CN109617924A - A kind of account usage behavior detection method and device - Google Patents
A kind of account usage behavior detection method and device Download PDFInfo
- Publication number
- CN109617924A CN109617924A CN201910078341.3A CN201910078341A CN109617924A CN 109617924 A CN109617924 A CN 109617924A CN 201910078341 A CN201910078341 A CN 201910078341A CN 109617924 A CN109617924 A CN 109617924A
- Authority
- CN
- China
- Prior art keywords
- usage behavior
- login
- account
- behavior
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Present disclose provides a kind of account usage behavior detection method and device, wherein the described method includes: whether the usage behavior that detection repeatedly logs in target account belongs to continuous login behavior;If the usage behavior is not belonging to continuous login behavior, login feature parameter corresponding to the usage behavior is obtained;According to the login feature parameter, determine whether the usage behavior belongs to the target usage behavior that multiple users use same account in different time sections.The disclosure can more accurately and efficiently detect that data share exchange platform interior uses the target usage behavior of same account with the presence or absence of multiple users in different time sections, to preferably protect account number safety and data safety.
Description
Technical field
This disclosure relates to account number safety management domain more particularly to a kind of account usage behavior detection method and device.
Background technique
Currently, often having what an account was used by multiple users in different time sections in data share exchange platform
Risk, the serious risk for being easy to cause data leak and being destroyed.
The risk that the prior art is usurped primarily directed to account by external staff lacks multiple users in identification internal staff
The scheme of an account is used in different time sections.
Summary of the invention
In view of this, present disclose provides a kind of account usage behavior detection method and device, to solve in the related technology
Deficiency.
According to the first aspect of the embodiments of the present disclosure, a kind of account usage behavior detection method is provided, which comprises
Whether the usage behavior that detection repeatedly logs in target account belongs to continuous login behavior;
If the usage behavior is not belonging to continuous login behavior, login feature corresponding to the usage behavior is obtained
Parameter;
According to the login feature parameter, determine whether the usage behavior belongs to multiple users and use in different time sections
The target usage behavior of same account.
Optionally, whether the usage behavior that the detection repeatedly logs in target account belongs to continuous login behavior, comprising:
In login log to be detected, when obtaining login time point all corresponding to the target account and publishing
Between point;
If at least one corresponding logout time point of the target account is between the adjacent point of login time twice
In period, it is determined that the usage behavior for repeatedly logging in target account is not belonging to continuous login behavior.
Optionally, the login feature parameter includes at least one of the following:
Log in the business behaviour executed after internet protocol address, the device identification of logging device, login time point, login
Make, execute the uniform resource position mark URL address of the operating time section and login of the business operation.
It is optionally, described to obtain login feature parameter corresponding to the usage behavior, comprising:
From login log to be detected, operation log to be detected and flowing of access data to be detected, described in acquisition
The login feature parameter each of corresponding to usage behavior.
Optionally, described according to the login feature parameter, determine whether the usage behavior belongs to multiple users not
The target usage behavior of same account is used with the period, comprising:
In the history usage behavior model pre-established, it is special to determine that target histories corresponding with the target account log in
Levy parameter;The history usage behavior model includes historical log characteristic parameter corresponding with each account;
If the login feature parameter does not meet the corresponding target and goes through either one or two of corresponding to the usage behavior
History login feature parameter, it is determined that the usage behavior belongs to the mesh that multiple users use same account in different time sections
Mark usage behavior.
Optionally, the history usage behavior model is established in the following ways:
Obtain the history usage behavior data in preset time period corresponding with each account;The history usage behavior number
According to including in all data in historical log log, all data in historical operation log and history flowing of access data
All data;
The history usage behavior data are analyzed using preset frequent item set algorithm, determining and each account pair
The historical log characteristic parameter answered.
According to the second aspect of an embodiment of the present disclosure, a kind of account usage behavior detection device is provided, described device includes:
First detection module, whether the usage behavior for being configured as detecting repeatedly login target account, which belongs to continuous log in, is gone
For;
Parameter acquisition module makes described in acquisition if being configured as the usage behavior is not belonging to continuous login behavior
The login feature parameter corresponding to behavior;
Second detection module is configured as that it is more to determine whether the usage behavior belongs to according to the login feature parameter
A user uses the target usage behavior of same account in different time sections.
Optionally, the first detection module includes:
First acquisition submodule is configured as in login log to be detected, obtains corresponding to the target account
All login time points and logout time point;
First determines submodule, if being configured as at least one corresponding logout time point of the target account is located at phase
In period between adjacent login time point twice, it is determined that the usage behavior for repeatedly logging in target account is not belonging to continuously log in
Behavior.
Optionally, the login feature parameter includes at least one of the following:
Log in the business behaviour executed after internet protocol address, the device identification of logging device, login time point, login
Make, execute the uniform resource position mark URL address of the operating time section and login of the business operation.
Optionally, the parameter acquisition module includes:
Second acquisition submodule is configured as from login log to be detected, operation log to be detected and to be detected
In flowing of access data, the login feature parameter each of is obtained corresponding to the usage behavior.
Optionally, second detection module includes:
Second determines submodule, is configured as in the history usage behavior model pre-established, the determining and target
The corresponding target histories login feature parameter of account;It include history corresponding with each account in the history usage behavior model
Login feature parameter;
Third determines submodule, if either one or two of being configured as corresponding to the usage behavior login feature parameter
The corresponding target histories login feature parameter is not met, it is determined that the usage behavior belongs to multiple users in different time
Section uses the target usage behavior of same account.
Optionally, described device further include:
Data acquisition module is configured as obtaining the history usage behavior number in preset time period corresponding with each account
According to;The history usage behavior data include all data in historical log log, all data in historical operation log
With all data in history flowing of access data;
Model building module is configured as carrying out the history usage behavior data using preset frequent item set algorithm
Analysis determines the historical log characteristic parameter corresponding with each account.
According to the third aspect of an embodiment of the present disclosure, a kind of computer readable storage medium is provided, the storage medium is deposited
Computer program is contained, the computer program is for executing account usage behavior detection method described in above-mentioned first aspect.
According to a fourth aspect of embodiments of the present disclosure, a kind of account usage behavior detection device is provided, described device includes:
Processor;
Memory for storage processor executable instruction;
Wherein, the processor is configured to:
Whether the usage behavior that detection repeatedly logs in target account belongs to continuous login behavior;
If the usage behavior is not belonging to continuous login behavior, login feature corresponding to the usage behavior is obtained
Parameter;
According to the login feature parameter, determine whether the usage behavior belongs to multiple users and use in different time sections
The target usage behavior of same account.
The technical scheme provided by this disclosed embodiment can include the following benefits:
In the embodiment of the present disclosure, whether the usage behavior that can first detect repeatedly login target account, which belongs to continuous log in, is gone
For when the usage behavior is not belonging to continuously log in behavior, according to login feature parameter corresponding to the usage behavior, really
Whether the fixed usage behavior belongs to the target usage behavior that multiple users use same account in different time sections.By above-mentioned
Process can more accurately and efficiently detect data share exchange platform interior with the presence or absence of multiple users in different time
Section uses the target usage behavior of same account, to preferably protect account number safety and data safety.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not
The disclosure can be limited.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the disclosure
Example, and together with specification for explaining the principles of this disclosure.
Fig. 1 is a kind of disclosure account usage behavior detection method flow chart shown according to an exemplary embodiment;
Fig. 2 is the disclosure another account usage behavior detection method flow chart shown according to an exemplary embodiment;
Fig. 3 is the disclosure another account usage behavior detection method flow chart shown according to an exemplary embodiment;
Fig. 4 is the disclosure another account usage behavior detection method flow chart shown according to an exemplary embodiment;
Fig. 5 is a kind of disclosure account usage behavior detection device block diagram shown according to an exemplary embodiment;
Fig. 6 is the disclosure another account usage behavior detection device block diagram shown according to an exemplary embodiment;
Fig. 7 is the disclosure another account usage behavior detection device block diagram shown according to an exemplary embodiment;
Fig. 8 is the disclosure another account usage behavior detection device block diagram shown according to an exemplary embodiment;
Fig. 9 is the disclosure another account usage behavior detection device block diagram shown according to an exemplary embodiment;
Figure 10 is a kind of disclosure one for account usage behavior detection device shown according to an exemplary embodiment
Structural schematic diagram.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all implementations consistent with this disclosure.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects be described in detail in claims, the disclosure.
It is only to be not intended to be limiting the disclosure merely for for the purpose of describing particular embodiments in the term of disclosure operation.
The "an" of the singular run in disclosure and the accompanying claims book, " described " and "the" are also intended to including majority
Form, unless the context clearly indicates other meaning.It is also understood that the term "and/or" run herein refers to and wraps
It may be combined containing one or more associated any or all of project listed.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the disclosure
A little information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not departing from
In the case where disclosure range, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as
One information.Depending on context, as run at this word " if " can be construed to " and ... when " or " when ...
When " or " in response to determination ".
The account usage behavior detection method that the embodiment of the present disclosure provides can be used for data share exchange platform.Such as Fig. 1
Shown, Fig. 1 is a kind of account usage behavior detection method shown according to an exemplary embodiment, comprising the following steps:
In a step 101, whether the usage behavior that detection repeatedly logs in target account belongs to continuous login behavior;
In a step 102, if the usage behavior is not belonging to continuous login behavior, it is right to obtain the usage behavior institute
The login feature parameter answered;
In step 103, according to the login feature parameter, determine whether the usage behavior belongs to multiple users not
The target usage behavior of same account is used with the period.
In above-described embodiment, whether the usage behavior that can first detect repeatedly login target account, which belongs to continuous log in, is gone
For when the usage behavior is not belonging to continuously log in behavior, according to login feature parameter corresponding to the usage behavior, really
Whether the fixed usage behavior belongs to the target usage behavior that multiple users use same account in different time sections.By above-mentioned
Process can more accurately and efficiently detect data share exchange platform interior with the presence or absence of multiple users in different time
Section uses the target usage behavior of same account, to preferably protect account number safety and data safety.
For above-mentioned steps 101, as shown in Fig. 2, Fig. 2 is another shown on the basis of aforementioned embodiment illustrated in fig. 1
Kind account usage behavior detection method, step 101 may comprise steps of:
In step 101-1, in login log to be detected, login all corresponding to the target account is obtained
Time point and logout time point;
In this step, each account login time point and logout time point etc. have been had recorded in login log to be detected
Information, data share exchange platform can extract the corresponding all logins of target account from the login log to be detected
Time point and logout time point, such as shown in table 1.Wherein, the target account can be any of all accounts.
Table 1
In step 101-2, if at least one corresponding logout time point of the target account is stepped on twice positioned at adjacent
It records in the period between time point, it is determined that the usage behavior for repeatedly logging in target account is not belonging to continuous login behavior.
In this step, if the target account twice in succession in the period between login time point, has user to publish
The target account, i.e., at least one corresponding logout time point of the described target account is between the adjacent point of login time twice
Period in, then can determine that the usage behavior for repeatedly logging in the target account is not belonging to continuous login behavior.
The embodiment of the present disclosure is not belonging to the case where continuously logging in behavior only for the usage behavior.
For example, the logout time point 9:03 according to target account in table 1 December 1 is located at 9:01 between 10:00
In period, therefore the usage behavior that twice logs in the target account of the target account December 1 is not belonging to continuously log in
Behavior.
For above-mentioned steps 102, optionally, in the embodiments of the present disclosure, the login feature parameter may include following
At least one of: log in IP (Internet Protocol, Internet protocol) address, the device identification of logging device, login time
The business operation executed after point, login, the URL (Uniform for executing the operating time section of the business operation and logging in
Resource Locator, uniform resource locator) address.
In this step, data share exchange platform obtains the target account pair from login log to be detected
The login time point answered further can also obtain the corresponding login of the target account from login log to be detected
The device identification of IP address and logging device.
It was wherein once stepped on December 1 for example, data share exchange platform logs in extract in log in account to be detected
Recording the corresponding login IP address of the target account is address 1, and the device identification of logging device is equipment a.Another login institute
Stating the corresponding login IP address of target account is address 2, and the device identification of logging device is equipment b.
In the embodiment of the present disclosure, flowing of access data manipulation log recording is business performed after all accounts log in
The operation flow link of catalogue submission is performed after which operation flow link in operating process, such as account A login.And it visits
It asks and has recorded specific business operation performed every time after all accounts log in data on flows.Such as it is held after the login of target account
Online editing catalogue, upload catalogue in the operation flow link of catalogue of having gone submission, submission three business operations of catalogue.
In this step, data share exchange platform needs to combine operation log to be detected and flowing of access to be detected
Data are analyzed simultaneously, so that it is determined that business operation and the execution business operation that the target account executes after logging in
Operating time section.
Further, the access of target account is also recorded in operation log to be detected and flowing of access data to be detected
All addresses URL, data share exchange platform can be from operation log to be detected and flowing of access data to be detected
The corresponding address URL accessed of the usage behavior is obtained, such as wherein once logs in the target account and has accessed the address URL
1, another time the login target account has accessed the address URL 2, logs in the target account for the third time and has accessed address URL 2 etc.
Deng.
For above-mentioned steps 103, as shown in figure 3, Fig. 3 is another shown on the basis of aforementioned embodiment illustrated in fig. 1
Kind account usage behavior detection method, step 103 may comprise steps of:
In step 103-1, in the history usage behavior model pre-established, determination is corresponding with the target account
Target histories login feature parameter;
In the embodiments of the present disclosure, data share exchange platform has pre-established history usage behavior model, described
It include historical log characteristic parameter corresponding with each account in history usage behavior model, such as shown in table 2.
Table 2
Optionally, the historical log time point in table 2 can be extended to historical log period, such as historical log time
Point was substantially distributed in this period of 9:00-10:00, then the historical log period is just 9:00-10:00.In this step, number
It can directly determine target histories corresponding with target account according to history usage behavior model according to shared switching plane and log in spy
Levy parameter.
Such as target account is account A, then historical log characteristic parameter corresponding with account A is target histories in table 2
Login feature parameter.
In step 103-2, if the login feature parameter does not meet phase either one or two of corresponding to the usage behavior
The target histories login feature parameter answered, it is determined that the usage behavior belongs to multiple users and uses together in different time sections
The target usage behavior of one account.Otherwise, in the embodiments of the present disclosure, it can determine that the usage behavior belongs to same user and exists
Different time sections use the behavior of same account.
For example, the login IP address for repeatedly logging in target account is IP address 1 and IP address 3, the usage behavior institute is right
The device identification for the logging device answered is equipment a, the point of login time corresponding to the usage behavior be 9:00,9:30 and
10:00, corresponding to the usage behavior after the business operation that executes be online editing catalogue, the operating time section is respectively
9:05-9:40 and 11:07-11:25, the address URL of login corresponding to the usage behavior is the address URL 1, then if described
Any one login feature parameter corresponding to usage behavior does not meet the target histories login feature ginseng of target account in table 2
Number, it is determined that the usage behavior belongs to the target usage behavior.Wherein if login time point is not located at historical log
Between in section, then can determine that the point parameter of login time corresponding to the usage behavior does not meet target histories login feature ginseng
Number.
In one embodiment, as shown in figure 4, Fig. 4 is another account shown on the basis of aforementioned embodiment illustrated in fig. 1
Number usage behavior detection method, the process for establishing the history usage behavior model may comprise steps of:
In step 100-1, the history usage behavior data in preset time period corresponding with each account are obtained;
In the embodiment of the present disclosure, optionally, the history usage behavior data include all numbers in historical log log
According to all data in all data and history flowing of access data in, historical operation log.History usage behavior data its
In, the preset time period can be daily, every three days, weekly, monthly etc..
In step 100-2, the history usage behavior data are analyzed using preset frequent item set algorithm, really
Fixed historical log characteristic parameter corresponding with each account.
In the embodiment of the present disclosure, optionally, the preset frequent item set algorithm can be Apriori algorithm, and data are total
It enjoys switching plane and is analyzed according to Apriori algorithm in the prior art using history usage behavior data as data source, can be obtained
Historical log characteristic parameter corresponding with each account is taken, so that history usage behavior model is established, the history usage behavior mould
Type can be as shown in Table 2 above.
In above-described embodiment, each account can be determined by data share exchange platform according to history usage behavior data
Corresponding historical log characteristic parameter realizes easy, availability height so as to establish history usage behavior model.
Corresponding with preceding method embodiment, the disclosure additionally provides the embodiment of device.
As shown in figure 5, Fig. 5 is a kind of disclosure account usage behavior detection device shown according to an exemplary embodiment
Block diagram, described device include:
First detection module 210, whether the usage behavior for being configured as detecting repeatedly login target account, which belongs to, is continuously stepped on
Record behavior;
Parameter acquisition module 220, if being configured as the usage behavior is not belonging to continuous login behavior, obtain described in
Login feature parameter corresponding to usage behavior;
Second detection module 230 is configured as determining whether the usage behavior belongs to according to the login feature parameter
Multiple users use the target usage behavior of same account in different time sections.
As shown in fig. 6, Fig. 6 disclosure another account usage behavior detection device shown according to an exemplary embodiment
Block diagram, on the basis of 5 embodiment of earlier figures, the first detection module 210 includes: the embodiment
First acquisition submodule 211 is configured as in login log to be detected, obtains corresponding to the target account
All login time points and logout time point;
First determines submodule 212, if being configured as at least one corresponding logout time point of the target account
In period between the adjacent point of login time twice, it is determined that the usage behavior for repeatedly logging in target account is not belonging to continuously
Login behavior.
Optionally, the login feature parameter includes at least one of the following:
Log in the business behaviour executed after internet protocol address, the device identification of logging device, login time point, login
Make, execute the uniform resource position mark URL address of the operating time section and login of the business operation.
As shown in fig. 7, Fig. 7 disclosure another account usage behavior detection device shown according to an exemplary embodiment
Block diagram, on the basis of 5 embodiment of earlier figures, the parameter acquisition module 220 includes: the embodiment
Second acquisition submodule 221 is configured as from login log to be detected, operation log to be detected and to be detected
Flowing of access data in, each of obtain corresponding to the usage behavior login feature parameter.
As shown in figure 8, Fig. 8 disclosure another account usage behavior detection device shown according to an exemplary embodiment
Block diagram, on the basis of 5 embodiment of earlier figures, second detection module 230 includes: the embodiment
Second determines submodule 231, is configured as in the history usage behavior model pre-established, the determining and mesh
Mark the corresponding target histories login feature parameter of account;It include go through corresponding with each account in the history usage behavior model
History login feature parameter;
Third determines submodule 232, if either one or two of being configured as corresponding to the usage behavior login feature
Parameter does not meet the corresponding target histories login feature parameter, it is determined that the usage behavior belongs to multiple users in difference
Period uses the target usage behavior of same account.
As shown in figure 9, Fig. 9 disclosure another account usage behavior detection device shown according to an exemplary embodiment
Block diagram, the embodiment is on the basis of 5 embodiment of earlier figures, described device further include:
Data acquisition module 240 is configured as obtaining the history in preset time period corresponding with each account and uses row
For data;The history usage behavior data include all data in historical log log, all in historical operation log
All data in data and history flowing of access data;
Model building module 250 is configured as using preset frequent item set algorithm to the history usage behavior data
It is analyzed, determines the historical log characteristic parameter corresponding with each account.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality
Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein being used as separate part description
Unit may or may not be physically separated, component shown as a unit may or may not be
Physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to the actual needs
Some or all of the modules therein is selected to realize the purpose of disclosure scheme.Those of ordinary skill in the art are not paying wound
In the case that the property made is worked, it can understand and implement.
Correspondingly, the disclosure also provides a kind of computer readable storage medium, the storage medium is stored with computer journey
Sequence, the computer program are used to execute any of the above-described account usage behavior detection method.
Correspondingly, the disclosure also provides a kind of account usage behavior detection device, described device includes:
Processor;
Memory for storage processor executable instruction;
Wherein, the processor is configured to:
Whether the usage behavior that detection repeatedly logs in target account belongs to continuous login behavior;
If the usage behavior is not belonging to continuous login behavior, login feature corresponding to the usage behavior is obtained
Parameter;
According to the login feature parameter, determine whether the usage behavior belongs to multiple users and use in different time sections
The target usage behavior of same account.
As shown in Figure 10, Figure 10 is shown according to an exemplary embodiment a kind of for account usage behavior detection device
1000 structural schematic diagram.For example, device 1000 may be provided as a data share exchange platform.Referring to Fig.1 0, device
1000 include processing component 1022, further comprises one or more processors, and deposit as representated by memory 1032
Memory resource, can be by the instruction of the execution of processing component 1022, such as application program for storing.It is stored in memory 1032
Application program may include it is one or more each correspond to one group of instruction module.In addition, processing component 1022
It is configured as executing instruction, to execute any of the above-described account usage behavior detection method.
Device 1000 can also include that a power supply module 1026 be configured as the power management of executive device 1000, and one
Wired or wireless network interface 1050 is configured as device 1000 being connected to network and input and output (I/O) interface
1058.Device 1000 can be operated based on the operating system for being stored in memory 1032, such as Windows ServerTM, Mac
OS XTM, UnixTM, LinuxTM, FreeB SDTM or similar.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the disclosure
Its embodiment.The disclosure is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes or
Person's adaptive change follows the general principles of this disclosure and including the undocumented common knowledge in the art of the disclosure
Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the disclosure are by following
Claim point out.
The foregoing is merely the preferred embodiments of the disclosure, not to limit the disclosure, all essences in the disclosure
Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of disclosure protection.
Claims (14)
1. a kind of account usage behavior detection method, which is characterized in that the described method includes:
Whether the usage behavior that detection repeatedly logs in target account belongs to continuous login behavior;
If the usage behavior is not belonging to continuous login behavior, the ginseng of login feature corresponding to the usage behavior is obtained
Number;
According to the login feature parameter, determine the usage behavior whether belong to multiple users used in different time sections it is same
The target usage behavior of account.
2. the method according to claim 1, wherein the usage behavior that the detection repeatedly logs in target account is
It is no to belong to continuous login behavior, comprising:
In login log to be detected, login time point and logout time all corresponding to the target account are obtained
Point;
If time of at least one the corresponding logout time point of the target account between the adjacent point of login time twice
In section, it is determined that the usage behavior for repeatedly logging in target account is not belonging to continuous login behavior.
3. the method according to claim 1, wherein the login feature parameter includes at least one of the following:
Log in internet protocol address, the device identification of logging device, login time point, the business operation executed after login,
Execute the uniform resource position mark URL address of the operating time section and login of the business operation.
4. according to the method described in claim 3, it is characterized in that, described obtain login feature corresponding to the usage behavior
Parameter, comprising:
From login log to be detected, operation log to be detected and flowing of access data to be detected, the use is obtained
The login feature parameter each of corresponding to behavior.
5. according to the method described in claim 3, it is characterized in that, described according to the login feature parameter, determine described in make
Whether belong to target usage behavior of multiple users in different time sections using same account with behavior, comprising:
In the history usage behavior model pre-established, target histories login feature ginseng corresponding with the target account is determined
Number;It include historical log characteristic parameter corresponding with each account in the history usage behavior model;
If the login feature parameter does not meet the corresponding target histories and steps on either one or two of corresponding to the usage behavior
Record characteristic parameter, it is determined that the usage behavior is belonged to multiple users and made in different time sections using the target of same account
Use behavior.
6. according to the method described in claim 5, it is characterized in that, establishing the history usage behavior mould in the following ways
Type:
Obtain the history usage behavior data in preset time period corresponding with each account;The history usage behavior history makes
It include all data in historical log log, all data in historical operation log and history flowing of access with behavioral data
All data in data;
The history usage behavior data are analyzed using preset frequent item set algorithm, determination is corresponding with each account
The historical log characteristic parameter.
7. a kind of account usage behavior detection device, which is characterized in that described device includes:
Whether first detection module, the usage behavior for being configured as detecting repeatedly login target account belong to continuous login behavior;
Parameter acquisition module obtains described using row if being configured as the usage behavior is not belonging to continuous login behavior
For corresponding login feature parameter;
Second detection module is configured as determining whether the usage behavior belongs to multiple use according to the login feature parameter
Family uses the target usage behavior of same account in different time sections.
8. device according to claim 7, which is characterized in that the first detection module includes:
First acquisition submodule is configured as in login log to be detected, obtains corresponding to the target account and owns
Login time point and logout time point;
First determines submodule, if being configured as at least one corresponding logout time point of the target account positioned at adjacent two
In period between secondary login time point, it is determined that the usage behavior for repeatedly logging in target account is not belonging to continuously log in row
For.
9. device according to claim 7, which is characterized in that the login feature parameter includes at least one of the following:
Log in internet protocol address, the device identification of logging device, login time point, the business operation executed after login,
Execute the uniform resource position mark URL address of the operating time section and login of the business operation.
10. device according to claim 9, which is characterized in that the parameter acquisition module includes:
Second acquisition submodule is configured as from login log, operation log to be detected and access to be detected to be detected
In data on flows, the login feature parameter each of is obtained corresponding to the usage behavior.
11. device according to claim 9, which is characterized in that second detection module includes:
Second determines submodule, is configured as in the history usage behavior model pre-established, the determining and target account
Corresponding target histories login feature parameter;It include historical log corresponding with each account in the history usage behavior model
Characteristic parameter;
Third determines submodule, is not inconsistent if either one or two of being configured as corresponding to the usage behavior login feature parameter
Close the corresponding target histories login feature parameter, it is determined that the usage behavior belongs to multiple users and makes in different time sections
With the target usage behavior of same account.
12. device according to claim 11, which is characterized in that described device further include:
Data acquisition module, the history usage behavior history for being configured as obtaining in preset time period corresponding with each account make
Use behavioral data;The history usage behavior history usage behavior data include all data, history in historical log log
All data in all data and history flowing of access data in operation log;
Model building module is configured as dividing the history usage behavior data using preset frequent item set algorithm
Analysis determines the historical log characteristic parameter corresponding with each account.
13. a kind of computer readable storage medium, which is characterized in that the storage medium is stored with computer program, the meter
Calculation machine program is used to execute any account usage behavior detection method of the claims 1-6.
14. a kind of account usage behavior detection device, which is characterized in that described device includes:
Processor;
Memory for storage processor executable instruction;
Wherein, the processor is configured to:
Whether the usage behavior that detection repeatedly logs in target account belongs to continuous login behavior;
If the usage behavior is not belonging to continuous login behavior, the ginseng of login feature corresponding to the usage behavior is obtained
Number;
According to the login feature parameter, determine the usage behavior whether belong to multiple users used in different time sections it is same
The target usage behavior of account.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910078341.3A CN109617924B (en) | 2019-01-28 | 2019-01-28 | Account use behavior detection method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910078341.3A CN109617924B (en) | 2019-01-28 | 2019-01-28 | Account use behavior detection method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109617924A true CN109617924A (en) | 2019-04-12 |
CN109617924B CN109617924B (en) | 2022-04-26 |
Family
ID=66020818
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910078341.3A Active CN109617924B (en) | 2019-01-28 | 2019-01-28 | Account use behavior detection method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109617924B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110035087A (en) * | 2019-04-24 | 2019-07-19 | 全知科技(杭州)有限责任公司 | A kind of method, apparatus, equipment and storage medium from flow reduction account information |
CN111970250A (en) * | 2020-07-27 | 2020-11-20 | 深信服科技股份有限公司 | Method for identifying account sharing, electronic device and storage medium |
CN112417439A (en) * | 2019-08-21 | 2021-02-26 | 北京达佳互联信息技术有限公司 | Account detection method, device, server and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102769582A (en) * | 2012-08-02 | 2012-11-07 | 深圳中兴网信科技有限公司 | Logical server, instant messaging system and instant messaging method |
CN104348809A (en) * | 2013-08-02 | 2015-02-11 | 深圳市腾讯计算机系统有限公司 | Network security monitoring method and system |
CN104468249A (en) * | 2013-09-17 | 2015-03-25 | 深圳市腾讯计算机系统有限公司 | Method and device for detecting abnormal account number |
CN109005156A (en) * | 2018-07-05 | 2018-12-14 | 泰康保险集团股份有限公司 | The shared determination method and device of account |
-
2019
- 2019-01-28 CN CN201910078341.3A patent/CN109617924B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102769582A (en) * | 2012-08-02 | 2012-11-07 | 深圳中兴网信科技有限公司 | Logical server, instant messaging system and instant messaging method |
CN104348809A (en) * | 2013-08-02 | 2015-02-11 | 深圳市腾讯计算机系统有限公司 | Network security monitoring method and system |
CN104468249A (en) * | 2013-09-17 | 2015-03-25 | 深圳市腾讯计算机系统有限公司 | Method and device for detecting abnormal account number |
CN109005156A (en) * | 2018-07-05 | 2018-12-14 | 泰康保险集团股份有限公司 | The shared determination method and device of account |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110035087A (en) * | 2019-04-24 | 2019-07-19 | 全知科技(杭州)有限责任公司 | A kind of method, apparatus, equipment and storage medium from flow reduction account information |
CN110035087B (en) * | 2019-04-24 | 2021-03-26 | 全知科技(杭州)有限责任公司 | Method, device, equipment and storage medium for recovering account information from traffic |
CN112417439A (en) * | 2019-08-21 | 2021-02-26 | 北京达佳互联信息技术有限公司 | Account detection method, device, server and storage medium |
CN112417439B (en) * | 2019-08-21 | 2023-12-29 | 北京达佳互联信息技术有限公司 | Account detection method, device, server and storage medium |
CN111970250A (en) * | 2020-07-27 | 2020-11-20 | 深信服科技股份有限公司 | Method for identifying account sharing, electronic device and storage medium |
CN111970250B (en) * | 2020-07-27 | 2023-03-17 | 深信服科技股份有限公司 | Method for identifying account sharing, electronic device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN109617924B (en) | 2022-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109863516B (en) | System and method for providing trusted network platform | |
AU2011349515B2 (en) | Techniques for network replication | |
CN105224606B (en) | A kind of processing method and processing device of user identifier | |
CN103930897B (en) | Mobile solution, single-sign-on management | |
JP6095491B2 (en) | How to predict call topics | |
JP2022512192A (en) | Systems and methods for behavioral threat detection | |
CN109617924A (en) | A kind of account usage behavior detection method and device | |
CN104516730B (en) | A kind of data processing method and device | |
JP2019510320A (en) | Problem prediction method and system | |
CN107832275A (en) | The generation method of intelligent Contract ID, apparatus and system in block chain | |
CN107241296A (en) | A kind of Webshell detection method and device | |
CN107172177A (en) | A kind of information recommendation method and device | |
CN106471543A (en) | The user mutual association of the multiple applications on client device | |
Taherdoost | An overview of trends in information systems: Emerging technologies that transform the information technology industry | |
CN105593889A (en) | Presentation of product recommendations based on social informatics | |
CN104270391B (en) | A kind of processing method and processing device of access request | |
CN106817235A (en) | The detection method and device of website abnormal visit capacity | |
JP2022512195A (en) | Systems and methods for behavioral threat detection | |
CN107733883A (en) | A kind of method and device for detecting batch registration account | |
CN108280560A (en) | A kind of anti-brush method and device of subject evaluation | |
Ramathilagam et al. | Workflow scheduling in cloud environment using a novel metaheuristic optimization algorithm | |
CN109600398A (en) | A kind of account usage behavior detection method and device | |
CN107506355A (en) | Object group technology and device | |
CN104468794A (en) | Login simulating method and device for website | |
CN110335032A (en) | Method for processing business and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |