CN105989155B - 识别风险行为的方法及装置 - Google Patents

识别风险行为的方法及装置 Download PDF

Info

Publication number
CN105989155B
CN105989155B CN201510093725.4A CN201510093725A CN105989155B CN 105989155 B CN105989155 B CN 105989155B CN 201510093725 A CN201510093725 A CN 201510093725A CN 105989155 B CN105989155 B CN 105989155B
Authority
CN
China
Prior art keywords
risk coefficient
risk
link
users
specific behavior
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510093725.4A
Other languages
English (en)
Chinese (zh)
Other versions
CN105989155A (zh
Inventor
毛仁歆
孙超
李新凯
何帝君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CN201510093725.4A priority Critical patent/CN105989155B/zh
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to EP16758446.5A priority patent/EP3267348B1/en
Priority to PL16758446T priority patent/PL3267348T3/pl
Priority to SG11201707032UA priority patent/SG11201707032UA/en
Priority to PCT/CN2016/074424 priority patent/WO2016138830A1/zh
Priority to JP2017546734A priority patent/JP6734293B2/ja
Priority to ES16758446T priority patent/ES2801273T3/es
Priority to KR1020177026844A priority patent/KR102125116B1/ko
Publication of CN105989155A publication Critical patent/CN105989155A/zh
Priority to US15/694,030 priority patent/US10601850B2/en
Application granted granted Critical
Publication of CN105989155B publication Critical patent/CN105989155B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Information Transfer Between Computers (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
CN201510093725.4A 2015-03-02 2015-03-02 识别风险行为的方法及装置 Active CN105989155B (zh)

Priority Applications (9)

Application Number Priority Date Filing Date Title
CN201510093725.4A CN105989155B (zh) 2015-03-02 2015-03-02 识别风险行为的方法及装置
PL16758446T PL3267348T3 (pl) 2015-03-02 2016-02-24 Sposób i urządzenie do rozpoznawania ryzykownego zachowania
SG11201707032UA SG11201707032UA (en) 2015-03-02 2016-02-24 Method and apparatus for identifying risky behavior
PCT/CN2016/074424 WO2016138830A1 (zh) 2015-03-02 2016-02-24 识别风险行为的方法及装置
EP16758446.5A EP3267348B1 (en) 2015-03-02 2016-02-24 Method and apparatus for recognizing risk behavior
JP2017546734A JP6734293B2 (ja) 2015-03-02 2016-02-24 危険行動を特定するための方法及び装置
ES16758446T ES2801273T3 (es) 2015-03-02 2016-02-24 Método y aparato para reconocer el comportamiento de riesgo
KR1020177026844A KR102125116B1 (ko) 2015-03-02 2016-02-24 위험성 있는 활동을 인식하기 위한 방법 및 장치
US15/694,030 US10601850B2 (en) 2015-03-02 2017-09-01 Identifying risky user behaviors in computer networks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510093725.4A CN105989155B (zh) 2015-03-02 2015-03-02 识别风险行为的方法及装置

Publications (2)

Publication Number Publication Date
CN105989155A CN105989155A (zh) 2016-10-05
CN105989155B true CN105989155B (zh) 2019-10-25

Family

ID=56848744

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510093725.4A Active CN105989155B (zh) 2015-03-02 2015-03-02 识别风险行为的方法及装置

Country Status (9)

Country Link
US (1) US10601850B2 (https=)
EP (1) EP3267348B1 (https=)
JP (1) JP6734293B2 (https=)
KR (1) KR102125116B1 (https=)
CN (1) CN105989155B (https=)
ES (1) ES2801273T3 (https=)
PL (1) PL3267348T3 (https=)
SG (1) SG11201707032UA (https=)
WO (1) WO2016138830A1 (https=)

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106529288A (zh) * 2016-11-16 2017-03-22 智者四海(北京)技术有限公司 一种帐号风险识别方法及装置
CN108229963B (zh) * 2016-12-12 2021-07-30 创新先进技术有限公司 用户操作行为的风险识别方法及装置
CN108427624B (zh) * 2017-02-13 2021-03-02 创新先进技术有限公司 一种系统稳定性风险的识别方法以及设备
CN108449307B (zh) * 2017-02-16 2020-12-29 上海行邑信息科技有限公司 一种用于识别风险设备的方法
US10917423B2 (en) 2017-05-15 2021-02-09 Forcepoint, LLC Intelligently differentiating between different types of states and attributes when using an adaptive trust profile
US10623431B2 (en) * 2017-05-15 2020-04-14 Forcepoint Llc Discerning psychological state from correlated user behavior and contextual information
US10999296B2 (en) 2017-05-15 2021-05-04 Forcepoint, LLC Generating adaptive trust profiles using information derived from similarly situated organizations
US9882918B1 (en) 2017-05-15 2018-01-30 Forcepoint, LLC User behavior profile in a blockchain
US10129269B1 (en) 2017-05-15 2018-11-13 Forcepoint, LLC Managing blockchain access to user profile information
US10447718B2 (en) 2017-05-15 2019-10-15 Forcepoint Llc User profile definition and management
US10999297B2 (en) 2017-05-15 2021-05-04 Forcepoint, LLC Using expected behavior of an entity when prepopulating an adaptive trust profile
US10943019B2 (en) 2017-05-15 2021-03-09 Forcepoint, LLC Adaptive trust profile endpoint
US10862927B2 (en) * 2017-05-15 2020-12-08 Forcepoint, LLC Dividing events into sessions during adaptive trust profile operations
CN107517203B (zh) * 2017-08-08 2020-07-14 奇安信科技集团股份有限公司 一种用户行为基线建立方法及装置
CN107566163B (zh) * 2017-08-10 2020-11-06 奇安信科技集团股份有限公司 一种用户行为分析关联的告警方法及装置
CN108304308A (zh) * 2018-02-07 2018-07-20 平安普惠企业管理有限公司 用户行为监控方法、装置、计算机设备和存储介质
US10997295B2 (en) 2019-04-26 2021-05-04 Forcepoint, LLC Adaptive trust profile reference architecture
US11621974B2 (en) * 2019-05-14 2023-04-04 Tenable, Inc. Managing supersedence of solutions for security issues among assets of an enterprise network
CN110457896A (zh) * 2019-07-02 2019-11-15 北京人人云图信息技术有限公司 在线访问的检测方法及检测装置
US12216791B2 (en) 2020-02-24 2025-02-04 Forcepoint Llc Re-identifying pseudonymized or de-identified data utilizing distributed ledger technology
CN111582722B (zh) * 2020-05-09 2022-06-07 拉扎斯网络科技(上海)有限公司 风险识别方法、装置、电子设备及可读存储介质
CN114764418B (zh) * 2020-12-31 2025-02-28 北京达佳互联信息技术有限公司 风险检测方法、装置、电子设备及存储介质
CN112866230B (zh) * 2021-01-13 2023-05-16 深信服科技股份有限公司 一种风险检测方法、装置及存储介质
CN112927068B (zh) * 2021-03-30 2024-08-20 善诊(上海)信息技术有限公司 业务数据风险分类门限确定方法、装置、设备及存储介质
CN113051560B (zh) * 2021-04-13 2024-05-24 北京安天网络安全技术有限公司 终端行为的安全识别方法和装置

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7574382B1 (en) * 2004-08-03 2009-08-11 Amazon Technologies, Inc. Automated detection of anomalous user activity associated with specific items in an electronic catalog
CN104011731A (zh) * 2011-10-18 2014-08-27 迈克菲公司 用户行为风险评估
CN104376266A (zh) * 2014-11-21 2015-02-25 工业和信息化部电信研究院 应用软件安全级别的确定方法及装置

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7953814B1 (en) * 2005-02-28 2011-05-31 Mcafee, Inc. Stopping and remediating outbound messaging abuse
CA2531410A1 (en) * 2005-12-23 2007-06-23 Snipe Network Security Corporation Behavioural-based network anomaly detection based on user and group profiling
US7574832B1 (en) 2007-01-24 2009-08-18 Lieberman Phillip L Portable telescoping tower assembly
JP2010108469A (ja) * 2008-10-01 2010-05-13 Sky Co Ltd 操作監視システム及び操作監視プログラム
US8356001B2 (en) * 2009-05-19 2013-01-15 Xybersecure, Inc. Systems and methods for application-level security
US8566956B2 (en) 2010-06-23 2013-10-22 Salesforce.Com, Inc. Monitoring and reporting of data access behavior of authorized database users
US9690645B2 (en) * 2012-12-04 2017-06-27 Hewlett Packard Enterprise Development Lp Determining suspected root causes of anomalous network behavior
US8850517B2 (en) 2013-01-15 2014-09-30 Taasera, Inc. Runtime risk detection based on user, application, and system action sequence correlation
CN103297267B (zh) * 2013-05-10 2016-05-11 中华通信系统有限责任公司河北分公司 一种网络行为的风险评估方法和系统
US20140359777A1 (en) * 2013-05-31 2014-12-04 Fixmo, Inc. Context-aware risk measurement mobile device management system
US20150039513A1 (en) * 2014-02-14 2015-02-05 Brighterion, Inc. User device profiling in transaction authentications
US10075474B2 (en) * 2015-02-06 2018-09-11 Honeywell International Inc. Notification subsystem for generating consolidated, filtered, and relevant security risk-based notifications

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7574382B1 (en) * 2004-08-03 2009-08-11 Amazon Technologies, Inc. Automated detection of anomalous user activity associated with specific items in an electronic catalog
CN104011731A (zh) * 2011-10-18 2014-08-27 迈克菲公司 用户行为风险评估
CN104376266A (zh) * 2014-11-21 2015-02-25 工业和信息化部电信研究院 应用软件安全级别的确定方法及装置

Also Published As

Publication number Publication date
EP3267348A1 (en) 2018-01-10
ES2801273T3 (es) 2021-01-08
CN105989155A (zh) 2016-10-05
JP2018510422A (ja) 2018-04-12
PL3267348T3 (pl) 2020-11-16
WO2016138830A1 (zh) 2016-09-09
KR20170125864A (ko) 2017-11-15
EP3267348A4 (en) 2018-10-31
SG11201707032UA (en) 2017-09-28
US20180013780A1 (en) 2018-01-11
JP6734293B2 (ja) 2020-08-05
US10601850B2 (en) 2020-03-24
EP3267348B1 (en) 2020-04-08
KR102125116B1 (ko) 2020-06-22

Similar Documents

Publication Publication Date Title
CN105989155B (zh) 识别风险行为的方法及装置
US10073726B2 (en) Detection of outage in cloud based service using usage data based error signals
US20170109676A1 (en) Generation of Candidate Sequences Using Links Between Nonconsecutively Performed Steps of a Business Process
US11664974B2 (en) Summary chains in distributed systems
US20170109639A1 (en) General Model for Linking Between Nonconsecutively Performed Steps in Business Processes
CN112631889B (zh) 针对应用系统的画像方法、装置、设备及可读存储介质
CN119089349B (zh) 一种能源互联网营销服务系统的运行监控方法及装置
US20170109638A1 (en) Ensemble-Based Identification of Executions of a Business Process
US20170109640A1 (en) Generation of Candidate Sequences Using Crowd-Based Seeds of Commonly-Performed Steps of a Business Process
US9444708B2 (en) Detection of outage in cloud based service using synthetic measurements and anonymized usage data
CN115238292A (zh) 数据安全管控方法、装置、电子设备及存储介质
US11422993B2 (en) Duplicate table identification in enterprise database systems for data storage optimization
CN113987206A (zh) 异常用户的识别方法、装置、设备及存储介质
US20170109670A1 (en) Crowd-Based Patterns for Identifying Executions of Business Processes
CN116739506B (zh) 资产数据处理方法、装置、设备及存储介质
CN117851192A (zh) 应用系统高可用评估方法及装置
CA3204150A1 (en) Detecting network anomalies by correlating multiple information sources
CN111583037B (zh) 风险关联对象的确定方法、装置和服务器
US20250013924A1 (en) Systems and methods for dynamic data operations modelling
CN112559295B (zh) 数据监控方法、装置、电子设备及存储介质
CN119166673A (zh) 信息查询方法、装置、设备、可读存储介质及程序产品
CN121883192A (zh) 一种报销审批方法及相关产品
CN120179680A (zh) 数据处理方法、装置、计算机设备及存储介质
CN121597390A (zh) 一种基于多维度业务语义的服务处理方法及相关设备
CN121412263A (zh) 基于人工智能的业务数据查询方法、装置、设备及介质

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200924

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200924

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Patentee after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Patentee before: Alibaba Group Holding Ltd.