CN109409042A - A kind of user right distribution abnormality detection system, method, equipment and storage medium - Google Patents

A kind of user right distribution abnormality detection system, method, equipment and storage medium Download PDF

Info

Publication number
CN109409042A
CN109409042A CN201810966323.4A CN201810966323A CN109409042A CN 109409042 A CN109409042 A CN 109409042A CN 201810966323 A CN201810966323 A CN 201810966323A CN 109409042 A CN109409042 A CN 109409042A
Authority
CN
China
Prior art keywords
department
post
entropy
information
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810966323.4A
Other languages
Chinese (zh)
Other versions
CN109409042B (en
Inventor
冯春进
黄丽诗
胡泽柱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SF Technology Co Ltd
SF Tech Co Ltd
Original Assignee
SF Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SF Technology Co Ltd filed Critical SF Technology Co Ltd
Priority to CN201810966323.4A priority Critical patent/CN109409042B/en
Publication of CN109409042A publication Critical patent/CN109409042A/en
Application granted granted Critical
Publication of CN109409042B publication Critical patent/CN109409042B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention relates to a kind of user right distribution abnormality detection system, method, equipment and storage mediums.Obtain the corresponding department of user role permission to be measured, post information;According to the department, post information, calculate the single piece of information entropy in the post, the single piece of information entropy of the department, the Relative Entropy in each post, each department Relative Entropy, it arranges the single piece of information entropy increasing of the post, department to obtain attribute set sequence, generates the Relative Entropy of the attribute set sequence and the permission abnormality degree EOF (X) of each user;EOF value is subjected to descending arrangement, the corresponding user role authority distribution to be measured of the EOF value in preset threshold is abnormal.The present invention calculates the different utilization normal authority distribution situation of comentropy automatically, improves detection efficiency.

Description

A kind of user right distribution abnormality detection system, method, equipment and storage medium
Technical field
The invention belongs to the field of data mining more particularly to a kind of user right to distribute method for detecting abnormality.
Background technique
Numerous systems are had in company, different system user licensing schemes are not identical.The side that general permission is checked at present Method is manually to comb to existing permissions all in system, and then obtain there are job position and permission not situation, is made The method low efficiency manually checked and there may be abnormal permission situations to be ignored.
The present invention provides a kind of user rights to distribute detection method, using comentropy, identifies intra-company's difference personnel It is abnormal with the permission relevance grade of system, improve detection efficiency.
Summary of the invention
In order to solve the above-mentioned technical problem, the purpose of the present invention is to provide a kind of user rights to distribute abnormality detection side Method.
According to an aspect of the invention, there is provided a kind of user right distributes method for detecting abnormality, comprising the following steps:
Obtain the corresponding department of user role permission to be measured, post information;
According to the department, post information, the single piece of information entropy in the post, the single piece of information entropy of the department are calculated, The Relative Entropy in each post, each department Relative Entropy, by the post, the single piece of information entropy increasing of department Arrangement obtains attribute set sequence, generates the Relative Entropy of the attribute set sequence and the permission abnormality degree EOF of each user (X);
EOF value is subjected to descending arrangement, the corresponding user role authority distribution to be measured of EOF value in preset threshold is different Often.
Further, the department, post information include: the list information and quantity of display department and post mapping relations Information.
Further, according to the department, post information, the single piece of information entropy in the post, the list of the department are calculated The formula that one comentropy is based on are as follows:
Wherein,
Single vector-quantities N represents department or post, p (Xi)=| Xi|/| U |, i=1,2 ..., m, U represent the collection of N vector type It closes, | U | it is the radix of set U, XiDifferent classifications is represented, | Xi| it is set XiRadix.
Further, the calculating of the Relative Entropy includes:
According to the department, post information, the first information entropy in non-user post to be measured, non-user department to be measured are calculated Second comentropy;
Based on the first information entropy, second comentropy, the single piece of information entropy in the post, the department it is single Comentropy obtains the Relative Entropy of the Relative Entropy in each post, each department.
Further, the first information entropy in non-user post to be measured, the second comentropy institute of non-user department to be measured are calculated Based on calculation formula are as follows:
Wherein,
p(Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, | U-Xi' | represent U excluded froai Xi' set base Number, Xi' the different classifications that removing includes user to be measured are represented, | Xi' | set Xi' radix.
Further, the calculation formula that Relative Entropy is based on is calculated are as follows:
RHN(x)=Hx(N)/H(N)
Further, when the single piece of information entropy in post is less than the single piece of information entropy of department,
It is arranged according to comentropy increasing: S=<A, B>, wherein A represents post, and B represents department;
Attribute set sequence AS=<{ A, B }, { B }>, wherein { A, B } represents the primary vector in post and department's composition, { B } The secondary vector for representing department's formation, indicates { A, B } with a, indicates { B } with b.Further, the permission abnormality degree of the user EOF (X) is calculated
Calculate the weight W in post in SA, department weight WB, in the attribute set sequence AS primary vector weight Wa、 The weight W of secondary vectorb
Relative Entropy, the attribute of Relative Entropy, each department based on each post Collect the weight W in post in the Relative Entropy and the S of sequenceA, department weight WB, first in the attribute set sequence AS The weight W of vectora, secondary vector weight Wb, calculate the permission abnormality degree EOF (X) of each user.
Further, the calculation formula that permission abnormality degree is based on is calculated are as follows:
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence Arrange the Relative Entropy of each vector.
According to another aspect of the present invention, a kind of user right distribution abnormality detection system is provided, comprising:
Data capture unit is configured to obtain the corresponding department of user role permission to be measured, post information;
Permission abnormality degree computing unit is configured to calculate the single letter in the post according to the department, post information Cease the single piece of information entropy of entropy, the department, the Relative Entropy in each post, each department Relative Entropy, by institute State post, the single piece of information entropy increasing of department arranges to obtain attribute set sequence, generate the opposite letter of the attribute set sequence Cease entropy and the permission abnormality degree EOF (X) of each user;
Abnormal permission judgement unit is configured to EOF value carrying out descending arrangement, and the EOF value in preset threshold is corresponding User role authority distribution to be measured it is abnormal.
Further, the department, post information include: the list information and quantity of display department and post mapping relations Information.
Further, according to the department, post information, the single piece of information entropy in the post, the list of the department are calculated The formula that one comentropy is based on are as follows:
Wherein,
Single vector-quantities N is department or post, p (Xi)=| Xi|/| U |, i=1,2 ..., m, U represents the collection of N vector type It closes, | U | it is the radix of set U, XiDifferent classifications is represented, | Xi| it is set XiRadix.
Further, the calculating of the Relative Entropy includes:
According to the department, post information, the first information entropy in non-user post to be measured, non-user department to be measured are calculated Second comentropy;
Based on the first information entropy, second comentropy, the single piece of information entropy in the post, the department it is single Comentropy obtains the Relative Entropy of the Relative Entropy in each post, each department.
Further, the first information entropy in non-user post to be measured, the second comentropy institute of non-user department to be measured are calculated Based on calculation formula are as follows:
Wherein,
p(Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, | U-Xi' | represent U excluded froai Xi' set base Number, Xi' the different classifications that removing includes user to be measured are represented, | Xi' | set Xi' radix.
Further, the calculation formula that Relative Entropy is based on is calculated are as follows:
RHN(x)=Hx(N)/H(N)。
Further, when the single piece of information entropy in post is less than the single piece of information entropy of department,
It is arranged according to comentropy increasing: S=<A, B>, wherein A represents post, and B represents department;
Attribute set sequence AS=<{ A, B }, { B }>, wherein { A, B } represents the primary vector in post and department's composition, { B } The secondary vector for representing department's formation, indicates { A, B } with a, indicates { B } with b.
Further, the permission abnormality degree EOF (X) of the user, which is calculated, includes:
Calculate the weight W in post in SA, department weight WB, in the attribute set sequence AS primary vector weight Wa、 The weight W of secondary vectorb
Relative Entropy, the attribute of Relative Entropy, each department based on each post Collect the weight W in post in the Relative Entropy and the S of sequenceA, department weight WB, first in the attribute set sequence AS The weight W of vectora, secondary vector weight Wb, calculate the permission abnormality degree EOF (X) of each user.
Further, the calculation formula that permission abnormality degree is based on is calculated are as follows:
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence Arrange the Relative Entropy of each vector.
According to another aspect of the present invention, a kind of equipment is provided, the equipment includes:
One or more processors;
Memory, for storing one or more programs,
When one or more of programs are executed by one or more of processors, so that one or more of places It manages device and executes as above described in any item methods.
According to another aspect of the present invention, a kind of computer-readable storage medium for being stored with computer program is provided Matter realizes as above described in any item methods when the program is executed by processor.
Compared with prior art, the invention has the following advantages:
1, the exemplary user right of the present invention distributes method for detecting abnormality, obtains the corresponding portion of user role permission to be measured Door, post information;According to the department, post information, the single piece of information entropy in the post, the single piece of information of the department are calculated Entropy, the Relative Entropy in each post, each department Relative Entropy, by the post, the single piece of information entropy of department Increasing arranges to obtain attribute set sequence, generates the Relative Entropy of the attribute set sequence and the permission abnormality degree of each user EOF(X);EOF value is subjected to descending arrangement, the corresponding user role authority distribution to be measured of EOF value in preset threshold is different Often.Using comentropy, the automatic permission relevance grade unusual condition for detecting intra-company's difference personnel and system improves detection effect Rate.
2, the exemplary user right of the present invention distributes abnormality detection system, and data capture unit is configured to obtain to be measured The corresponding department of user role permission, post information;Permission abnormality degree computing unit, is configured to according to the department, hilllock Position information, calculates the single piece of information entropy in the post, the single piece of information entropy of the department, the Relative Entropy in each post, The Relative Entropy of each department arranges the single piece of information entropy increasing in the post, department to obtain attribute set sequence, raw At the Relative Entropy of the attribute set sequence and the permission abnormality degree EOF (X) of each user;Abnormal permission judgement unit, matches It sets for EOF value to be carried out descending arrangement, the corresponding user role authority distribution to be measured of EOF value in preset threshold is different Often.It is cooperated by said units, filters out the user of authority distribution exception, greatly reduce the workload that permission is checked, Improve detection efficiency.
3, the exemplary equipment of the present invention executes as above described in any item methods by one or more processors, utilizes Comentropy calculates the abnormal authority distribution situation of each system of company automatically, has saved manpower and improved efficiency.
4, the computer readable storage medium of the exemplary computer program of the present invention, realization when which is executed by processor Described in any item methods as above, using comentropy, the permission of automatic detection intra-company's difference personnel and each system is applicable in Unusual condition is spent, the accuracy rate and efficiency of detection are substantially increased.
Detailed description of the invention
Fig. 1 is flow chart of the present invention.
Specific embodiment
In order to be better understood by technical solution of the present invention, combined with specific embodiments below, Figure of description is to the present invention It is described further.
Embodiment one:
Present embodiments provide a kind of user right distribution method for detecting abnormality, comprising the following steps:
S1, the corresponding department of user role permission to be measured, post information are obtained;
Further, the department, post information include: the list information and quantity of display department and post mapping relations Information.
S2, according to the department, post information, calculate the single piece of information entropy in the post, the single piece of information of the department Entropy, the Relative Entropy in each post, each department Relative Entropy, by the post, the single piece of information entropy of department Increasing arranges to obtain attribute set sequence, generates the Relative Entropy of the attribute set sequence and the permission abnormality degree of each user EOF(X);
Further, according to the department, post information, the single piece of information entropy in the post, the list of the department are calculated The formula that one comentropy is based on are as follows:
Wherein,
Single vector-quantities N represents department or post, p (Xi)=| Xi|/| U |, i=1,2 ..., m, U represent the collection of N vector type It closes, | U | it is the radix of set U, XiDifferent classifications is represented, | Xi| it is set XiRadix.
Further, the calculating of the Relative Entropy includes:
According to the department, post information, the first information entropy in non-user post to be measured, non-user department to be measured are calculated Second comentropy;
Based on the first information entropy, second comentropy, the single piece of information entropy in the post, the department it is single Comentropy obtains the Relative Entropy of the Relative Entropy in each post, each department.
Further, the first information entropy in non-user post to be measured, the second comentropy institute of non-user department to be measured are calculated Based on calculation formula are as follows:
Wherein,
p(Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, | U-Xi' | represent U excluded froai Xi' set base Number, Xi' the different classifications that removing includes user to be measured are represented, | Xi' | set Xi' radix.
Further, the calculation formula that Relative Entropy is based on is calculated are as follows:
RHN(x)=Hx(N)/H(N)
Further, when the single piece of information entropy in post is less than the single piece of information entropy of department,
It is arranged according to comentropy increasing: S=<A, B>, wherein A represents post, and B represents department;
Attribute set sequence AS=<{ A, B }, { B }>, wherein { A, B } represents the primary vector in post and department's composition, { B } Represent the secondary vector of department's formation.
Further, the permission abnormality degree EOF (X) of the user, which is calculated, includes:
Calculate the weight W in post in SA, department weight WB, in the attribute set sequence AS primary vector weight Wa、 The weight W of secondary vectorb
Relative Entropy, the attribute of Relative Entropy, each department based on each post Collect the weight W in post in the Relative Entropy and the S of sequenceA, department weight WB, first in the attribute set sequence AS The weight W of vectora, secondary vector weight Wb, calculate the permission abnormality degree EOF (X) of each user.
Further, the calculation formula that permission abnormality degree is based on is calculated are as follows:
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence Arrange the Relative Entropy of each vector.
S3, EOF value is subjected to descending arrangement, the corresponding user role permission to be measured point of the EOF value in preset threshold With exception.
Above-mentioned user right distributes method for detecting abnormality, the specific steps are as follows:
S1, the corresponding department of user role permission to be measured, post information are obtained;
The system permission that needs are detected, being arranged according to different business demands is department and the hilllock for possessing the system permission Sheet form is ranked, such as:
Department Post
Finance Department Hilllock is settled accounts in accounting
Finance Department Receive and pay out hilllock
Finance Department Receivable management hilllock
Research and development department Testing engineering is
Sales department Medium and small relationship executive
Market department Marketing person
Market department Marketing person
Sales department Big customer assistant director
S2, according to the department, post information, calculate the single piece of information entropy in the post, the single piece of information of the department Entropy, the Relative Entropy in each post, each department Relative Entropy, by the post, the single piece of information entropy of department Increasing arranges to obtain attribute set sequence, generates the Relative Entropy of the attribute set sequence and the permission abnormality degree of each user EOF(X)。
(1) according to the following formula, department and post single piece of information entropy are calculated
For the comentropy of single vector-quantities N is defined as:
Wherein: p (Xi)=| Xi|/| U |, i=1,2 ..., m, | U | it is the radix of set U, Xi represents different classifications, U generation The set of table N vector type.
(2) Relative Entropy in department and post is calculated according to the following formula
1. computing object X removes the comentropy after oneself.Such as: when X is Finance Department, Hx (N) representative eliminates wealth After all departments other than business department, then recalculate an entropy.
Wherein: p (Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, if | E | be the radix of set E, gather | U-Xi′ | the radix represented is U excluded froai Xi' number.
2. calculating Relative Entropy:
RHN(x)=Hx(N)/H(N)…………(3)
RHA(x) Relative Entropy of X class in N vector is represented.For each department and post.
3. according to formula (1) calculate department and post list attribute value comentropy, and according to comentropy increasing arrangement S=< A,B>
A, B represents post and department (by comentropy descending order, here it is assumed that the comentropy ratio B of A is small).
According to attribute set sequence AS=<{ A, B }, { B }>, it is asked for the attribute set according to formula (2) and formula (3) Its Relative Entropy RH{a}, RH{b}, a representative { A, B }, b representative { B }.
4. calculating separately the post of each work number and the weight of department occurred jointly, it is denoted as W{N}The post AS Zhong Ge department class Other weight, is denoted as W{n}
5. calculating the permission abnormality degree of each employee
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence Arrange the Relative Entropy of each vector.
S3, EOF value is subjected to descending arrangement, the corresponding user role permission to be measured point of the EOF value in preceding 1%-5% With exception.
The present embodiment additionally provides a kind of user right distribution abnormality detection system, comprising:
Data capture unit is configured to obtain the corresponding department of user role permission to be measured, post information.
Further, the department, post information include: the list information and quantity of display department and post mapping relations Information.
Permission abnormality degree computing unit is configured to calculate the single letter in the post according to the department, post information Cease the single piece of information entropy of entropy, the department, the Relative Entropy in each post, each department Relative Entropy, by institute State post, the single piece of information entropy increasing of department arranges to obtain attribute set sequence, generate the opposite letter of the attribute set sequence Cease entropy and the permission abnormality degree EOF (X) of each user.
Further, according to the department, post information, the single piece of information entropy in the post, the list of the department are calculated The formula that one comentropy is based on are as follows:
Wherein,
Single vector-quantities N is department or post, p (Xi)=| Xi|/| U |, i=1,2 ..., m, U represents the collection of N vector type It closes, | U | it is the radix of set U, XiDifferent classifications is represented, | Xi| it is set XiRadix.
Further, the calculating of the Relative Entropy includes:
According to the department, post information, the first information entropy in non-user post to be measured, non-user department to be measured are calculated Second comentropy;
Based on the first information entropy, second comentropy, the single piece of information entropy in the post, the department it is single Comentropy obtains the Relative Entropy of the Relative Entropy in each post, each department.
Further, the first information entropy in non-user post to be measured, the second comentropy institute of non-user department to be measured are calculated Based on calculation formula are as follows:
Wherein,
p(Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, | U-Xi' | represent U excluded froai Xi' set base Number, Xi' the different classifications that removing includes user to be measured are represented, | Xi' | set Xi' radix.
Further, the calculation formula that Relative Entropy is based on is calculated are as follows:
RHN(x)=Hx(N)/H(N)。
Further, when the single piece of information entropy in post is less than the single piece of information entropy of department,
It is arranged according to comentropy increasing: S=<A, B>, wherein A represents post, and B represents department;
Attribute set sequence AS=<{ A, B }, { B }>, wherein { A, B } represents the primary vector in post and department's composition, { B } Represent the secondary vector of department's formation.
Further, the permission abnormality degree EOF (X) of the user, which is calculated, includes:
Calculate the weight W in post in SA, department weight WB, in the attribute set sequence AS primary vector weight Wa、 The weight W of secondary vectorb
Relative Entropy, the attribute of Relative Entropy, each department based on each post Collect the weight W in post in the Relative Entropy and the S of sequenceA, department weight WB, first in the attribute set sequence AS The weight W of vectora, secondary vector weight Wb, calculate the permission abnormality degree EOF (X) of each user.
Further, the calculation formula that permission abnormality degree is based on is calculated are as follows:
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence Arrange the Relative Entropy of each vector.
Abnormal permission judgement unit is configured to EOF value carrying out descending arrangement, and the EOF value in preset threshold is corresponding User role authority distribution to be measured it is abnormal.
The system concrete composition unit use and above-mentioned user right distribute method for detecting abnormality, and specific steps are corresponding, therefore It is no longer illustrated at this.
The present embodiment additionally provides a kind of equipment, and the equipment includes:
One or more processors;
Memory, for storing one or more programs,
When one or more of programs are executed by one or more of processors, so that one or more of places It manages device and executes as above described in any item methods.
The present embodiment additionally provides a kind of computer readable storage medium for being stored with computer program, and the program is processed As above described in any item methods are realized when device executes.
Embodiment two
The feature that the present embodiment is the same as example 1 repeats no more, and the present embodiment feature different from embodiment one exists In:
Above-mentioned user right distributes method for detecting abnormality, the specific steps are as follows:
S1, the corresponding department of user role permission to be measured, post information are obtained;
The system permission that needs are detected, according to different business demands:
(1) it arranges to possess department and the post tabular form of the system permission, such as:
(2) alternatively, needing to be added role/authority module/permission dish of the system such as the granularity more detail that needs detect Single information, such as:
Role/authority module/permission menu Department Post
Report administrator (role) Finance Department Hilllock is settled accounts in accounting
Report administrator (role) Finance Department Receive and pay out hilllock
Report administrator (role) Finance Department Receivable management hilllock
Test macro administrator (role) Research and development department Testing engineering is
General query user (role) Sales department Medium and small relationship executive
General query user (role) Market department Marketing person
General query user (role) Market department Marketing person
Super keepe (role) Sales department Big customer assistant director
Note that only there is one kind in the best one-time detection of role/authority module/permission menu information, keeps away when list formation Exempt from cross occurrence, for example, following situations be it is not recommended that data building form:
Role/authority module/permission menu Department Post
Report administrator (role) Finance Department Hilllock is settled accounts in accounting
Report administrator (role) Finance Department Receive and pay out hilllock
Clearing setting (permission menu) Finance Department Receivable management hilllock
Test macro administrator (role) Research and development department Testing engineering is
Data export module (authority module) Sales department Medium and small relationship executive
General query user (role) Market department Marketing person
General query user (role) Market department Marketing person
(permission menu) is arranged in client Sales department Big customer assistant director
S2, according to the department, post information, calculate the single piece of information entropy in the post, the single piece of information of the department Entropy, the Relative Entropy in each post, each department Relative Entropy, by the post, the single piece of information entropy of department Increasing arranges to obtain attribute set sequence, generates the Relative Entropy of the attribute set sequence and the permission abnormality degree of each user EOF(X)。
(1) according to the following formula, department and post single piece of information entropy are calculated
For the comentropy of single vector-quantities N is defined as:
Wherein: p (Xi)=| Xi|/| U |, i=1,2 ..., m, | U | it is the radix of set U, Xi represents different classifications, U generation The set of table N vector type.
(2) Relative Entropy in department and post is calculated according to the following formula
1. computing object X removes the comentropy after oneself.Such as: when X is Finance Department, Hx (N) representative eliminates wealth After all departments other than business department, then recalculate an entropy.
Wherein: p (Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, if | E | be the radix of set E, gather | U-Xi′ | the radix represented is U excluded froai Xi' number.
2. calculating Relative Entropy:
RHN(x)=Hx(N)/H(N)…………(3)
RHA(x) Relative Entropy of X class in N vector is represented.For each department and post.
3. according to formula (1) calculate department and post list attribute value comentropy, and according to comentropy increasing arrangement S=< A,B>
A, B represents post and department (by comentropy descending order, here it is assumed that the comentropy ratio B of A is small).
According to attribute set sequence AS=<{ A, B }, { B }>, it is asked for the attribute set according to formula (2) and formula (3) Its Relative Entropy RH{a}, RH{b}, a representative { A, B }, b representative { B }.
4. calculating separately the post of each work number and the weight of department occurred jointly, it is denoted as W{N}The post AS Zhong Ge department class Other weight, is denoted as W{n}
5. calculating the permission abnormality degree of each employee
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence Arrange the Relative Entropy of each vector.
S3, EOF value is subjected to descending arrangement, the corresponding user role permission to be measured point of the EOF value in preceding 1%-3% With exception.
It should be noted that the preset threshold of above-mentioned EOF value be not limited to the preceding 1%-5% enumerated, preceding 1%-3% can be with For other zone of reasonableness, just no longer repeat one by one here.
Above description is only the preferred embodiment of the application and the explanation to institute's application technology principle.Those skilled in the art Member is it should be appreciated that invention scope involved in the application, however it is not limited to technology made of the specific combination of above-mentioned technical characteristic Scheme, while should also cover in the case where not departing from the inventive concept, it is carried out by above-mentioned technical characteristic or its equivalent feature Any combination and the other technical solutions formed.Such as features described above has similar function with (but being not limited to) disclosed herein Energy.

Claims (20)

1. a kind of user right distributes method for detecting abnormality, characterized in that the following steps are included:
Obtain the corresponding department of user role permission to be measured, post information;
According to the department, post information, the single piece of information entropy in post, the single piece of information entropy of department are calculated, each post Relative Entropy, each department Relative Entropy, arrange the single piece of information entropy increasing of the post, department to obtain attribute Sequence of subsets generates the Relative Entropy of the attribute set sequence and the permission abnormality degree EOF (X) of each user;
EOF value is subjected to descending arrangement, the corresponding user role authority distribution to be measured of the EOF value in preset threshold is abnormal.
2. a kind of user right according to claim 1 distributes method for detecting abnormality, characterized in that the department, post Information includes: the list information and quantity information of display department and post mapping relations.
3. a kind of user right according to claim 1 distributes method for detecting abnormality, characterized in that according to the department, Post information, the formula that the single piece of information entropy of the single piece of information entropy, the department that calculate the post is based on are as follows:
Wherein,
Single vector-quantities N represents department or post, p (Xi) it is the corresponding probability value of each X, p (Xi)=| Xi|/| U |, i=1,2 ..., M, U represent the set of N vector type, | U | it is the radix of set U, XiDifferent classifications is represented, | Xi| it is set XiRadix.
4. a kind of user right according to claim 3 distributes method for detecting abnormality, characterized in that the Relative Entropy Calculating include:
According to the department, post information, calculate the first information entropy in non-user post to be measured, non-user department to be measured second Comentropy;
Based on the first information entropy, second comentropy, the single piece of information entropy in the post, the department single piece of information Entropy obtains the Relative Entropy of the Relative Entropy in each post, each department.
5. a kind of user right according to claim 4 distributes method for detecting abnormality, characterized in that calculate non-user to be measured The calculation formula that is based on of the second comentropy of the first information entropy in post, non-user department to be measured are as follows:
Wherein,
p(Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, | U-Xi' | represent U excluded froai Xi' cardinality of a set, Xi′ It represents and removes the different classifications including user to be measured, | Xi' | set Xi' radix.
6. a kind of user right according to claim 4 distributes method for detecting abnormality, characterized in that calculate Relative Entropy The calculation formula being based on are as follows:
RHN(x)=Hx(N)/H(N)。
7. a kind of user right according to claim 1 distributes method for detecting abnormality, characterized in that when the single letter in post When ceasing single piece of information entropy of the entropy less than department,
It is arranged according to comentropy increasing: S=<A, B>, wherein A represents post, and B represents department;
Attribute set sequence AS=<{ A, B }, { B }>, wherein { A, B } represents the primary vector in post and department's composition, { B } is represented The secondary vector that department is formed.
8. a kind of user right according to claim 7 distributes method for detecting abnormality, characterized in that the permission of the user Abnormality degree EOF (X) is calculated
Calculate the weight W in post in SA, department weight WB, in the attribute set sequence AS primary vector weight Wa, second The weight W of vectorb
The Relative Entropy of Relative Entropy, each department based on each post, the attribute set sequence The weight W in post in the Relative Entropy of column and the SA, department weight WB, primary vector in the attribute set sequence AS Weight Wa, secondary vector weight Wb, calculate the permission abnormality degree EOF (X) of each user.
9. a kind of user right according to claim 8 distributes method for detecting abnormality, characterized in that calculate permission abnormality degree The calculation formula being based on are as follows:
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence respectively to The Relative Entropy of amount.
10. a kind of user right distributes abnormality detection system, characterized in that include:
Data capture unit is configured to obtain the corresponding department of user role permission to be measured, post information;
Permission abnormality degree computing unit is configured to calculate the single piece of information in the post according to the department, post information Entropy, the department single piece of information entropy, the Relative Entropy in each post, each department Relative Entropy, will be described Post, department single piece of information entropy increasing arrange to obtain attribute set sequence, generate the relative information of the attribute set sequence Entropy and the permission abnormality degree EOF (X) of each user;
Abnormal permission judgement unit is configured to carrying out EOF value into descending arrangement, EOF value in preset threshold it is corresponding to The user role authority distribution of survey is abnormal.
11. a kind of user right according to claim 10 distributes abnormality detection system, characterized in that the department, hilllock Position information includes: the list information and quantity information of display department and post mapping relations.
12. a kind of user right according to claim 10 distributes abnormality detection system, characterized in that according to the portion Door, post information, the formula that the single piece of information entropy of the single piece of information entropy, the department that calculate the post is based on are as follows:
Wherein,
Single vector-quantities N is department or post, p (Xi) it is the corresponding probability value of each X, p (Xi)=| Xi|/| U |, i=1,2 ..., m, U represents the set of N vector type, | U | it is the radix of set U, XiDifferent classifications is represented, | Xi| it is set XiRadix.
13. a kind of user right according to claim 12 distributes abnormality detection system, characterized in that the relative information The calculating of entropy includes:
According to the department, post information, calculate the first information entropy in non-user post to be measured, non-user department to be measured second Comentropy;
Based on the first information entropy, second comentropy, the single piece of information entropy in the post, the department single piece of information Entropy obtains the Relative Entropy of the Relative Entropy in each post, each department.
14. a kind of user right according to claim 13 distributes abnormality detection system, characterized in that calculate non-use to be measured The calculation formula that is based on of the second comentropy of the first information entropy in family post, non-user department to be measured are as follows:
Wherein,
p(Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, | U-Xi' | represent U excluded froai Xi' cardinality of a set, Xi′ It represents and removes the different classifications including user to be measured, | Xi' | set Xi' radix.
15. a kind of user right according to claim 13 distributes abnormality detection system, characterized in that calculate relative information The calculation formula that entropy is based on are as follows:
RHN(x)=Hx(N)/H(N)。
16. a kind of user right according to claim 10 distributes abnormality detection system, characterized in that single when post When comentropy is less than the single piece of information entropy of department,
It is arranged according to comentropy increasing: S=<A, B>, wherein A represents post, and B represents department;
Attribute set sequence AS=<{ A, B }, { B }>, wherein { A, B } represents the primary vector in post and department's composition, { B } is represented The secondary vector that department is formed.
17. a kind of user right according to claim 10 distributes abnormality detection system, characterized in that the power of the user Limit abnormality degree EOF (X) calculates
Calculate the weight W in post in SA, department weight WB, in the attribute set sequence AS primary vector weight Wa, second The weight W of vectorb
The Relative Entropy of Relative Entropy, each department based on each post, the attribute set sequence The weight W in post in the Relative Entropy of column and the SA, department weight WB, primary vector in the attribute set sequence AS Weight Wa, secondary vector weight Wb, calculate the permission abnormality degree EOF (X) of each user.
18. a kind of user right according to claim 17 distributes abnormality detection system, characterized in that it is abnormal to calculate permission Spend the calculation formula being based on are as follows:
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence respectively to The Relative Entropy of amount.
19. a kind of equipment, characterized in that the equipment includes:
One or more processors;
Memory, for storing one or more programs,
When one or more of programs are executed by one or more of processors, so that one or more of processors Execute method as claimed in any one of claims 1-9 wherein.
20. a kind of computer readable storage medium for being stored with computer program, characterized in that when the program is executed by processor Realize method as claimed in any one of claims 1-9 wherein.
CN201810966323.4A 2018-08-23 2018-08-23 User authority distribution abnormity detection system, method, equipment and storage medium Active CN109409042B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810966323.4A CN109409042B (en) 2018-08-23 2018-08-23 User authority distribution abnormity detection system, method, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810966323.4A CN109409042B (en) 2018-08-23 2018-08-23 User authority distribution abnormity detection system, method, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN109409042A true CN109409042A (en) 2019-03-01
CN109409042B CN109409042B (en) 2021-04-20

Family

ID=65464387

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810966323.4A Active CN109409042B (en) 2018-08-23 2018-08-23 User authority distribution abnormity detection system, method, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN109409042B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645884A (en) * 2009-08-26 2010-02-10 西安理工大学 Multi-measure network abnormity detection method based on relative entropy theory
CN103281293A (en) * 2013-03-22 2013-09-04 南京江宁台湾农民创业园发展有限公司 Network flow rate abnormity detection method based on multi-dimension layering relative entropy
CN104766023A (en) * 2015-02-02 2015-07-08 苏州全维软件科技有限公司 User management method based on ORACLE database
CN105303084A (en) * 2015-09-24 2016-02-03 北京奇虎科技有限公司 Privilege management system and method
US20170192098A1 (en) * 2015-12-30 2017-07-06 Jeongho Cho Apparatus and method for ionospheric anomaly monitoring using kullback-leibler divergence metric for gbas
CN107123989A (en) * 2017-05-25 2017-09-01 国网上海市电力公司 A kind of topology identification method based on improved local outlier factor algorithm
CN107169768A (en) * 2016-03-07 2017-09-15 阿里巴巴集团控股有限公司 The acquisition methods and device of abnormal transaction data
CN107169616A (en) * 2017-07-21 2017-09-15 西安科技大学 Mine unworked country constructs the relative entropy Forecasting Methodology of relative component degree
CN107231348A (en) * 2017-05-17 2017-10-03 桂林电子科技大学 A kind of network flow abnormal detecting method based on relative entropy theory
CN108270778A (en) * 2017-12-29 2018-07-10 中国互联网络信息中心 A kind of DNS domain name abnormal access detection method and device

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645884A (en) * 2009-08-26 2010-02-10 西安理工大学 Multi-measure network abnormity detection method based on relative entropy theory
CN103281293A (en) * 2013-03-22 2013-09-04 南京江宁台湾农民创业园发展有限公司 Network flow rate abnormity detection method based on multi-dimension layering relative entropy
CN104766023A (en) * 2015-02-02 2015-07-08 苏州全维软件科技有限公司 User management method based on ORACLE database
CN105303084A (en) * 2015-09-24 2016-02-03 北京奇虎科技有限公司 Privilege management system and method
US20170192098A1 (en) * 2015-12-30 2017-07-06 Jeongho Cho Apparatus and method for ionospheric anomaly monitoring using kullback-leibler divergence metric for gbas
CN107169768A (en) * 2016-03-07 2017-09-15 阿里巴巴集团控股有限公司 The acquisition methods and device of abnormal transaction data
CN107231348A (en) * 2017-05-17 2017-10-03 桂林电子科技大学 A kind of network flow abnormal detecting method based on relative entropy theory
CN107123989A (en) * 2017-05-25 2017-09-01 国网上海市电力公司 A kind of topology identification method based on improved local outlier factor algorithm
CN107169616A (en) * 2017-07-21 2017-09-15 西安科技大学 Mine unworked country constructs the relative entropy Forecasting Methodology of relative component degree
CN108270778A (en) * 2017-12-29 2018-07-10 中国互联网络信息中心 A kind of DNS domain name abnormal access detection method and device

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
李向军等: "《基于相对邻域嫡的直推式网络异常检测算法》", 《计算机工程》 *
李蕊等: "《基于嫡的网络异常流量检测研究综述》", 《计算机系统应用》 *
杨建平等: "《基于改进局部异常因子算法的拓扑辨识技术》", 《计算机系统应用》 *

Also Published As

Publication number Publication date
CN109409042B (en) 2021-04-20

Similar Documents

Publication Publication Date Title
Van Eck et al. A comparison of two techniques for bibliometric mapping: Multidimensional scaling and VOS
Chen et al. Correlation coefficients of hesitant fuzzy sets and their applications to clustering analysis
KR101593910B1 (en) System for online monitering individual information and method of online monitering the same
CN109118197A (en) A kind of electricity marketization daily electricity data processing system and method
JP5680160B1 (en) Service analysis apparatus and operation method thereof
Li et al. Recommending users and communities in social media
Liu et al. Application of hierarchical clustering in tax inspection case-selecting
CN101246579A (en) Device, system and method for bank rate risk evaluation and monitoring
Harel et al. M-score: estimating the potential damage of data leakage incident by assigning misuseability weight
Anas et al. Impact of financial inclusion towards poverty in Indonesia
CN109409042A (en) A kind of user right distribution abnormality detection system, method, equipment and storage medium
Demeshev et al. BVAR mapping
Son Evaluating social protection programs in Tajikistan
Ibrahim et al. Consumer confidence indicators and economic fluctuations in Nigeria
CN104463448A (en) Emergency plan estimating system based on case reasoning
CN113989005A (en) Tax risk enterprise mining method and device
Goel et al. End-to-end process extraction in process unaware systems
Rusanovskiy et al. Youth unemployment in Russian Regions and assessment of the economic loss
Munshi Do minimum wages reduce employment? Some empirical evidence from Bangladesh
CN105844414A (en) Method for evaluating dangerous chemical safety management
Sim et al. The development of the DEA-AR model using multiple regression analysis and efficiency evaluation of regional corporation in Korea
CN103412814A (en) Mobile terminal system safety test and intelligent repair system and method
Sun et al. Cloud computing risk assessment method based on game theory
Frand et al. The seventh annual UCLA survey of business school computer usage
Saito et al. Bicluster-network method and its application to movie recommendation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant