CN109409042A - A kind of user right distribution abnormality detection system, method, equipment and storage medium - Google Patents
A kind of user right distribution abnormality detection system, method, equipment and storage medium Download PDFInfo
- Publication number
- CN109409042A CN109409042A CN201810966323.4A CN201810966323A CN109409042A CN 109409042 A CN109409042 A CN 109409042A CN 201810966323 A CN201810966323 A CN 201810966323A CN 109409042 A CN109409042 A CN 109409042A
- Authority
- CN
- China
- Prior art keywords
- department
- post
- entropy
- information
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention relates to a kind of user right distribution abnormality detection system, method, equipment and storage mediums.Obtain the corresponding department of user role permission to be measured, post information;According to the department, post information, calculate the single piece of information entropy in the post, the single piece of information entropy of the department, the Relative Entropy in each post, each department Relative Entropy, it arranges the single piece of information entropy increasing of the post, department to obtain attribute set sequence, generates the Relative Entropy of the attribute set sequence and the permission abnormality degree EOF (X) of each user;EOF value is subjected to descending arrangement, the corresponding user role authority distribution to be measured of the EOF value in preset threshold is abnormal.The present invention calculates the different utilization normal authority distribution situation of comentropy automatically, improves detection efficiency.
Description
Technical field
The invention belongs to the field of data mining more particularly to a kind of user right to distribute method for detecting abnormality.
Background technique
Numerous systems are had in company, different system user licensing schemes are not identical.The side that general permission is checked at present
Method is manually to comb to existing permissions all in system, and then obtain there are job position and permission not situation, is made
The method low efficiency manually checked and there may be abnormal permission situations to be ignored.
The present invention provides a kind of user rights to distribute detection method, using comentropy, identifies intra-company's difference personnel
It is abnormal with the permission relevance grade of system, improve detection efficiency.
Summary of the invention
In order to solve the above-mentioned technical problem, the purpose of the present invention is to provide a kind of user rights to distribute abnormality detection side
Method.
According to an aspect of the invention, there is provided a kind of user right distributes method for detecting abnormality, comprising the following steps:
Obtain the corresponding department of user role permission to be measured, post information;
According to the department, post information, the single piece of information entropy in the post, the single piece of information entropy of the department are calculated,
The Relative Entropy in each post, each department Relative Entropy, by the post, the single piece of information entropy increasing of department
Arrangement obtains attribute set sequence, generates the Relative Entropy of the attribute set sequence and the permission abnormality degree EOF of each user
(X);
EOF value is subjected to descending arrangement, the corresponding user role authority distribution to be measured of EOF value in preset threshold is different
Often.
Further, the department, post information include: the list information and quantity of display department and post mapping relations
Information.
Further, according to the department, post information, the single piece of information entropy in the post, the list of the department are calculated
The formula that one comentropy is based on are as follows:
Wherein,
Single vector-quantities N represents department or post, p (Xi)=| Xi|/| U |, i=1,2 ..., m, U represent the collection of N vector type
It closes, | U | it is the radix of set U, XiDifferent classifications is represented, | Xi| it is set XiRadix.
Further, the calculating of the Relative Entropy includes:
According to the department, post information, the first information entropy in non-user post to be measured, non-user department to be measured are calculated
Second comentropy;
Based on the first information entropy, second comentropy, the single piece of information entropy in the post, the department it is single
Comentropy obtains the Relative Entropy of the Relative Entropy in each post, each department.
Further, the first information entropy in non-user post to be measured, the second comentropy institute of non-user department to be measured are calculated
Based on calculation formula are as follows:
Wherein,
p(Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, | U-Xi' | represent U excluded froai Xi' set base
Number, Xi' the different classifications that removing includes user to be measured are represented, | Xi' | set Xi' radix.
Further, the calculation formula that Relative Entropy is based on is calculated are as follows:
RHN(x)=Hx(N)/H(N)
Further, when the single piece of information entropy in post is less than the single piece of information entropy of department,
It is arranged according to comentropy increasing: S=<A, B>, wherein A represents post, and B represents department;
Attribute set sequence AS=<{ A, B }, { B }>, wherein { A, B } represents the primary vector in post and department's composition, { B }
The secondary vector for representing department's formation, indicates { A, B } with a, indicates { B } with b.Further, the permission abnormality degree of the user
EOF (X) is calculated
Calculate the weight W in post in SA, department weight WB, in the attribute set sequence AS primary vector weight Wa、
The weight W of secondary vectorb;
Relative Entropy, the attribute of Relative Entropy, each department based on each post
Collect the weight W in post in the Relative Entropy and the S of sequenceA, department weight WB, first in the attribute set sequence AS
The weight W of vectora, secondary vector weight Wb, calculate the permission abnormality degree EOF (X) of each user.
Further, the calculation formula that permission abnormality degree is based on is calculated are as follows:
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence
Arrange the Relative Entropy of each vector.
According to another aspect of the present invention, a kind of user right distribution abnormality detection system is provided, comprising:
Data capture unit is configured to obtain the corresponding department of user role permission to be measured, post information;
Permission abnormality degree computing unit is configured to calculate the single letter in the post according to the department, post information
Cease the single piece of information entropy of entropy, the department, the Relative Entropy in each post, each department Relative Entropy, by institute
State post, the single piece of information entropy increasing of department arranges to obtain attribute set sequence, generate the opposite letter of the attribute set sequence
Cease entropy and the permission abnormality degree EOF (X) of each user;
Abnormal permission judgement unit is configured to EOF value carrying out descending arrangement, and the EOF value in preset threshold is corresponding
User role authority distribution to be measured it is abnormal.
Further, the department, post information include: the list information and quantity of display department and post mapping relations
Information.
Further, according to the department, post information, the single piece of information entropy in the post, the list of the department are calculated
The formula that one comentropy is based on are as follows:
Wherein,
Single vector-quantities N is department or post, p (Xi)=| Xi|/| U |, i=1,2 ..., m, U represents the collection of N vector type
It closes, | U | it is the radix of set U, XiDifferent classifications is represented, | Xi| it is set XiRadix.
Further, the calculating of the Relative Entropy includes:
According to the department, post information, the first information entropy in non-user post to be measured, non-user department to be measured are calculated
Second comentropy;
Based on the first information entropy, second comentropy, the single piece of information entropy in the post, the department it is single
Comentropy obtains the Relative Entropy of the Relative Entropy in each post, each department.
Further, the first information entropy in non-user post to be measured, the second comentropy institute of non-user department to be measured are calculated
Based on calculation formula are as follows:
Wherein,
p(Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, | U-Xi' | represent U excluded froai Xi' set base
Number, Xi' the different classifications that removing includes user to be measured are represented, | Xi' | set Xi' radix.
Further, the calculation formula that Relative Entropy is based on is calculated are as follows:
RHN(x)=Hx(N)/H(N)。
Further, when the single piece of information entropy in post is less than the single piece of information entropy of department,
It is arranged according to comentropy increasing: S=<A, B>, wherein A represents post, and B represents department;
Attribute set sequence AS=<{ A, B }, { B }>, wherein { A, B } represents the primary vector in post and department's composition, { B }
The secondary vector for representing department's formation, indicates { A, B } with a, indicates { B } with b.
Further, the permission abnormality degree EOF (X) of the user, which is calculated, includes:
Calculate the weight W in post in SA, department weight WB, in the attribute set sequence AS primary vector weight Wa、
The weight W of secondary vectorb;
Relative Entropy, the attribute of Relative Entropy, each department based on each post
Collect the weight W in post in the Relative Entropy and the S of sequenceA, department weight WB, first in the attribute set sequence AS
The weight W of vectora, secondary vector weight Wb, calculate the permission abnormality degree EOF (X) of each user.
Further, the calculation formula that permission abnormality degree is based on is calculated are as follows:
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence
Arrange the Relative Entropy of each vector.
According to another aspect of the present invention, a kind of equipment is provided, the equipment includes:
One or more processors;
Memory, for storing one or more programs,
When one or more of programs are executed by one or more of processors, so that one or more of places
It manages device and executes as above described in any item methods.
According to another aspect of the present invention, a kind of computer-readable storage medium for being stored with computer program is provided
Matter realizes as above described in any item methods when the program is executed by processor.
Compared with prior art, the invention has the following advantages:
1, the exemplary user right of the present invention distributes method for detecting abnormality, obtains the corresponding portion of user role permission to be measured
Door, post information;According to the department, post information, the single piece of information entropy in the post, the single piece of information of the department are calculated
Entropy, the Relative Entropy in each post, each department Relative Entropy, by the post, the single piece of information entropy of department
Increasing arranges to obtain attribute set sequence, generates the Relative Entropy of the attribute set sequence and the permission abnormality degree of each user
EOF(X);EOF value is subjected to descending arrangement, the corresponding user role authority distribution to be measured of EOF value in preset threshold is different
Often.Using comentropy, the automatic permission relevance grade unusual condition for detecting intra-company's difference personnel and system improves detection effect
Rate.
2, the exemplary user right of the present invention distributes abnormality detection system, and data capture unit is configured to obtain to be measured
The corresponding department of user role permission, post information;Permission abnormality degree computing unit, is configured to according to the department, hilllock
Position information, calculates the single piece of information entropy in the post, the single piece of information entropy of the department, the Relative Entropy in each post,
The Relative Entropy of each department arranges the single piece of information entropy increasing in the post, department to obtain attribute set sequence, raw
At the Relative Entropy of the attribute set sequence and the permission abnormality degree EOF (X) of each user;Abnormal permission judgement unit, matches
It sets for EOF value to be carried out descending arrangement, the corresponding user role authority distribution to be measured of EOF value in preset threshold is different
Often.It is cooperated by said units, filters out the user of authority distribution exception, greatly reduce the workload that permission is checked,
Improve detection efficiency.
3, the exemplary equipment of the present invention executes as above described in any item methods by one or more processors, utilizes
Comentropy calculates the abnormal authority distribution situation of each system of company automatically, has saved manpower and improved efficiency.
4, the computer readable storage medium of the exemplary computer program of the present invention, realization when which is executed by processor
Described in any item methods as above, using comentropy, the permission of automatic detection intra-company's difference personnel and each system is applicable in
Unusual condition is spent, the accuracy rate and efficiency of detection are substantially increased.
Detailed description of the invention
Fig. 1 is flow chart of the present invention.
Specific embodiment
In order to be better understood by technical solution of the present invention, combined with specific embodiments below, Figure of description is to the present invention
It is described further.
Embodiment one:
Present embodiments provide a kind of user right distribution method for detecting abnormality, comprising the following steps:
S1, the corresponding department of user role permission to be measured, post information are obtained;
Further, the department, post information include: the list information and quantity of display department and post mapping relations
Information.
S2, according to the department, post information, calculate the single piece of information entropy in the post, the single piece of information of the department
Entropy, the Relative Entropy in each post, each department Relative Entropy, by the post, the single piece of information entropy of department
Increasing arranges to obtain attribute set sequence, generates the Relative Entropy of the attribute set sequence and the permission abnormality degree of each user
EOF(X);
Further, according to the department, post information, the single piece of information entropy in the post, the list of the department are calculated
The formula that one comentropy is based on are as follows:
Wherein,
Single vector-quantities N represents department or post, p (Xi)=| Xi|/| U |, i=1,2 ..., m, U represent the collection of N vector type
It closes, | U | it is the radix of set U, XiDifferent classifications is represented, | Xi| it is set XiRadix.
Further, the calculating of the Relative Entropy includes:
According to the department, post information, the first information entropy in non-user post to be measured, non-user department to be measured are calculated
Second comentropy;
Based on the first information entropy, second comentropy, the single piece of information entropy in the post, the department it is single
Comentropy obtains the Relative Entropy of the Relative Entropy in each post, each department.
Further, the first information entropy in non-user post to be measured, the second comentropy institute of non-user department to be measured are calculated
Based on calculation formula are as follows:
Wherein,
p(Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, | U-Xi' | represent U excluded froai Xi' set base
Number, Xi' the different classifications that removing includes user to be measured are represented, | Xi' | set Xi' radix.
Further, the calculation formula that Relative Entropy is based on is calculated are as follows:
RHN(x)=Hx(N)/H(N)
Further, when the single piece of information entropy in post is less than the single piece of information entropy of department,
It is arranged according to comentropy increasing: S=<A, B>, wherein A represents post, and B represents department;
Attribute set sequence AS=<{ A, B }, { B }>, wherein { A, B } represents the primary vector in post and department's composition, { B }
Represent the secondary vector of department's formation.
Further, the permission abnormality degree EOF (X) of the user, which is calculated, includes:
Calculate the weight W in post in SA, department weight WB, in the attribute set sequence AS primary vector weight Wa、
The weight W of secondary vectorb;
Relative Entropy, the attribute of Relative Entropy, each department based on each post
Collect the weight W in post in the Relative Entropy and the S of sequenceA, department weight WB, first in the attribute set sequence AS
The weight W of vectora, secondary vector weight Wb, calculate the permission abnormality degree EOF (X) of each user.
Further, the calculation formula that permission abnormality degree is based on is calculated are as follows:
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence
Arrange the Relative Entropy of each vector.
S3, EOF value is subjected to descending arrangement, the corresponding user role permission to be measured point of the EOF value in preset threshold
With exception.
Above-mentioned user right distributes method for detecting abnormality, the specific steps are as follows:
S1, the corresponding department of user role permission to be measured, post information are obtained;
The system permission that needs are detected, being arranged according to different business demands is department and the hilllock for possessing the system permission
Sheet form is ranked, such as:
Department | Post |
Finance Department | Hilllock is settled accounts in accounting |
Finance Department | Receive and pay out hilllock |
Finance Department | Receivable management hilllock |
Research and development department | Testing engineering is |
Sales department | Medium and small relationship executive |
Market department | Marketing person |
Market department | Marketing person |
Sales department | Big customer assistant director |
… | … |
S2, according to the department, post information, calculate the single piece of information entropy in the post, the single piece of information of the department
Entropy, the Relative Entropy in each post, each department Relative Entropy, by the post, the single piece of information entropy of department
Increasing arranges to obtain attribute set sequence, generates the Relative Entropy of the attribute set sequence and the permission abnormality degree of each user
EOF(X)。
(1) according to the following formula, department and post single piece of information entropy are calculated
For the comentropy of single vector-quantities N is defined as:
Wherein: p (Xi)=| Xi|/| U |, i=1,2 ..., m, | U | it is the radix of set U, Xi represents different classifications, U generation
The set of table N vector type.
(2) Relative Entropy in department and post is calculated according to the following formula
1. computing object X removes the comentropy after oneself.Such as: when X is Finance Department, Hx (N) representative eliminates wealth
After all departments other than business department, then recalculate an entropy.
Wherein: p (Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, if | E | be the radix of set E, gather | U-Xi′
| the radix represented is U excluded froai Xi' number.
2. calculating Relative Entropy:
RHN(x)=Hx(N)/H(N)…………(3)
RHA(x) Relative Entropy of X class in N vector is represented.For each department and post.
3. according to formula (1) calculate department and post list attribute value comentropy, and according to comentropy increasing arrangement S=<
A,B>
A, B represents post and department (by comentropy descending order, here it is assumed that the comentropy ratio B of A is small).
According to attribute set sequence AS=<{ A, B }, { B }>, it is asked for the attribute set according to formula (2) and formula (3)
Its Relative Entropy RH{a}, RH{b}, a representative { A, B }, b representative { B }.
4. calculating separately the post of each work number and the weight of department occurred jointly, it is denoted as W{N}The post AS Zhong Ge department class
Other weight, is denoted as W{n}。
5. calculating the permission abnormality degree of each employee
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence
Arrange the Relative Entropy of each vector.
S3, EOF value is subjected to descending arrangement, the corresponding user role permission to be measured point of the EOF value in preceding 1%-5%
With exception.
The present embodiment additionally provides a kind of user right distribution abnormality detection system, comprising:
Data capture unit is configured to obtain the corresponding department of user role permission to be measured, post information.
Further, the department, post information include: the list information and quantity of display department and post mapping relations
Information.
Permission abnormality degree computing unit is configured to calculate the single letter in the post according to the department, post information
Cease the single piece of information entropy of entropy, the department, the Relative Entropy in each post, each department Relative Entropy, by institute
State post, the single piece of information entropy increasing of department arranges to obtain attribute set sequence, generate the opposite letter of the attribute set sequence
Cease entropy and the permission abnormality degree EOF (X) of each user.
Further, according to the department, post information, the single piece of information entropy in the post, the list of the department are calculated
The formula that one comentropy is based on are as follows:
Wherein,
Single vector-quantities N is department or post, p (Xi)=| Xi|/| U |, i=1,2 ..., m, U represents the collection of N vector type
It closes, | U | it is the radix of set U, XiDifferent classifications is represented, | Xi| it is set XiRadix.
Further, the calculating of the Relative Entropy includes:
According to the department, post information, the first information entropy in non-user post to be measured, non-user department to be measured are calculated
Second comentropy;
Based on the first information entropy, second comentropy, the single piece of information entropy in the post, the department it is single
Comentropy obtains the Relative Entropy of the Relative Entropy in each post, each department.
Further, the first information entropy in non-user post to be measured, the second comentropy institute of non-user department to be measured are calculated
Based on calculation formula are as follows:
Wherein,
p(Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, | U-Xi' | represent U excluded froai Xi' set base
Number, Xi' the different classifications that removing includes user to be measured are represented, | Xi' | set Xi' radix.
Further, the calculation formula that Relative Entropy is based on is calculated are as follows:
RHN(x)=Hx(N)/H(N)。
Further, when the single piece of information entropy in post is less than the single piece of information entropy of department,
It is arranged according to comentropy increasing: S=<A, B>, wherein A represents post, and B represents department;
Attribute set sequence AS=<{ A, B }, { B }>, wherein { A, B } represents the primary vector in post and department's composition, { B }
Represent the secondary vector of department's formation.
Further, the permission abnormality degree EOF (X) of the user, which is calculated, includes:
Calculate the weight W in post in SA, department weight WB, in the attribute set sequence AS primary vector weight Wa、
The weight W of secondary vectorb;
Relative Entropy, the attribute of Relative Entropy, each department based on each post
Collect the weight W in post in the Relative Entropy and the S of sequenceA, department weight WB, first in the attribute set sequence AS
The weight W of vectora, secondary vector weight Wb, calculate the permission abnormality degree EOF (X) of each user.
Further, the calculation formula that permission abnormality degree is based on is calculated are as follows:
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence
Arrange the Relative Entropy of each vector.
Abnormal permission judgement unit is configured to EOF value carrying out descending arrangement, and the EOF value in preset threshold is corresponding
User role authority distribution to be measured it is abnormal.
The system concrete composition unit use and above-mentioned user right distribute method for detecting abnormality, and specific steps are corresponding, therefore
It is no longer illustrated at this.
The present embodiment additionally provides a kind of equipment, and the equipment includes:
One or more processors;
Memory, for storing one or more programs,
When one or more of programs are executed by one or more of processors, so that one or more of places
It manages device and executes as above described in any item methods.
The present embodiment additionally provides a kind of computer readable storage medium for being stored with computer program, and the program is processed
As above described in any item methods are realized when device executes.
Embodiment two
The feature that the present embodiment is the same as example 1 repeats no more, and the present embodiment feature different from embodiment one exists
In:
Above-mentioned user right distributes method for detecting abnormality, the specific steps are as follows:
S1, the corresponding department of user role permission to be measured, post information are obtained;
The system permission that needs are detected, according to different business demands:
(1) it arranges to possess department and the post tabular form of the system permission, such as:
(2) alternatively, needing to be added role/authority module/permission dish of the system such as the granularity more detail that needs detect
Single information, such as:
Role/authority module/permission menu | Department | Post |
Report administrator (role) | Finance Department | Hilllock is settled accounts in accounting |
Report administrator (role) | Finance Department | Receive and pay out hilllock |
Report administrator (role) | Finance Department | Receivable management hilllock |
Test macro administrator (role) | Research and development department | Testing engineering is |
General query user (role) | Sales department | Medium and small relationship executive |
General query user (role) | Market department | Marketing person |
General query user (role) | Market department | Marketing person |
Super keepe (role) | Sales department | Big customer assistant director |
… | … | … |
Note that only there is one kind in the best one-time detection of role/authority module/permission menu information, keeps away when list formation
Exempt from cross occurrence, for example, following situations be it is not recommended that data building form:
Role/authority module/permission menu | Department | Post |
Report administrator (role) | Finance Department | Hilllock is settled accounts in accounting |
Report administrator (role) | Finance Department | Receive and pay out hilllock |
Clearing setting (permission menu) | Finance Department | Receivable management hilllock |
Test macro administrator (role) | Research and development department | Testing engineering is |
Data export module (authority module) | Sales department | Medium and small relationship executive |
General query user (role) | Market department | Marketing person |
General query user (role) | Market department | Marketing person |
(permission menu) is arranged in client | Sales department | Big customer assistant director |
… | … | … |
S2, according to the department, post information, calculate the single piece of information entropy in the post, the single piece of information of the department
Entropy, the Relative Entropy in each post, each department Relative Entropy, by the post, the single piece of information entropy of department
Increasing arranges to obtain attribute set sequence, generates the Relative Entropy of the attribute set sequence and the permission abnormality degree of each user
EOF(X)。
(1) according to the following formula, department and post single piece of information entropy are calculated
For the comentropy of single vector-quantities N is defined as:
Wherein: p (Xi)=| Xi|/| U |, i=1,2 ..., m, | U | it is the radix of set U, Xi represents different classifications, U generation
The set of table N vector type.
(2) Relative Entropy in department and post is calculated according to the following formula
1. computing object X removes the comentropy after oneself.Such as: when X is Finance Department, Hx (N) representative eliminates wealth
After all departments other than business department, then recalculate an entropy.
Wherein: p (Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, if | E | be the radix of set E, gather | U-Xi′
| the radix represented is U excluded froai Xi' number.
2. calculating Relative Entropy:
RHN(x)=Hx(N)/H(N)…………(3)
RHA(x) Relative Entropy of X class in N vector is represented.For each department and post.
3. according to formula (1) calculate department and post list attribute value comentropy, and according to comentropy increasing arrangement S=<
A,B>
A, B represents post and department (by comentropy descending order, here it is assumed that the comentropy ratio B of A is small).
According to attribute set sequence AS=<{ A, B }, { B }>, it is asked for the attribute set according to formula (2) and formula (3)
Its Relative Entropy RH{a}, RH{b}, a representative { A, B }, b representative { B }.
4. calculating separately the post of each work number and the weight of department occurred jointly, it is denoted as W{N}The post AS Zhong Ge department class
Other weight, is denoted as W{n}。
5. calculating the permission abnormality degree of each employee
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence
Arrange the Relative Entropy of each vector.
S3, EOF value is subjected to descending arrangement, the corresponding user role permission to be measured point of the EOF value in preceding 1%-3%
With exception.
It should be noted that the preset threshold of above-mentioned EOF value be not limited to the preceding 1%-5% enumerated, preceding 1%-3% can be with
For other zone of reasonableness, just no longer repeat one by one here.
Above description is only the preferred embodiment of the application and the explanation to institute's application technology principle.Those skilled in the art
Member is it should be appreciated that invention scope involved in the application, however it is not limited to technology made of the specific combination of above-mentioned technical characteristic
Scheme, while should also cover in the case where not departing from the inventive concept, it is carried out by above-mentioned technical characteristic or its equivalent feature
Any combination and the other technical solutions formed.Such as features described above has similar function with (but being not limited to) disclosed herein
Energy.
Claims (20)
1. a kind of user right distributes method for detecting abnormality, characterized in that the following steps are included:
Obtain the corresponding department of user role permission to be measured, post information;
According to the department, post information, the single piece of information entropy in post, the single piece of information entropy of department are calculated, each post
Relative Entropy, each department Relative Entropy, arrange the single piece of information entropy increasing of the post, department to obtain attribute
Sequence of subsets generates the Relative Entropy of the attribute set sequence and the permission abnormality degree EOF (X) of each user;
EOF value is subjected to descending arrangement, the corresponding user role authority distribution to be measured of the EOF value in preset threshold is abnormal.
2. a kind of user right according to claim 1 distributes method for detecting abnormality, characterized in that the department, post
Information includes: the list information and quantity information of display department and post mapping relations.
3. a kind of user right according to claim 1 distributes method for detecting abnormality, characterized in that according to the department,
Post information, the formula that the single piece of information entropy of the single piece of information entropy, the department that calculate the post is based on are as follows:
Wherein,
Single vector-quantities N represents department or post, p (Xi) it is the corresponding probability value of each X, p (Xi)=| Xi|/| U |, i=1,2 ...,
M, U represent the set of N vector type, | U | it is the radix of set U, XiDifferent classifications is represented, | Xi| it is set XiRadix.
4. a kind of user right according to claim 3 distributes method for detecting abnormality, characterized in that the Relative Entropy
Calculating include:
According to the department, post information, calculate the first information entropy in non-user post to be measured, non-user department to be measured second
Comentropy;
Based on the first information entropy, second comentropy, the single piece of information entropy in the post, the department single piece of information
Entropy obtains the Relative Entropy of the Relative Entropy in each post, each department.
5. a kind of user right according to claim 4 distributes method for detecting abnormality, characterized in that calculate non-user to be measured
The calculation formula that is based on of the second comentropy of the first information entropy in post, non-user department to be measured are as follows:
Wherein,
p(Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, | U-Xi' | represent U excluded froai Xi' cardinality of a set, Xi′
It represents and removes the different classifications including user to be measured, | Xi' | set Xi' radix.
6. a kind of user right according to claim 4 distributes method for detecting abnormality, characterized in that calculate Relative Entropy
The calculation formula being based on are as follows:
RHN(x)=Hx(N)/H(N)。
7. a kind of user right according to claim 1 distributes method for detecting abnormality, characterized in that when the single letter in post
When ceasing single piece of information entropy of the entropy less than department,
It is arranged according to comentropy increasing: S=<A, B>, wherein A represents post, and B represents department;
Attribute set sequence AS=<{ A, B }, { B }>, wherein { A, B } represents the primary vector in post and department's composition, { B } is represented
The secondary vector that department is formed.
8. a kind of user right according to claim 7 distributes method for detecting abnormality, characterized in that the permission of the user
Abnormality degree EOF (X) is calculated
Calculate the weight W in post in SA, department weight WB, in the attribute set sequence AS primary vector weight Wa, second
The weight W of vectorb;
The Relative Entropy of Relative Entropy, each department based on each post, the attribute set sequence
The weight W in post in the Relative Entropy of column and the SA, department weight WB, primary vector in the attribute set sequence AS
Weight Wa, secondary vector weight Wb, calculate the permission abnormality degree EOF (X) of each user.
9. a kind of user right according to claim 8 distributes method for detecting abnormality, characterized in that calculate permission abnormality degree
The calculation formula being based on are as follows:
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence respectively to
The Relative Entropy of amount.
10. a kind of user right distributes abnormality detection system, characterized in that include:
Data capture unit is configured to obtain the corresponding department of user role permission to be measured, post information;
Permission abnormality degree computing unit is configured to calculate the single piece of information in the post according to the department, post information
Entropy, the department single piece of information entropy, the Relative Entropy in each post, each department Relative Entropy, will be described
Post, department single piece of information entropy increasing arrange to obtain attribute set sequence, generate the relative information of the attribute set sequence
Entropy and the permission abnormality degree EOF (X) of each user;
Abnormal permission judgement unit is configured to carrying out EOF value into descending arrangement, EOF value in preset threshold it is corresponding to
The user role authority distribution of survey is abnormal.
11. a kind of user right according to claim 10 distributes abnormality detection system, characterized in that the department, hilllock
Position information includes: the list information and quantity information of display department and post mapping relations.
12. a kind of user right according to claim 10 distributes abnormality detection system, characterized in that according to the portion
Door, post information, the formula that the single piece of information entropy of the single piece of information entropy, the department that calculate the post is based on are as follows:
Wherein,
Single vector-quantities N is department or post, p (Xi) it is the corresponding probability value of each X, p (Xi)=| Xi|/| U |, i=1,2 ..., m,
U represents the set of N vector type, | U | it is the radix of set U, XiDifferent classifications is represented, | Xi| it is set XiRadix.
13. a kind of user right according to claim 12 distributes abnormality detection system, characterized in that the relative information
The calculating of entropy includes:
According to the department, post information, calculate the first information entropy in non-user post to be measured, non-user department to be measured second
Comentropy;
Based on the first information entropy, second comentropy, the single piece of information entropy in the post, the department single piece of information
Entropy obtains the Relative Entropy of the Relative Entropy in each post, each department.
14. a kind of user right according to claim 13 distributes abnormality detection system, characterized in that calculate non-use to be measured
The calculation formula that is based on of the second comentropy of the first information entropy in family post, non-user department to be measured are as follows:
Wherein,
p(Xi')=| Xi′|/|U-Xi' |, i=1,2 ..., m, | U-Xi' | represent U excluded froai Xi' cardinality of a set, Xi′
It represents and removes the different classifications including user to be measured, | Xi' | set Xi' radix.
15. a kind of user right according to claim 13 distributes abnormality detection system, characterized in that calculate relative information
The calculation formula that entropy is based on are as follows:
RHN(x)=Hx(N)/H(N)。
16. a kind of user right according to claim 10 distributes abnormality detection system, characterized in that single when post
When comentropy is less than the single piece of information entropy of department,
It is arranged according to comentropy increasing: S=<A, B>, wherein A represents post, and B represents department;
Attribute set sequence AS=<{ A, B }, { B }>, wherein { A, B } represents the primary vector in post and department's composition, { B } is represented
The secondary vector that department is formed.
17. a kind of user right according to claim 10 distributes abnormality detection system, characterized in that the power of the user
Limit abnormality degree EOF (X) calculates
Calculate the weight W in post in SA, department weight WB, in the attribute set sequence AS primary vector weight Wa, second
The weight W of vectorb;
The Relative Entropy of Relative Entropy, each department based on each post, the attribute set sequence
The weight W in post in the Relative Entropy of column and the SA, department weight WB, primary vector in the attribute set sequence AS
Weight Wa, secondary vector weight Wb, calculate the permission abnormality degree EOF (X) of each user.
18. a kind of user right according to claim 17 distributes abnormality detection system, characterized in that it is abnormal to calculate permission
Spend the calculation formula being based on are as follows:
Wherein,
The department attribute of X user or the Relative Entropy of post attribute are represented,Represent attribute set sequence respectively to
The Relative Entropy of amount.
19. a kind of equipment, characterized in that the equipment includes:
One or more processors;
Memory, for storing one or more programs,
When one or more of programs are executed by one or more of processors, so that one or more of processors
Execute method as claimed in any one of claims 1-9 wherein.
20. a kind of computer readable storage medium for being stored with computer program, characterized in that when the program is executed by processor
Realize method as claimed in any one of claims 1-9 wherein.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810966323.4A CN109409042B (en) | 2018-08-23 | 2018-08-23 | User authority distribution abnormity detection system, method, equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810966323.4A CN109409042B (en) | 2018-08-23 | 2018-08-23 | User authority distribution abnormity detection system, method, equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109409042A true CN109409042A (en) | 2019-03-01 |
CN109409042B CN109409042B (en) | 2021-04-20 |
Family
ID=65464387
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810966323.4A Active CN109409042B (en) | 2018-08-23 | 2018-08-23 | User authority distribution abnormity detection system, method, equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109409042B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101645884A (en) * | 2009-08-26 | 2010-02-10 | 西安理工大学 | Multi-measure network abnormity detection method based on relative entropy theory |
CN103281293A (en) * | 2013-03-22 | 2013-09-04 | 南京江宁台湾农民创业园发展有限公司 | Network flow rate abnormity detection method based on multi-dimension layering relative entropy |
CN104766023A (en) * | 2015-02-02 | 2015-07-08 | 苏州全维软件科技有限公司 | User management method based on ORACLE database |
CN105303084A (en) * | 2015-09-24 | 2016-02-03 | 北京奇虎科技有限公司 | Privilege management system and method |
US20170192098A1 (en) * | 2015-12-30 | 2017-07-06 | Jeongho Cho | Apparatus and method for ionospheric anomaly monitoring using kullback-leibler divergence metric for gbas |
CN107123989A (en) * | 2017-05-25 | 2017-09-01 | 国网上海市电力公司 | A kind of topology identification method based on improved local outlier factor algorithm |
CN107169768A (en) * | 2016-03-07 | 2017-09-15 | 阿里巴巴集团控股有限公司 | The acquisition methods and device of abnormal transaction data |
CN107169616A (en) * | 2017-07-21 | 2017-09-15 | 西安科技大学 | Mine unworked country constructs the relative entropy Forecasting Methodology of relative component degree |
CN107231348A (en) * | 2017-05-17 | 2017-10-03 | 桂林电子科技大学 | A kind of network flow abnormal detecting method based on relative entropy theory |
CN108270778A (en) * | 2017-12-29 | 2018-07-10 | 中国互联网络信息中心 | A kind of DNS domain name abnormal access detection method and device |
-
2018
- 2018-08-23 CN CN201810966323.4A patent/CN109409042B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101645884A (en) * | 2009-08-26 | 2010-02-10 | 西安理工大学 | Multi-measure network abnormity detection method based on relative entropy theory |
CN103281293A (en) * | 2013-03-22 | 2013-09-04 | 南京江宁台湾农民创业园发展有限公司 | Network flow rate abnormity detection method based on multi-dimension layering relative entropy |
CN104766023A (en) * | 2015-02-02 | 2015-07-08 | 苏州全维软件科技有限公司 | User management method based on ORACLE database |
CN105303084A (en) * | 2015-09-24 | 2016-02-03 | 北京奇虎科技有限公司 | Privilege management system and method |
US20170192098A1 (en) * | 2015-12-30 | 2017-07-06 | Jeongho Cho | Apparatus and method for ionospheric anomaly monitoring using kullback-leibler divergence metric for gbas |
CN107169768A (en) * | 2016-03-07 | 2017-09-15 | 阿里巴巴集团控股有限公司 | The acquisition methods and device of abnormal transaction data |
CN107231348A (en) * | 2017-05-17 | 2017-10-03 | 桂林电子科技大学 | A kind of network flow abnormal detecting method based on relative entropy theory |
CN107123989A (en) * | 2017-05-25 | 2017-09-01 | 国网上海市电力公司 | A kind of topology identification method based on improved local outlier factor algorithm |
CN107169616A (en) * | 2017-07-21 | 2017-09-15 | 西安科技大学 | Mine unworked country constructs the relative entropy Forecasting Methodology of relative component degree |
CN108270778A (en) * | 2017-12-29 | 2018-07-10 | 中国互联网络信息中心 | A kind of DNS domain name abnormal access detection method and device |
Non-Patent Citations (3)
Title |
---|
李向军等: "《基于相对邻域嫡的直推式网络异常检测算法》", 《计算机工程》 * |
李蕊等: "《基于嫡的网络异常流量检测研究综述》", 《计算机系统应用》 * |
杨建平等: "《基于改进局部异常因子算法的拓扑辨识技术》", 《计算机系统应用》 * |
Also Published As
Publication number | Publication date |
---|---|
CN109409042B (en) | 2021-04-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Van Eck et al. | A comparison of two techniques for bibliometric mapping: Multidimensional scaling and VOS | |
Chen et al. | Correlation coefficients of hesitant fuzzy sets and their applications to clustering analysis | |
KR101593910B1 (en) | System for online monitering individual information and method of online monitering the same | |
CN109118197A (en) | A kind of electricity marketization daily electricity data processing system and method | |
JP5680160B1 (en) | Service analysis apparatus and operation method thereof | |
Li et al. | Recommending users and communities in social media | |
Liu et al. | Application of hierarchical clustering in tax inspection case-selecting | |
CN101246579A (en) | Device, system and method for bank rate risk evaluation and monitoring | |
Harel et al. | M-score: estimating the potential damage of data leakage incident by assigning misuseability weight | |
Anas et al. | Impact of financial inclusion towards poverty in Indonesia | |
CN109409042A (en) | A kind of user right distribution abnormality detection system, method, equipment and storage medium | |
Demeshev et al. | BVAR mapping | |
Son | Evaluating social protection programs in Tajikistan | |
Ibrahim et al. | Consumer confidence indicators and economic fluctuations in Nigeria | |
CN104463448A (en) | Emergency plan estimating system based on case reasoning | |
CN113989005A (en) | Tax risk enterprise mining method and device | |
Goel et al. | End-to-end process extraction in process unaware systems | |
Rusanovskiy et al. | Youth unemployment in Russian Regions and assessment of the economic loss | |
Munshi | Do minimum wages reduce employment? Some empirical evidence from Bangladesh | |
CN105844414A (en) | Method for evaluating dangerous chemical safety management | |
Sim et al. | The development of the DEA-AR model using multiple regression analysis and efficiency evaluation of regional corporation in Korea | |
CN103412814A (en) | Mobile terminal system safety test and intelligent repair system and method | |
Sun et al. | Cloud computing risk assessment method based on game theory | |
Frand et al. | The seventh annual UCLA survey of business school computer usage | |
Saito et al. | Bicluster-network method and its application to movie recommendation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |