CN104915455A - Website exception access identification method and system based on user behaviors - Google Patents
Website exception access identification method and system based on user behaviors Download PDFInfo
- Publication number
- CN104915455A CN104915455A CN201510383614.7A CN201510383614A CN104915455A CN 104915455 A CN104915455 A CN 104915455A CN 201510383614 A CN201510383614 A CN 201510383614A CN 104915455 A CN104915455 A CN 104915455A
- Authority
- CN
- China
- Prior art keywords
- abnormal
- visits
- access
- website
- chemical reaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
Abstract
The invention discloses a website exception access identification method based on user behaviors. The website exception access identification method comprises the following steps: carrying out analysis processing on a website log, dividing a log record into a plurality of visits according to IP (Internet Protocol) and access interval time, and importing the visits into a database, wherein the access interval time is 30 minutes; aiming at each visits to carry out distributed computation on measurement indexes under four categories including continuous clicking, identity transformation, access sources and site distribution; carrying out distribution analysis on each measurement index, extracting an exception threshold value of each index, and extracting an exception judgment rule of each category; and according to the extracted threshold value of each index and the exception judgment rule, judging whether the continuous clicking, the identity transformation, the access sources and the site distribution are abnormal or not through judging whether the index is abnormal or not. The method and the system can effectively exclude an exception access record and improve the statistics and mining accuracy of subsequent user behaviors.
Description
Technical field
The present invention relates to data cleansing field, particularly a kind of website abnormal access recognition methods and system.
Background technology
Growing along with Internet technology, Internet user's number also day by day increases, and that accumulates over a long period creates a large amount of web logs, by the analysis to these large data, better can hold the Behavior preference of user, therefrom excavate larger commercial opportunity.But, but find have a lot of exceptions to click behavior in actual analysis, generally artificially can not accomplish, also have some clicks to be difficult to the normal intention being interpreted as user, be probably subject to the driving of certain improper object, such as the behavior of brush data, fraud etc.These junk datas disturb the collection of Internet firm's field feedback greatly, also and then to the value of analysis result also create significant impact, therefore get rid of these exception records for follow-up analysis and excavate particularly important.
Summary of the invention
The present invention in this context, propose the access recognition methods of a kind of Network Abnormal based on user behavior and system, mainly for four kinds of common exceptions: adopting consecutive click chemical reaction is abnormal, identity conversion is abnormal, access source exception and website abnormal distribution each provide corresponding recognition methods, last and consider and give abnormal log cleaning program.The method can effectively eliminate abnormal access record, improves the accuracy of subsequent user behavioral statistics and excavation.
Technical solution of the present invention is, a kind of access of the Network Abnormal based on user behavior recognition methods, comprises the steps:
Step one: web log file is carried out dissection process, is divided into multiple visitor visits (access time interval is 30 minutes) according to ip, access time interval by log recording, and imports in database;
Step 2: for each visits, the Measure Indexes under four classifications that distribution calculates adopting consecutive click chemical reaction, identity converts, access is originated, website distributes;
Step 3: carry out distributional analysis to each Measure Indexes, extracts the threshold value of each Indexes Abnormality, and extracts the abnormality juding rule of each classification;
Step 4: according to the metrics-thresholds extracted and abnormality juding rule, whether extremely judge whether extremely the conversion of adopting consecutive click chemical reaction, identity, access source, website distribute four classifications by index, and record abnormal data corresponding to this visits, be saved in database;
Step 5: when subsequent analysis is implemented with excavation, according to reality to the rate of precision needed for abnormal data filtration and coverage rate, selects suitable abnormal data to filter.
The present invention discloses a kind of Network Abnormal based on user behavior access recognition system, comprising: data source modules, web log file pretreatment module, anomalous identification module, abnormal click mark and filtering module.
Described data source modules, for the basic data stayed during recording user access websites, mainly website user's access log, comprises and comes from operation system, text or other data structure source.
Described web log file pretreatment module, resolves daily record and the setting of abnormal index threshold value.Comprising two each and every one submodules: daily record analyzing sub-module, metrics-thresholds setting submodule.Described daily record analyzing sub-module, carries out dissection process by web log file, and according to ip, log recording is divided into multiple visits (access time interval is 30 minutes) by the access time, and imports in database.Described metrics-thresholds setting submodule, for each visits, each Measure Indexes under four classifications that distribution calculates adopting consecutive click chemical reaction, identity converts, access is originated, website distributes, by the distributional analysis to each index, in conjunction with actual business, select suitable outlier threshold.
Described anomalous identification module, carries out anomalous identification to each visits.Comprising four each and every one submodules: the abnormal submodule of adopting consecutive click chemical reaction, identity convert abnormal submodule, access source abnormal submodule, website abnormal distribution submodule.The abnormal submodule of described adopting consecutive click chemical reaction, compares index value corresponding under each visits adopting consecutive click chemical reaction classification and outlier threshold, in conjunction with classification abnormality juding rule, judges whether this visits exists adopting consecutive click chemical reaction abnormal.Described identity converts abnormal submodule, corresponding index value and outlier threshold under each visits identity conversion classification is compared, in conjunction with classification abnormality juding rule, judges whether this visits exists identity conversion abnormal.The abnormal submodule in described access source, compares corresponding index value and outlier threshold under each visits website distribution classification, in conjunction with classification abnormality juding rule, judges whether this visits exists website abnormal distribution.Described website abnormal distribution submodule, compares corresponding index value and outlier threshold under each visits website distribution classification, in conjunction with classification abnormality juding rule, judges whether this visits exists website abnormal distribution.
Described abnormal click marks and filtering module, gathers, marks the abnormal class data of each visits, filter abnormal for four classifications according to actual needs before analyzing and excavating to the visits exceeding certain abnormal class data.
Beneficial effect of the present invention: click for the exception in web log file and carry out abnormal behaviour classification, and provide corresponding recognition methods respectively, finally all kinds of exception is integrated the cleaning method providing access log abnormal data.Through practice, the method can effectively eliminate abnormal access record, reduces the interference of abnormal data as much as possible, thus improves the confidence level of follow-up log analysis and Result, has given play to larger value.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet that the website abnormal access in the embodiment of the present invention identifies.
Fig. 2 is the structural representation that the website abnormal access in the embodiment of the present invention identifies.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in further detail.
In the present invention, from adopting consecutive click chemical reaction, identity converts, access is originated, website distributes, and anomalous identification is carried out to access log in four aspects, finally for each visits, mark the classification number of its exception, subsequent analysis is filtered according to actual needs with excavation.
Consult shown in Fig. 1, the flow chart of data processing of the embodiment of the present invention, concrete steps are:
Step 11: web log file is carried out dissection process, according to ip, log recording is divided into multiple visits (access time interval is 30 minutes) by the access time, and imports in database.
Step 12: for each visits, each Measure Indexes under four classifications that distribution calculates adopting consecutive click chemical reaction, identity converts, access is originated, website distributes.In embodiments of the present invention, choose following index to identify:
● adopting consecutive click chemical reaction chooses the clicks average per second of adopting consecutive click chemical reaction, the number of seconds accounting of adopting consecutive click chemical reaction.Wherein, for each visits, adopting consecutive click chemical reaction refers in 1 second and clicks more than 2 times and 2 times, and the number of seconds accounting of adopting consecutive click chemical reaction refers to that the number of seconds of adopting consecutive click chemical reaction accounts for the ratio that this visits always clicks number of seconds.
● cookie number, average each cookie clicks, cookie clicks standard deviation, cookie interleaving access ratio are chosen in identity conversion.Wherein, for each visits, cookie number refers to that the cookie that this visits uses records number, under cookie interleaving access refers to this visits, if the access time of certain cookie is in the access-hours of other any cookie, then counting this cookie is interleaving access, interleaving access ratio then accounts for the ratio of total cookie number for the cookie number that there is interleaving access, for weighing the behavior clicked by the multiple computers (multiple user) under the mode adopting consecutive click chemical reaction of clear cookie or same ip for individual machine simultaneously.
● access source choose average each referer (source page that user clicks at every turn) clicks, total clicks, directly access accounting.
● the number of clicks of average each page, the click distribution proportion of each type page are chosen in website distribution.
Step 13: carry out distributional analysis to each index, extracts the threshold value of each Indexes Abnormality, and extracts the abnormality juding rule of each classification.In embodiments of the present invention, extracting rule is as follows:
By index, whether step 14: according to the metrics-thresholds extracted and abnormality juding, judge whether extremely the conversion of adopting consecutive click chemical reaction, identity, access source, website distribute four classifications, and record abnormal data corresponding to this visits, are saved in database extremely.
Step 15: when subsequent analysis is implemented with excavation, according to reality to the rate of precision needed for abnormal filtration and coverage rate, selects suitable abnormal data to filter.
Consult shown in Fig. 2, the system architecture of the embodiment of the present invention, comprising:
Data source modules 21, web log file pretreatment module 22, anomalous identification module 23, abnormal click mark and filtering module 24.
Data source modules 21, for the basic data stayed during recording user access websites, mainly website user's access log, may come from operation system, text or other data structure source.
Web log file pretreatment module 22, resolves daily record and the setting of abnormal index threshold value.Comprising two each and every one submodules: daily record analyzing sub-module 221, metrics-thresholds setting submodule 222.
Daily record analyzing sub-module 221, carries out dissection process by web log file, and according to ip, log recording is divided into multiple visits (access time interval is 30 minutes) by the access time, and imports in database.
Metrics-thresholds setting submodule 222, for each visits, each Measure Indexes under four classifications that distribution calculates adopting consecutive click chemical reaction, identity converts, access is originated, website distributes, by the distributional analysis to each index, in conjunction with actual business, select suitable outlier threshold.
Anomalous identification module 23, carries out anomalous identification to each visits.Comprising four each and every one submodules: the abnormal submodule 231 of adopting consecutive click chemical reaction, identity convert abnormal submodule 232, access source abnormal submodule 233, website abnormal distribution submodule 244.
The abnormal submodule 231 of adopting consecutive click chemical reaction, compares index value corresponding under each visits adopting consecutive click chemical reaction classification and outlier threshold, in conjunction with classification abnormality juding rule, judges whether this visits exists adopting consecutive click chemical reaction abnormal.
Identity converts abnormal submodule 232, corresponding index value and outlier threshold under each visits identity conversion classification is compared, in conjunction with classification abnormality juding rule, judges whether this visits exists identity conversion abnormal.
The abnormal submodule 231 in access source, compares corresponding index value and outlier threshold under each visits access source categories, in conjunction with classification abnormality juding rule, judges whether this visits exists access source extremely.
Website abnormal distribution submodule 231, compares corresponding index value and outlier threshold under each visits website distribution classification, in conjunction with classification abnormality juding rule, judges whether this visits exists website abnormal distribution.
Abnormal click marks and filtering module 24, gathers, marks the abnormal class number of each visits, filter abnormal for four classifications according to actual needs before analyzing and excavating to the visits exceeding certain abnormal class number.
Claims (3)
1., based on a Network Abnormal access recognition methods for user behavior, it is characterized in that comprising the steps:
Step one: web log file is carried out dissection process, is divided into multiple visitor visits according to ip, access time interval by log recording, and access time interval is 30 minutes, and imports in database;
Step 2: for each visits, the Measure Indexes under four classifications that distribution calculates adopting consecutive click chemical reaction, identity converts, access is originated, website distributes;
Step 3: carry out distributional analysis to each Measure Indexes, extracts the threshold value of each Indexes Abnormality, and extracts the abnormality juding rule of each classification;
Step 4: according to the metrics-thresholds extracted and abnormality juding rule, whether extremely judge whether extremely the conversion of adopting consecutive click chemical reaction, identity, access source, website distribute four classifications by index, and record abnormal data corresponding to this visits, be saved in database;
Step 5: when subsequent analysis is implemented with excavation, according to reality to the rate of precision needed for abnormal data filtration and coverage rate, selects suitable abnormal data to filter.
2. Network Abnormal access recognition methods according to claim 1, is characterized in that choosing following index identifies:
1) adopting consecutive click chemical reaction chooses the clicks average per second of adopting consecutive click chemical reaction, the number of seconds accounting of adopting consecutive click chemical reaction; Wherein, for each visits, adopting consecutive click chemical reaction refers in 1 second and clicks more than 2 times and 2 times, and the number of seconds accounting of adopting consecutive click chemical reaction refers to that the number of seconds of adopting consecutive click chemical reaction accounts for the ratio that this visits always clicks number of seconds;
2) cookie number, average each cookie clicks, cookie clicks standard deviation, cookie interleaving access ratio are chosen in identity conversion;
3) access source choose the source page that average each user clicks at every turn clicks, total clicks, directly access accounting;
4) number of clicks of average each page, the click distribution proportion of each type page are chosen in website distribution.
3. the recognition system of Network Abnormal access recognition methods according to claim 1 and 2, is characterized in that comprising: data source modules, web log file pretreatment module, anomalous identification module, abnormal click mark and filtering module;
Described data source modules, for the basic data stayed during recording user access websites, mainly website user's access log, comprises and comes from operation system, text or other data structure source;
Described web log file pretreatment module, resolves daily record and the setting of abnormal index threshold value.Comprising two each and every one submodules: daily record analyzing sub-module, metrics-thresholds setting submodule; Described daily record analyzing sub-module, carries out dissection process by web log file, and according to ip, log recording is divided into multiple visits by the access time, and access time interval is 30 minutes, and imports in database.Described metrics-thresholds setting submodule, for each visits, each Measure Indexes under four classifications that distribution calculates adopting consecutive click chemical reaction, identity converts, access is originated, website distributes, by the distributional analysis to each index, in conjunction with actual business, select suitable outlier threshold;
Described anomalous identification module, carries out anomalous identification to each visits.Comprising four each and every one submodules: the abnormal submodule of adopting consecutive click chemical reaction, identity convert abnormal submodule, access source abnormal submodule, website abnormal distribution submodule;
The abnormal submodule of described adopting consecutive click chemical reaction, compares index value corresponding under each visits adopting consecutive click chemical reaction classification and outlier threshold, in conjunction with classification abnormality juding rule, judges whether this visits exists adopting consecutive click chemical reaction abnormal;
Described identity converts abnormal submodule, corresponding index value and outlier threshold under each visits identity conversion classification is compared, in conjunction with classification abnormality juding rule, judges whether this visits exists identity conversion abnormal;
The abnormal submodule in described access source, compares corresponding index value and outlier threshold under each visits website distribution classification, in conjunction with classification abnormality juding rule, judges whether this visits exists website abnormal distribution;
Described website abnormal distribution submodule, compares corresponding index value and outlier threshold under each visits website distribution classification, in conjunction with classification abnormality juding rule, judges whether this visits exists website abnormal distribution;
Described abnormal click marks and filtering module, gathers, marks the abnormal class data of each visits, filter abnormal for four classifications according to actual needs before analyzing and excavating to the visits exceeding certain abnormal class data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510383614.7A CN104915455B (en) | 2015-07-02 | 2015-07-02 | A kind of website abnormal based on user behavior accesses recognition methodss and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510383614.7A CN104915455B (en) | 2015-07-02 | 2015-07-02 | A kind of website abnormal based on user behavior accesses recognition methodss and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104915455A true CN104915455A (en) | 2015-09-16 |
| CN104915455B CN104915455B (en) | 2017-03-15 |
Family
ID=54084518
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510383614.7A Active CN104915455B (en) | 2015-07-02 | 2015-07-02 | A kind of website abnormal based on user behavior accesses recognition methodss and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104915455B (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105610616A (en) * | 2015-12-29 | 2016-05-25 | 赛尔网络有限公司 | Method and system for performing statistics to obtain average flow of single IP (Internet Protocol) of access network based on ICP (Internet Content Provider) activity |
| CN106341407A (en) * | 2016-09-19 | 2017-01-18 | 成都知道创宇信息技术有限公司 | Abnormal access log mining method based on website picture and apparatus thereof |
| CN106612202A (en) * | 2015-10-27 | 2017-05-03 | 网易(杭州)网络有限公司 | Method and system for pre-estimate and judgment of amount brushing of online game channel |
| CN106611348A (en) * | 2015-10-23 | 2017-05-03 | 北京国双科技有限公司 | Anomaly traffic detection method and apparus |
| CN106611346A (en) * | 2015-10-22 | 2017-05-03 | 北京国双科技有限公司 | Visitor screening method and device |
| CN106817235A (en) * | 2015-11-30 | 2017-06-09 | 北京国双科技有限公司 | The detection method and device of website abnormal visit capacity |
| CN107370719A (en) * | 2016-05-13 | 2017-11-21 | 阿里巴巴集团控股有限公司 | Abnormal login recognition methods, apparatus and system |
| CN107491970A (en) * | 2017-08-17 | 2017-12-19 | 北京三快在线科技有限公司 | Anti- cheating detection monitoring method and system and computing device in real time |
| CN107578263A (en) * | 2017-07-21 | 2018-01-12 | 北京奇艺世纪科技有限公司 | A kind of detection method, device and the electronic equipment of advertisement abnormal access |
| CN107888602A (en) * | 2017-11-23 | 2018-04-06 | 北京白山耘科技有限公司 | A kind of method and device for detecting abnormal user |
| CN108122116A (en) * | 2016-11-29 | 2018-06-05 | 腾讯科技(深圳)有限公司 | A kind of monitoring and managing method and system of product promotion channel |
| CN108255696A (en) * | 2016-12-29 | 2018-07-06 | 航天信息软件技术有限公司 | A kind of analysis method and system acquired based on user to web page operation behavior |
| CN108270727A (en) * | 2016-12-30 | 2018-07-10 | 北京国双科技有限公司 | Abnormal data analysis method and device |
| CN108683670A (en) * | 2018-05-21 | 2018-10-19 | 中国科学院计算机网络信息中心 | The malicious traffic stream recognition methods accessed based on website application system and system |
| CN111416790A (en) * | 2019-01-04 | 2020-07-14 | 北京数安鑫云信息技术有限公司 | Network abnormal access intelligent identification method and device based on user behavior, storage medium and computer equipment |
| CN117201090A (en) * | 2023-08-28 | 2023-12-08 | 山东亚泽信息技术有限公司 | Abnormal behavior detection processing method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080162688A1 (en) * | 2007-01-03 | 2008-07-03 | International Business Machines Corporation | Proactive problem resolution system, method of proactive problem resolution and program product therefor |
| CN101232399A (en) * | 2008-02-18 | 2008-07-30 | 刘峰 | Analytical method of website abnormal visit |
| CN103297435A (en) * | 2013-06-06 | 2013-09-11 | 中国科学院信息工程研究所 | Abnormal access behavior detection method and system on basis of WEB logs |
| CN104462445A (en) * | 2014-12-15 | 2015-03-25 | 北京国双科技有限公司 | Webpage access data processing method and webpage access data processing device |
-
2015
- 2015-07-02 CN CN201510383614.7A patent/CN104915455B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080162688A1 (en) * | 2007-01-03 | 2008-07-03 | International Business Machines Corporation | Proactive problem resolution system, method of proactive problem resolution and program product therefor |
| CN101232399A (en) * | 2008-02-18 | 2008-07-30 | 刘峰 | Analytical method of website abnormal visit |
| CN103297435A (en) * | 2013-06-06 | 2013-09-11 | 中国科学院信息工程研究所 | Abnormal access behavior detection method and system on basis of WEB logs |
| CN104462445A (en) * | 2014-12-15 | 2015-03-25 | 北京国双科技有限公司 | Webpage access data processing method and webpage access data processing device |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106611346A (en) * | 2015-10-22 | 2017-05-03 | 北京国双科技有限公司 | Visitor screening method and device |
| CN106611348A (en) * | 2015-10-23 | 2017-05-03 | 北京国双科技有限公司 | Anomaly traffic detection method and apparus |
| CN106612202A (en) * | 2015-10-27 | 2017-05-03 | 网易(杭州)网络有限公司 | Method and system for pre-estimate and judgment of amount brushing of online game channel |
| CN106817235A (en) * | 2015-11-30 | 2017-06-09 | 北京国双科技有限公司 | The detection method and device of website abnormal visit capacity |
| CN105610616A (en) * | 2015-12-29 | 2016-05-25 | 赛尔网络有限公司 | Method and system for performing statistics to obtain average flow of single IP (Internet Protocol) of access network based on ICP (Internet Content Provider) activity |
| CN105610616B (en) * | 2015-12-29 | 2019-04-26 | 赛尔网络有限公司 | The single IP average flow rate statistical method of access net and system based on ICP liveness |
| CN107370719A (en) * | 2016-05-13 | 2017-11-21 | 阿里巴巴集团控股有限公司 | Abnormal login recognition methods, apparatus and system |
| CN106341407A (en) * | 2016-09-19 | 2017-01-18 | 成都知道创宇信息技术有限公司 | Abnormal access log mining method based on website picture and apparatus thereof |
| CN108122116A (en) * | 2016-11-29 | 2018-06-05 | 腾讯科技(深圳)有限公司 | A kind of monitoring and managing method and system of product promotion channel |
| CN108255696A (en) * | 2016-12-29 | 2018-07-06 | 航天信息软件技术有限公司 | A kind of analysis method and system acquired based on user to web page operation behavior |
| CN108270727A (en) * | 2016-12-30 | 2018-07-10 | 北京国双科技有限公司 | Abnormal data analysis method and device |
| CN107578263A (en) * | 2017-07-21 | 2018-01-12 | 北京奇艺世纪科技有限公司 | A kind of detection method, device and the electronic equipment of advertisement abnormal access |
| CN107578263B (en) * | 2017-07-21 | 2021-01-05 | 北京奇艺世纪科技有限公司 | Advertisement abnormal access detection method and device and electronic equipment |
| CN107491970A (en) * | 2017-08-17 | 2017-12-19 | 北京三快在线科技有限公司 | Anti- cheating detection monitoring method and system and computing device in real time |
| CN107491970B (en) * | 2017-08-17 | 2021-04-02 | 北京三快在线科技有限公司 | Real-time anti-cheating detection monitoring method and system and computing equipment |
| CN107888602A (en) * | 2017-11-23 | 2018-04-06 | 北京白山耘科技有限公司 | A kind of method and device for detecting abnormal user |
| CN108683670A (en) * | 2018-05-21 | 2018-10-19 | 中国科学院计算机网络信息中心 | The malicious traffic stream recognition methods accessed based on website application system and system |
| CN108683670B (en) * | 2018-05-21 | 2021-08-03 | 中国科学院计算机网络信息中心 | Malicious traffic identification method and system based on website application system access |
| CN111416790A (en) * | 2019-01-04 | 2020-07-14 | 北京数安鑫云信息技术有限公司 | Network abnormal access intelligent identification method and device based on user behavior, storage medium and computer equipment |
| CN111416790B (en) * | 2019-01-04 | 2022-08-09 | 北京数安鑫云信息技术有限公司 | Network abnormal access intelligent identification method and device based on user behavior, storage medium and computer equipment |
| CN117201090A (en) * | 2023-08-28 | 2023-12-08 | 山东亚泽信息技术有限公司 | Abnormal behavior detection processing method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104915455B (en) | 2017-03-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104915455A (en) | Website exception access identification method and system based on user behaviors | |
| CN107800591B (en) | Unified log data analysis method | |
| CN105357054B (en) | Website traffic analysis method, device and electronic equipment | |
| Takekawa et al. | Accurate spike sorting for multi‐unit recordings | |
| CN105577440B (en) | A kind of network downtime localization method and analytical equipment | |
| CN103178982A (en) | Method and device for analyzing log | |
| CN102724059A (en) | Website operation state monitoring and abnormal detection based on MapReduce | |
| CN103812961A (en) | Method and device for recognizing Internet protocol (IP) addresses of designated class and defending method and system | |
| CN104050178A (en) | Internet monitoring anti-spamming method and device | |
| CN102158355A (en) | Log event correlation analysis method and device capable of concurrent and interrupted analysis | |
| CN103227734A (en) | Method for detecting abnormity of OpenStack cloud platform | |
| CN104182506A (en) | Log management method | |
| CN105610616A (en) | Method and system for performing statistics to obtain average flow of single IP (Internet Protocol) of access network based on ICP (Internet Content Provider) activity | |
| CN104572976B (en) | Website data update method and system | |
| US10255371B2 (en) | Methods and systems for identifying multiple devices belonging to a single user by merging deterministic and probabilistic data to generate a cross device data structure | |
| CN105260414A (en) | User behavior similarity computing method and device | |
| CN115408586B (en) | Intelligent channel operation data analysis method, system, equipment and storage medium | |
| CN104298782A (en) | Method for analyzing active access behaviors of internet users | |
| CN104199945A (en) | Data storing method and device | |
| CN106131022A (en) | A kind of network cooperating attacks storm origin detection method and device | |
| WO2009092090A3 (en) | Method and system of tracking, coordinating, and quantifying charitable actions and community service | |
| CN104579771B (en) | A kind of analysis method for the action trail that application system is published to user | |
| CN112380126B (en) | Web system health prediction device and method | |
| CN112565422B (en) | Method, system and storage medium for identifying fault data of power internet of things | |
| CN109145109B (en) | User group message propagation abnormity analysis method and device based on social network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |