CN105306496B - User identity detection method and system - Google Patents
User identity detection method and system Download PDFInfo
- Publication number
- CN105306496B CN105306496B CN201510870908.2A CN201510870908A CN105306496B CN 105306496 B CN105306496 B CN 105306496B CN 201510870908 A CN201510870908 A CN 201510870908A CN 105306496 B CN105306496 B CN 105306496B
- Authority
- CN
- China
- Prior art keywords
- user behavior
- user
- character string
- string sequence
- behavior characteristic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
The invention discloses a user identity detection method and a user identity detection system, relates to the technical field of network information system safety, and solves the problem that the identity safety of a network information system in the prior art is not high. The method comprises the following steps: acquiring user behavior characteristic data, wherein the user behavior characteristic data comprises a plurality of user behavior characteristic values; analyzing each user behavior characteristic value in the user behavior characteristic data to generate a user behavior character string sequence corresponding to the user behavior characteristic data; and detecting the user behavior character string sequence and judging the authenticity of the user identity. The invention can ensure the identity security of the user in the network information system, prevent identity embezzlement and reduce the security risk of the user identity.
Description
Technical Field
The invention relates to the technical field of network information system security, in particular to a user identity detection method and a user identity detection system.
Background
At present, the user identity confirmation in the network space depends on a traditional authentication mechanism, generally a user password, a USB flash disk, a security question and answer or a user fingerprint and the like, and the traditional user identity confirmation is disposable and adopts non-continuity to confirm the user, so that the user identity has counterfeit security threat. The security manager lacks of initiative, timeliness and process for the authenticity perception of the user identity, and the manager can only passively respond to security events and cannot ensure that the security management of the user identity achieves predictable threat control.
For the above problems, some research documents use detection based on information entropy, detection based on text mining, detection based on high frequency command, and detection based on user file system browsing behavior, but because of the user identity diversity and attack complexity of the IT system, the above methods can only detect the counterfeit threat of a specific user, the identity security of the user in the network information system is not high, identity theft is easy to occur, and there is a risk in user identity security.
Disclosure of Invention
The invention provides a user identity detection method and a user identity detection system, which can ensure the identity security of a user in a network information system, prevent identity embezzlement and reduce the user identity security risk.
In a first aspect, the present invention provides a method for detecting a user identity, including:
acquiring user behavior characteristic data, wherein the user behavior characteristic data comprises a plurality of user behavior characteristic values;
analyzing each user behavior characteristic value in the user behavior characteristic data to generate a user behavior character string sequence corresponding to the user behavior characteristic data;
and detecting the user behavior character string sequence and judging the authenticity of the user identity.
In a second aspect, the present invention provides a user identity detection system, including:
the system comprises an acquisition module, a processing module and a display module, wherein the acquisition module is used for acquiring user behavior characteristic data which comprises a plurality of user behavior characteristic values;
the generating module is used for analyzing each user behavior characteristic value in the user behavior characteristic data and generating a user behavior character string sequence corresponding to the user behavior characteristic data;
and the detection module is used for detecting the user behavior character string sequence and judging the authenticity of the user identity.
The user identity detection method and the user identity detection system provided by the invention have the advantages that the user behavior characteristic data is obtained, each user behavior characteristic value in the user behavior characteristic data is analyzed, a user behavior character string sequence corresponding to the user behavior characteristic data is generated, the user behavior character string sequence is detected, and the authenticity of the user identity is judged. Compared with the prior art, the method and the device have the advantages that the user behavior feature data are obtained, the user behavior authenticity model is established, the user identity detection is converted into the problem of character string sequence randomness verification, the universality and the elasticity of the user identity detection are improved, the safety management personnel can set the safety parameters according to the prevention safety degree, the counterfeit threat of the user identity is found, the identity safety of the user in a network information system can be guaranteed, the identity embezzlement is prevented, and the user identity safety risk is reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a user identity detection method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a user identity detection system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
An embodiment of the present invention provides a user identity detection method, as shown in fig. 1, the method includes:
s11, obtaining user behavior characteristic data, wherein the user behavior characteristic data comprises a plurality of user behavior characteristic values.
Specifically, the user behavior feature data may be obtained from a network information system, and the user behavior feature data may include: the user keyboard inputs behavior data, such as the time length of keys, time pause among different keys and the like; the mouse moving behaviors of the user, such as mouse clicking times, mouse pause times and pause time, moving speed, the number of mouse track sub-motions and the like; the behavior data of the user accessing the network information system resource comprises an access physical space address, an access virtual space address, an access time, an access resource object, an access type and the like, for example, an IP address accessed by the user, a read-write file of the user, and a network address URL accessed by the user.
And S12, analyzing each user behavior characteristic value in the user behavior characteristic data, and generating a user behavior character string sequence corresponding to the user behavior characteristic data.
Specifically, for the continuous user behavior feature data, comparing the deviation between each user behavior feature value and the standard value of the user behavior feature, if the deviation is within the standard range, the corresponding character is 1, and if the deviation is not within the standard range, the corresponding character is 0;
and combining the characters corresponding to the user behavior characteristic values to obtain a user behavior character string sequence corresponding to the user behavior characteristic data.
For the discrete user behavior characteristic data, detecting whether each user behavior characteristic value is a normal value of the user behavior characteristic, if the user behavior characteristic value is the normal value, the corresponding character is 1, and if the user behavior characteristic value is not the normal value, the corresponding character is 0;
and combining the characters corresponding to the user behavior characteristic values to obtain a user behavior character string sequence corresponding to the user behavior characteristic data.
The standard value of the user behavior characteristic and the normal value of the user behavior characteristic are preset by a user.
For example, it is set that the user is normal to open the file secret. Txt, the user behavior description string sequence is 01, assuming the user remotely accesses secret from work hours.
And S13, detecting the user behavior character string sequence and judging the authenticity of the user identity.
Specifically, the detecting the user behavior character string sequence and the determining the authenticity of the user identity are performed according to the following steps:
detecting whether the user behavior character string sequence is a random character string sequence;
if the user behavior character string sequence is a random character string sequence, judging that the user identity is a fake user, otherwise, detecting the proportion of 1 appearing in the user behavior character string sequence;
the randomness verification can be performed by a code element frequency checking method, a run length detecting method, poker detecting and the like.
And if the proportion of 1 appearing in the user behavior character string sequence exceeds a preset threshold value, judging the identity of the user to be a legal user, otherwise, judging the identity of the user to be a fake user.
Wherein the predetermined threshold is preset by a user.
The user identity detection method provided by the embodiment of the invention obtains the user behavior characteristic data, analyzes each user behavior characteristic value in the user behavior characteristic data, generates the user behavior character string sequence corresponding to the user behavior characteristic data, detects the user behavior character string sequence and judges the authenticity of the user identity. Compared with the prior art, the method and the device have the advantages that the user behavior feature data are obtained, the user behavior authenticity model is established, the user identity detection is converted into the problem of character string sequence randomness verification, the universality and the elasticity of the user identity detection are improved, the safety management personnel can set the safety parameters according to the prevention safety degree, the counterfeit threat of the user identity is found, the identity safety of the user in a network information system can be guaranteed, the identity embezzlement is prevented, and the user identity safety risk is reduced.
An embodiment of the present invention further provides a user identity detection system, as shown in fig. 2, the system includes:
the acquiring module 11 is configured to acquire user behavior feature data, where the user behavior feature data includes a plurality of user behavior feature values;
specifically, the user behavior feature data may be obtained from a network information system, and the user behavior feature data may include: the user keyboard inputs behavior data, such as the time length of keys, time pause among different keys and the like; the mouse moving behaviors of the user, such as mouse clicking times, mouse pause times and pause time, moving speed, the number of mouse track sub-motions and the like; the behavior data of the user accessing the network information system resource comprises an access physical space address, an access virtual space address, an access time, an access resource object, an access type and the like, for example, an IP address accessed by the user, a read-write file of the user, and a network address URL accessed by the user.
A generating module 12, configured to analyze each user behavior feature value in the user behavior feature data, and generate a user behavior character string sequence corresponding to the user behavior feature data;
and the detection module 13 is configured to detect the user behavior character string sequence and determine authenticity of the user identity.
Optionally, the generating module 12 is configured to compare, for the continuous user behavior feature data, deviations between each user behavior feature value and a standard value of the user behavior feature, if the deviation is within a standard range, the corresponding character is 1, and if the deviation is not within the standard range, the corresponding character is 0; and combining the characters corresponding to the user behavior characteristic values to obtain a user behavior character string sequence corresponding to the user behavior characteristic data.
Optionally, the generating module 12 is configured to detect, for the discrete user behavior feature data, whether each user behavior feature value is a normal value of the user behavior feature, if the user behavior feature value is the normal value, the corresponding character is 1, and if the user behavior feature value is not the normal value, the corresponding character is 0; and combining the characters corresponding to the user behavior characteristic values to obtain a user behavior character string sequence corresponding to the user behavior characteristic data.
The standard value of the user behavior characteristic and the normal value of the user behavior characteristic are preset by a user.
Optionally, the detecting module 13 is configured to detect whether the user behavior character string sequence is a random character string sequence; if the user behavior character string sequence is a random character string sequence, judging that the user identity is a fake user, otherwise, detecting the proportion of 1 appearing in the user behavior character string sequence; and if the proportion of 1 appearing in the user behavior character string sequence exceeds a preset threshold value, judging the identity of the user to be a legal user, otherwise, judging the identity of the user to be a fake user.
The randomness verification can be performed by a code element frequency checking method, a run length detecting method, poker detecting and the like. The predetermined threshold is preset by a user.
The user identity detection system provided by the embodiment of the invention acquires the user behavior characteristic data, analyzes each user behavior characteristic value in the user behavior characteristic data, generates the user behavior character string sequence corresponding to the user behavior characteristic data, detects the user behavior character string sequence and judges the authenticity of the user identity. Compared with the prior art, the method and the device have the advantages that the user behavior feature data are obtained, the user behavior authenticity model is established, the user identity detection is converted into the problem of character string sequence randomness verification, the universality and the elasticity of the user identity detection are improved, the safety management personnel can set the safety parameters according to the prevention safety degree, the counterfeit threat of the user identity is found, the identity safety of the user in a network information system can be guaranteed, the identity embezzlement is prevented, and the user identity safety risk is reduced.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (6)
1. A user identity detection method is characterized by comprising the following steps:
acquiring user behavior characteristic data, wherein the user behavior characteristic data comprises a plurality of user behavior characteristic values;
analyzing each user behavior characteristic value in the user behavior characteristic data to generate a user behavior character string sequence corresponding to the user behavior characteristic data;
detecting whether the user behavior character string sequence is a random character string sequence;
if the user behavior character string sequence is a random character string sequence, judging that the user identity is a fake user, otherwise, detecting the proportion of 1 appearing in the user behavior character string sequence;
and if the proportion of 1 appearing in the user behavior character string sequence exceeds a preset threshold value, judging the identity of the user to be a legal user, otherwise, judging the identity of the user to be a fake user.
2. The method according to claim 1, wherein the analyzing each user behavior feature value in the user behavior feature data and the generating a user behavior character string sequence corresponding to the user behavior feature data comprises:
for the continuous user behavior characteristic data, comparing the deviation of each user behavior characteristic value with a standard value of the user behavior characteristic, if the deviation is in a standard range, the corresponding character is 1, and if the deviation is not in the standard range, the corresponding character is 0;
and combining the characters corresponding to the user behavior characteristic values to obtain a user behavior character string sequence corresponding to the user behavior characteristic data.
3. The method according to claim 1, wherein the analyzing each user behavior feature value in the user behavior feature data and the generating a user behavior character string sequence corresponding to the user behavior feature data comprises:
for the discrete user behavior characteristic data, detecting whether each user behavior characteristic value is a normal value of the user behavior characteristic, if the user behavior characteristic value is the normal value, the corresponding character is 1, and if the user behavior characteristic value is not the normal value, the corresponding character is 0;
and combining the characters corresponding to the user behavior characteristic values to obtain a user behavior character string sequence corresponding to the user behavior characteristic data.
4. A user identity detection system, comprising:
the system comprises an acquisition module, a processing module and a display module, wherein the acquisition module is used for acquiring user behavior characteristic data which comprises a plurality of user behavior characteristic values;
the generating module is used for analyzing each user behavior characteristic value in the user behavior characteristic data and generating a user behavior character string sequence corresponding to the user behavior characteristic data;
the detection module is used for detecting whether the user behavior character string sequence is a random character string sequence; if the user behavior character string sequence is a random character string sequence, judging that the user identity is a fake user, otherwise, detecting the proportion of 1 appearing in the user behavior character string sequence; and if the proportion of 1 appearing in the user behavior character string sequence exceeds a preset threshold value, judging the identity of the user to be a legal user, otherwise, judging the identity of the user to be a fake user.
5. The system according to claim 4, wherein the generating module is configured to compare, for the continuous user behavior feature data, deviations between the respective user behavior feature values and standard values of the user behavior features, and if the deviations are within a standard range, the corresponding characters are 1, and if the deviations are not within the standard range, the corresponding characters are 0; and combining the characters corresponding to the user behavior characteristic values to obtain a user behavior character string sequence corresponding to the user behavior characteristic data.
6. The system according to claim 4, wherein the generating module is configured to detect, for the discrete user behavior feature data, whether each user behavior feature value is a normal value of the user behavior feature, if the user behavior feature value is a normal value, the corresponding character is 1, and if the user behavior feature value is not a normal value, the corresponding character is 0; and combining the characters corresponding to the user behavior characteristic values to obtain a user behavior character string sequence corresponding to the user behavior characteristic data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510870908.2A CN105306496B (en) | 2015-12-02 | 2015-12-02 | User identity detection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510870908.2A CN105306496B (en) | 2015-12-02 | 2015-12-02 | User identity detection method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105306496A CN105306496A (en) | 2016-02-03 |
| CN105306496B true CN105306496B (en) | 2020-04-14 |
Family
ID=55203246
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510870908.2A Active CN105306496B (en) | 2015-12-02 | 2015-12-02 | User identity detection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105306496B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107330128B (en) * | 2017-07-24 | 2020-12-08 | 上海众人网络安全技术有限公司 | Authentication abnormity judgment method and device |
| CN109407947A (en) * | 2018-09-30 | 2019-03-01 | 北京金山云网络技术有限公司 | Interface alternation and its verification method, logging request generation and verification method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101833626A (en) * | 2010-05-19 | 2010-09-15 | 西安交通大学 | Method for verifying computer user identity based on keystroke scrambling characteristic |
| CN103646197A (en) * | 2013-12-12 | 2014-03-19 | 中国石油大学(华东) | User credibility authentication system and method based on user behaviors |
| WO2014205148A1 (en) * | 2013-06-19 | 2014-12-24 | Arizona Board Of Regents For The University Of Arizona | Continuous authentication tool |
| CN104301286A (en) * | 2013-07-15 | 2015-01-21 | 中国移动通信集团黑龙江有限公司 | User login authentication method and device |
| CN105049421A (en) * | 2015-06-24 | 2015-11-11 | 百度在线网络技术(北京)有限公司 | Authentication method based on use behavior characteristic of user, server, terminal, and system |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100847532B1 (en) * | 2006-04-06 | 2008-07-21 | 재단법인서울대학교산학협력재단 | User terminal and authenticating apparatus used for user authentication using information of user's behavior pattern |
| CN102841990B (en) * | 2011-11-14 | 2015-07-22 | 哈尔滨安天科技股份有限公司 | Method and system for detecting malicious codes based on uniform resource locator |
| CN103530540B (en) * | 2013-09-27 | 2017-02-22 | 西安交通大学 | User identity attribute detection method based on man-machine interaction behavior characteristics |
| CN104090888B (en) * | 2013-12-10 | 2016-05-11 | 深圳市腾讯计算机系统有限公司 | A kind of analytical method of user behavior data and device |
| CN104113544B (en) * | 2014-07-18 | 2017-10-31 | 重庆大学 | Network inbreak detection method and system based on fuzzy hidden conditional random fields model |
-
2015
- 2015-12-02 CN CN201510870908.2A patent/CN105306496B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101833626A (en) * | 2010-05-19 | 2010-09-15 | 西安交通大学 | Method for verifying computer user identity based on keystroke scrambling characteristic |
| WO2014205148A1 (en) * | 2013-06-19 | 2014-12-24 | Arizona Board Of Regents For The University Of Arizona | Continuous authentication tool |
| CN104301286A (en) * | 2013-07-15 | 2015-01-21 | 中国移动通信集团黑龙江有限公司 | User login authentication method and device |
| CN103646197A (en) * | 2013-12-12 | 2014-03-19 | 中国石油大学(华东) | User credibility authentication system and method based on user behaviors |
| CN105049421A (en) * | 2015-06-24 | 2015-11-11 | 百度在线网络技术(北京)有限公司 | Authentication method based on use behavior characteristic of user, server, terminal, and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105306496A (en) | 2016-02-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3428819B1 (en) | Mobile security countermeasures | |
| US9882918B1 (en) | User behavior profile in a blockchain | |
| CN107888554B (en) | Method and device for detecting server attack | |
| Zheng et al. | An efficient user verification system via mouse movements | |
| CN102647421B (en) | The web back door detection method of Behavior-based control feature and device | |
| US20150143494A1 (en) | Continuous identity authentication method for computer users | |
| US20110314558A1 (en) | Method and apparatus for context-aware authentication | |
| US20130263240A1 (en) | Method for authentication and verification of user identity | |
| US20110314549A1 (en) | Method and apparatus for periodic context-aware authentication | |
| CN105763548A (en) | User login identification method based on behavior model and equipment and system thereof | |
| CN110717164A (en) | Intelligent multidimensional weighting identity authentication and risk control method and system | |
| CN107426196A (en) | A kind of method and system of identification WEB invasions | |
| CN107302586A (en) | A kind of Webshell detection methods and device, computer installation, readable storage medium storing program for executing | |
| CN105389497A (en) | Security verification method and system for operation interface of fingerprint recognition | |
| CN106817342A (en) | Active identity authorization system based on user behavior feature recognition | |
| CN105306496B (en) | User identity detection method and system | |
| KR101363668B1 (en) | Apparatus and method for authentication user using captcha | |
| Lee et al. | Feature subset for improving accuracy of keystroke dynamics on mobile environment | |
| EP3580677B1 (en) | Identifying human interaction with a computer | |
| CN110958236A (en) | Dynamic authorization method of operation and maintenance auditing system based on risk factor insight | |
| CN111814121A (en) | Login authentication management system and method based on computer system | |
| CN103413080A (en) | Password protection realization method based on gesture | |
| Patel et al. | Screen fingerprints: a novel modality for active authentication | |
| Kovalchuk et al. | A practical proposal for ensuring the provenance of hardware devices and their safe operation | |
| CN112272195B (en) | Dynamic detection authentication system and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |