteristic matrix set as the abnormal access data characteristic value information.
Further, the abnormal access data characteristic value information obtaining module 14 is further configured to perform the following steps:
the entropy weight method is adopted to carry out weight distribution on the abnormal index attribute subdivision rule, and abnormal index attribute weight information is obtained;
generating a weight correction matrix according to the abnormal index attribute weight information;
and correcting the abnormal feature matrix set based on the weight correction matrix to obtain an abnormal feature weighting matrix set.
Further, the abnormal access feature mesh map generating module 15 is further configured to perform the following steps:
determining a mesh feature coordinate axis based on the abnormal access feature type;
acquiring a coordinate axis radial partition interval according to the abnormal access data characteristic value information;
generating an abnormal characteristic radial mesh map based on the mesh characteristic coordinate axis and the coordinate axis radial partition interval;
and mapping the abnormal access data characteristic value information to the abnormal characteristic radial mesh map to obtain the abnormal access characteristic mesh map.
Further, the abnormal access identification result obtaining module 16 is further configured to perform the following steps:
surrounding the abnormal access characteristic network graph into an area value as an abnormal access characteristic index;
obtaining an abnormal characteristic reference value according to the abnormal access judgment logic;
obtaining an abnormality judgment reference index based on the area of the mesh map of the abnormality characteristic reference value;
and if the abnormal access characteristic index exceeds the abnormal judgment reference index, carrying out abnormal access marking on the cloud access record data to obtain the abnormal access identification result.
It should be noted that the sequence of the embodiments of the present application is only for description, and does not represent the advantages and disadvantages of the embodiments. And the foregoing description has been directed to specific embodiments of this specification. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
The foregoing description of the preferred embodiments of the application is not intended to limit the application to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and scope of the application are intended to be included within the scope of the application.
The specification and figures are merely exemplary illustrations of the present application and are considered to cover any and all modifications, variations, combinations, or equivalents that fall within the scope of the application. It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the scope of the application. Thus, the present application is intended to include such modifications and alterations insofar as they come within the scope of the application or the equivalents thereof.
Claims (8)
1. An abnormal access identification method for cloud storage data, which is characterized by comprising the following steps:
acquiring cloud access record data, wherein the cloud access record data comprises user identity verification information and access behavior information;
obtaining access abnormality index information, and constructing an access abnormality identification classifier according to the access abnormality index information;
performing anomaly identification on the cloud access record data based on the anomaly identification classifier to obtain anomaly access data information;
giving characteristic values to the abnormal access data information to obtain abnormal access data characteristic value information;
mapping the abnormal access data characteristic value information into a mesh coordinate system to generate an abnormal access characteristic mesh map;
and acquiring an abnormal access judgment logic, and evaluating the abnormal access characteristic mesh map based on the abnormal access judgment logic to acquire an abnormal access identification result.
2. The method of claim 1, wherein constructing an access anomaly identification classifier from the access anomaly metrics information comprises:
obtaining a cloud abnormal access database;
classifying the cloud abnormal access database according to the access abnormal index information to obtain an abnormal index sample data set;
respectively carrying out anomaly identification model training based on the anomaly index sample data set to obtain an access anomaly identification branch model set;
and carrying out equal weight fusion on each branch model in the access anomaly identification branch model set to generate the access anomaly identification classifier.
3. The method of claim 2, wherein the obtaining a set of access anomaly identification branch models comprises:
dividing the abnormal index sample data set to obtain an abnormal index training sample set and an abnormal index verification sample set;
respectively determining a training sample abnormal evaluation label and a verification sample abnormal evaluation label according to the abnormal index training sample set and the abnormal index verification sample set;
taking the training sample set of the abnormal indexes and the training sample abnormal evaluation label as training data to obtain an initial visit abnormal recognition branch model set;
and performing model verification based on the abnormal index verification sample set and the verification sample abnormal evaluation label until the model accuracy reaches the standard, and obtaining the access abnormal identification branch model set.
4. The method of claim 1, wherein the obtaining the outlier access data characteristic value comprises:
determining an abnormal access characteristic type according to the abnormal access data information;
acquiring an abnormal index attribute subdivision rule, wherein the abnormal index attribute subdivision rule comprises data risk, cloud stability and leakage loss;
evaluating the abnormal access data based on the abnormal access characteristic type and the abnormal index attribute subdivision rule respectively to obtain an abnormal characteristic matrix set;
and taking the element average value of the abnormal characteristic matrix set as the abnormal access data characteristic value information.
5. The method of claim 4, wherein the method comprises:
the entropy weight method is adopted to carry out weight distribution on the abnormal index attribute subdivision rule, and abnormal index attribute weight information is obtained;
generating a weight correction matrix according to the abnormal index attribute weight information;
and correcting the abnormal feature matrix set based on the weight correction matrix to obtain an abnormal feature weighting matrix set.
6. The method of claim 4, wherein generating the abnormal access feature mesh graph comprises:
determining a mesh feature coordinate axis based on the abnormal access feature type;
acquiring a coordinate axis radial partition interval according to the abnormal access data characteristic value information;
generating an abnormal characteristic radial mesh map based on the mesh characteristic coordinate axis and the coordinate axis radial partition interval;
and mapping the abnormal access data characteristic value information to the abnormal characteristic radial mesh map to obtain the abnormal access characteristic mesh map.
7. The method of claim 1, wherein the obtaining the abnormal access identification result comprises:
surrounding the abnormal access characteristic network graph into an area value as an abnormal access characteristic index;
obtaining an abnormal characteristic reference value according to the abnormal access judgment logic;
obtaining an abnormality judgment reference index based on the area of the mesh map of the abnormality characteristic reference value;
and if the abnormal access characteristic index exceeds the abnormal judgment reference index, carrying out abnormal access marking on the cloud access record data to obtain the abnormal access identification result.
8. An abnormal access identification system for cloud storage data, the system comprising:
the cloud access record data acquisition module is used for acquiring cloud access record data, and the cloud access record data comprises user identity verification information and access behavior information;
the access anomaly identification classifier construction module is used for obtaining access anomaly index information and constructing an access anomaly identification classifier according to the access anomaly index information;
the abnormal access data information obtaining module is used for carrying out abnormal recognition on the cloud access record data based on the abnormal recognition classifier to obtain abnormal access data information;
the abnormal access data characteristic value information obtaining module is used for giving characteristic values to the abnormal access data information to obtain abnormal access data characteristic value information;
the abnormal access characteristic mesh map generation module is used for mapping the abnormal access data characteristic value information into a mesh coordinate system to generate an abnormal access characteristic mesh map;
the abnormal access identification result obtaining module is used for obtaining abnormal access judgment logic, and evaluating the abnormal access characteristic mesh graph based on the abnormal access judgment logic to obtain an abnormal access identification result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310889682.5A CN116628775B (en) | 2023-07-20 | 2023-07-20 | Abnormal access identification method and system for cloud storage data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310889682.5A CN116628775B (en) | 2023-07-20 | 2023-07-20 | Abnormal access identification method and system for cloud storage data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116628775A true CN116628775A (en) | 2023-08-22 |
| CN116628775B CN116628775B (en) | 2023-11-14 |
Family
ID=87621579
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310889682.5A Active CN116628775B (en) | 2023-07-20 | 2023-07-20 | Abnormal access identification method and system for cloud storage data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116628775B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117614724A (en) * | 2023-12-06 | 2024-02-27 | 北京东方通科技股份有限公司 | Industrial Internet access control method based on system fine granularity processing |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108156166A (en) * | 2017-12-29 | 2018-06-12 | 百度在线网络技术(北京)有限公司 | Abnormal access identification and connection control method and device |
| CN114090402A (en) * | 2021-11-03 | 2022-02-25 | 中国电子科技集团公司第三十研究所 | User abnormal access behavior detection method based on isolated forest |
| CN115567316A (en) * | 2022-10-31 | 2023-01-03 | 中国电信股份有限公司 | Method and device for detecting abnormality of access data |
-
2023
- 2023-07-20 CN CN202310889682.5A patent/CN116628775B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108156166A (en) * | 2017-12-29 | 2018-06-12 | 百度在线网络技术(北京)有限公司 | Abnormal access identification and connection control method and device |
| CN114090402A (en) * | 2021-11-03 | 2022-02-25 | 中国电子科技集团公司第三十研究所 | User abnormal access behavior detection method based on isolated forest |
| CN115567316A (en) * | 2022-10-31 | 2023-01-03 | 中国电信股份有限公司 | Method and device for detecting abnormality of access data |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117614724A (en) * | 2023-12-06 | 2024-02-27 | 北京东方通科技股份有限公司 | Industrial Internet access control method based on system fine granularity processing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116628775B (en) | 2023-11-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116628775B (en) | Abnormal access identification method and system for cloud storage data | |
| CN109564641B (en) | Data filling method and device | |
| CN110336838B (en) | Account abnormity detection method, device, terminal and storage medium | |
| CN110598016A (en) | Method, device, equipment and medium for recommending multimedia information | |
| CN111177714A (en) | Abnormal behavior detection method and device, computer equipment and storage medium | |
| US20210112101A1 (en) | Data set and algorithm validation, bias characterization, and valuation | |
| CN111401700A (en) | Data analysis method, device, computer system and readable storage medium | |
| CN107679626A (en) | Machine learning method, device, system, storage medium and equipment | |
| CN112883257B (en) | Behavior sequence data processing method and device, electronic equipment and storage medium | |
| KR102192949B1 (en) | Apparatus and method for evaluating start-up companies using artifical neural network | |
| CN113971527A (en) | Data risk assessment method and device based on machine learning | |
| CN115086089A (en) | Method and system for network security assessment prediction | |
| CN113469570A (en) | Information quality evaluation model construction method, device, equipment and storage medium | |
| CN111338876B (en) | Decision method, system and storage medium for fault mode and influence analysis | |
| CN114676423B (en) | Data processing method and server for dealing with cloud computing office threats | |
| CN109711849B (en) | Ether house address portrait generation method and device, electronic equipment and storage medium | |
| CN112365007A (en) | Model parameter determination method, device, equipment and storage medium | |
| CN114978602A (en) | Cloud security account management method and security platform based on big data | |
| CN113177851B (en) | Method and device for storing certificate of online insurance transaction, electronic equipment and storage medium | |
| CN113591148A (en) | Block chain-based credibility measurement method for food safety uplink data | |
| CN111241821B (en) | Method and device for determining behavior characteristics of user | |
| US11176502B2 (en) | Analytical model training method for customer experience estimation | |
| CN108521435B (en) | Method and system for user network behavior portrayal | |
| CN111143533A (en) | Customer service method and system based on user behavior data | |
| CN116542771A (en) | Abnormality information determination method, device, equipment, medium and product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |