CN110750786B - Method and system for detecting abnormal access behavior of account to sensitive data - Google Patents
Method and system for detecting abnormal access behavior of account to sensitive data Download PDFInfo
- Publication number
- CN110750786B CN110750786B CN201911045981.0A CN201911045981A CN110750786B CN 110750786 B CN110750786 B CN 110750786B CN 201911045981 A CN201911045981 A CN 201911045981A CN 110750786 B CN110750786 B CN 110750786B
- Authority
- CN
- China
- Prior art keywords
- account
- access
- access behavior
- similarity
- vector
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/22—Matching criteria, e.g. proximity measures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Hardware Design (AREA)
- Artificial Intelligence (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- Debugging And Monitoring (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a method and a system for detecting the abnormal access behavior of an account to sensitive data, which comprises the following steps: s01, acquiring a database operation log; s02, analyzing SQL statements from the database operation log to generate records of the account accessing data table; s03, generating access behavior reference vectors of each account type; s04, generating an access behavior vector of each account; s05, outputting a similarity set of the specific account and all non-home account types by using a similarity algorithm; and S06, determining the abnormal access risk level according to the value size in the similarity set. The method has the advantages that the granularity of the traditional supervision mechanism is sunk from the database to the data table, and particularly for the table containing sensitive data, an effective means is provided for protecting the invisible assets and the user privacy of an enterprise; the historical data is used for generating a benchmark, so that the subjectivity of artificially determining the threshold is avoided; and the access risk is quantized, the risk level is output, the cosine similarity is simple and convenient to calculate, and the result has interpretability.
Description
Technical Field
The invention relates to the technical field of computer data security, in particular to a method and a system for detecting abnormal access behaviors of sensitive data to an account.
Background
The data warehouse of the basic operator in the telecommunication industry has a large amount of sensitive data, such as user identification numbers, user addresses, user communication records and the like, and the data are stored in a database table and are largely used in the daily operation and analysis of the basic operator. Sensitive data is of high value, is a stealth asset for the underlying operator, and belongs to private information for the user (individual/unit). Therefore, the base operator needs to protect these data from leakage. However, many personnel, including internal staff and third-party manufacturers, can access the data, sensitive data leakage events happen frequently, and protection and tracing of sensitive data become a key work of basic operators with considerable difficulty.
Currently, a base operator generally uses account permissions to manage, that is, allocates database-level access permissions to each account accessing a database.
The management mode of account number authority does not limit the tables accessed by accounts in the library, so that people who have no trails can freely acquire data outside the working range of the job, and an effective supervision mechanism is lacked.
In order to overcome the defects, the invention provides that the access behavior benchmark of the data table level is determined based on the account number type, and the similarity degree of the specific account number and the benchmark is calculated by using the similarity degree, so that the risk level of the account number for accessing sensitive data is quantized, and an effective supervision mechanism is provided.
Disclosure of Invention
The invention aims to solve the technical problem of providing a method and a system for detecting the abnormal access behavior of an account to sensitive data aiming at a supervision mechanism lacking a management mode of account authority, so as to achieve the risk level of quantifying the access of the account to the sensitive data.
The invention solves the technical problems through the following technical means:
a detection method for abnormal access sensitive data behavior of an account number comprises the following steps:
s01, acquiring a database operation log;
s02, analyzing SQL statements from the database operation log to generate records of the account accessing data table;
s03, mixingGenerating a reference vector set U of access behaviors of all the sensitive tables of each account type by combining the known normal account information, account type information and sensitive table information according to the first access record accumulated in a time periodV-basic;
S04, generating an access behavior vector set U of each account for all sensitive tables according to the second access records in the second time periodV-acct;
S05, using a similarity algorithm to output the access behavior vector of the specific account and the similarity set of the access behavior reference vectors of all non-home account types; the non-home account number type is an absolute complement set of the existing account number type relative to the full set of account number types of the specific account number, namely: the method comprises the following steps that (1) PC is a non-home account type, U is a full set of account types, and P is a specific account preset account type;
and S06, determining the abnormal access risk level according to the value size in the similarity set.
Preferably, the step S03 specifically includes:
s0301, screening the first access records by using the normal account information, and selecting a first record subset of all normal accounts;
s0302, screening the first record subset by using the sensitive table information, and selecting out the second record subset of all the sensitive tables;
s0303, the account type information is used for carrying out type identification on accounts in the second record subset, grouping statistics is carried out according to the type identification, and statistical data with the account type as a statistical object and the access times of the sensitive table as statistical indexes, namely an access behavior reference vector set U, is generatedV-basic。
Preferably, the step S04 specifically includes:
grouping and counting the second access records according to the account number to generate statistical data with the account number as a statistical object and the access times of the sensitive table as statistical indexes, namely an access behavior vector set UV-acct(ii) a The access behavior vector is a vector formed by taking the times of accessing each sensitive table as a component, and the vector takes a specific account number as a statistical subject so as to count the times, which are countedRepresentative is the access behavior of the account.
Preferably, in step S05, a cosine similarity meter algorithm is adopted, and the formula is as follows:
wherein: similarity is similarity, A is one of reference vectors of the access behaviors of the non-home account types, B is the access behavior vector of the specific account, theta is an included angle between A, B two vectors, Ai、BiIs A, B components of two vectors, and n is A, B dimensions of the two vectors.
Preferably, the specific process is as follows:
s0501, set U of access behavior vectors output from S04V-acctSelecting access behavior vector V of specific accountacct;
S0502, removing the existing account number type P of the specific account number from the account number type complete set U as the non-home account number type PC;
s0503, access behavior reference vector set U output from S03V-basicSelecting an access behavior reference vector set U of all non-home account types PC of a specific accountV-basic-pc;
S0504, reference vector set U for access behavior output of S0503V-basic-pcEach access behavior reference vector V inbasic-pcThe access behavior vector V of the specific account outputted by S0501 is calculatedacctSimilarity therebetween;
s0505, adding each similarity output by the S0504 into a set, and generating a similarity set U of the specific accountsim。
Preferably, the step S06 specifically includes:
s0601, setting a risk grade interval;
s0602, the similarity set U of the specific account output in S05simTaking the maximum value SimmaxRepresents the highest risk for the account;
s0603, with S06Highest risk Sim of 02 outputmaxMatching the risk grade interval of S0601 and outputting corresponding risk grade Drisk。
The invention also provides a detection system for the abnormal access of the account to the sensitive data, which comprises
The log acquisition module is used for acquiring a database operation log;
the SQL analysis module is used for analyzing SQL sentences from the database operation logs and generating records of the account accessing data table;
an account type level reference vector generation module, configured to combine the known normal account information, account type information, and sensitive table information with the first access record accumulated in the first time period to generate an access behavior reference vector set U of each account type for all sensitive tablesV-basic;
An account level access behavior vector generation module, configured to generate an access behavior vector set U of each account for all sensitive tables according to a second access record in a second time periodV-acct;
The similarity calculation module is used for outputting a similarity set of an access behavior vector of a specific account and access behavior reference vectors of all non-home account types by using a similarity calculation method; the non-home account number type is an absolute complement set of the existing account number type relative to the full set of account number types of the specific account number, namely: the method comprises the following steps that (1) PC is a non-home account type, U is a full set of account types, and P is a specific account preset account type;
and the risk grade calculation module is used for calculating the maximum value in the similarity set and outputting the risk grade to the highest risk according to the existing interval.
Preferably, the account type level reference vector generation module screens the first access records by using normal account information, and selects a first record subset of all normal accounts; screening the first record subset by using the sensitive table information, and selecting a second record subset of all the sensitive tables; finally, the account type information is used for carrying out type identification on the accounts in the second record subset, grouping statistics is carried out according to the type identification, and a pair with the account type as the statistic is generatedStatistical data with access times of elephant and sensitive table as statistical indexes, i.e. access behavior reference vector set UV-basic。
Preferably, the account-level access behavior vector generation module performs group statistics on the second access record according to the accounts to generate statistical data with the accounts as statistical objects and the access times of the sensitive table as statistical indexes, that is, an access behavior vector set UV-acct(ii) a The access behavior vector is a vector formed by taking the number of times of accessing each sensitive table as a component, and the vector takes a specific account number as a statistical subject, so that the counted number represents the access behavior of the account number.
Preferably, the similarity calculation module adopts a cosine similarity algorithm, and the formula is as follows:
wherein: similarity is similarity, A is one of reference vectors of the access behaviors of the non-home account types, B is the access behavior vector of the specific account, theta is an included angle between A, B two vectors, Ai、BiIs A, B components of two vectors, and n is A, B dimensions of the two vectors.
The specific process is as follows:
s0501, set U of access behavior vectors output from S04V-acctSelecting access behavior vector V of specific accountacct;
S0502, removing the existing account type A of the specific account from the account type complete set U as the non-home account type PC;
s0503, access behavior reference vector set U output from S03V-basicSelecting an access behavior reference vector set U of all non-home account types PC of a specific accountV-basic-pc;
S0504, reference vector set U for access behavior output of S0503V-basic-pcEach access behavior reference vector V inbasic-pcAll calculate the access behavior direction of the specific account number output by S0501Quantity VacctSimilarity therebetween;
s0505, adding each similarity output by the S0504 into a set, and generating a similarity set U of the specific accountsim。
The invention has the advantages that: the historical data is used for generating a benchmark, so that the subjectivity of artificially determining the threshold is avoided; and the access risk is quantized, the risk level is output, the cosine similarity is simple and convenient to calculate, and the result has interpretability. The granularity of the traditional supervision mechanism is sunk from a database to a data table, and an effective means is provided for protecting the invisible assets and the user privacy of an enterprise especially for the table containing sensitive data.
Drawings
Fig. 1 is a flow chart of a method for detecting an abnormal access behavior of an account to sensitive data according to an embodiment of the present invention;
fig. 2 is a block diagram of a structure of a system for detecting an abnormal access behavior of an account to sensitive data according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to the step diagram of fig. 1, the method for detecting the behavior of an account accessing sensitive data abnormally includes the following steps:
s01, acquiring a database operation log;
s02, analyzing SQL statements from the database operation log to generate records of the account accessing data table;
s03, combining the first access records accumulated in the first time period with the normal account information, the account type information and the sensitive table information to generate an access behavior reference vector set of each account type to all sensitive tables;
the first time period is an access record extraction time period for establishing an access behavior reference vector, and can be defined as three months without loss of generality.
The account type is defined by types with different access requirements on the sensitive table according to the work responsibility requirements, and includes but is not limited to database administrators, broad-form development, application development, data assurance and the like. The quality of account type division can be measured by the similarity of access behavior basic vectors between every two account types, and the smaller the similarity is, the higher the quality of account type division is. When the similarity between two account types is large, the two account types can be considered to be combined.
The normal account information is the screened and determined account subset with the access behavior conforming to the account type. By using the normal account subset, the established access behavior reference vector can be ensured to be real and reliable.
The account type information is data of corresponding relation between all accounts and the existing account types.
The sensitive table information is selected, determined and data table subset with sensitive data, such as user data table, bill expense table, call record table, network record table, etc.
The access behavior reference vector is a vector formed by taking the number of times of accessing each sensitive table as a component, and the reference vector is a total number or average number counted by taking all accounts under a certain account type as a statistical subject, which represents the access behavior of the account type, and is referred to table 1.
Table 1 access behavior reference vector sample data
Account type/sensitivity table | User data sheet | Bill fee meter | Call recording meter | Network access recording meter |
Wide-table development | 100 | 50 | 50 | 25 |
Application development | 50 | 100 | 100 | 25 |
Data assurance | 100 | 25 | 25 | 25 |
Database manager | 0 | 0 | 0 | 0 |
S0301, screening the first access records by using the normal account information, and selecting a first record subset of all normal accounts;
s0302, screening the first record subset by using the sensitive table information, and selecting out the second record subset of all the sensitive tables;
s0303, the account type information is used for carrying out type identification on accounts in the second record subset, grouping statistics is carried out according to the type identification, and statistical data with the account type as a statistical object and the access times of the sensitive table as statistical indexes, namely an access behavior reference vector set U, is generatedV-basic。
S04, generating an access behavior vector set of each account to all sensitive tables according to the second access records in the second time period;
grouping and counting the second access records according to the account number to generate statistical data with the account number as a statistical object and the access times of the sensitive table as statistical indexes, namely an access behavior vector set UV-acct。
The second time period is an access record extraction time period for establishing the access behavior vector of the specific account, and can be defined as one day without loss of generality.
The access behavior vector is a vector formed by taking the times of accessing each sensitive table as a component, and the vector takes a specific account number as a statistical subject, so that the counted times represent the access behavior of the account number.
S05, using a similarity algorithm to output the access behavior vector of the specific account and the similarity set of the access behavior reference vectors of all non-home account types;
the non-home account type is an absolute complement set of the preset account type of the specific account and the full set of the account types, namely, PC is U-P, wherein PC is the non-home account type, U is the full set of the account types, and P is the preset account type of the specific account.
The similarity calculation method uses cosine similarity. Cosine similarity measures similarity between vectors by calculating cosine values of an included angle between the two vectors, and generally, the value range of the cosine similarity is-1 to 1. In the embodiment of the present invention, a cosine similarity value between an access behavior vector of a specific account and an access behavior reference vector of a certain account type is in a range from 0 to 1, and when the value approaches 1, the similarity between the access behavior of the specific account and the account type is high, and when the value approaches 0, the similarity between the access behavior of the specific account and the account type is low.
The cosine similarity is calculated as follows:
wherein: similarity is similarity, A, B is the two vectors of the input, θ is the angle between A, B two vectors, Ai、BiIs A, B components of two vectors, and n is A, B dimensions of the two vectors.
S0501, set U of access behavior vectors output from S04V-acctSelecting access behavior vector V of specific accountacct;
S0502, removing the existing account number type P of the specific account number from the account number type complete set U as the non-home account number type PC;
s0503, access behavior reference vector set U output from S03V-basicSelecting an access behavior reference vector set U of all non-home account types PC of a specific accountV-basic-pc;
S0504, reference vector set U for access behavior output of S0503V-basic-pcEach access behavior reference vector V inbasic-pcThe access behavior vector V of the specific account outputted by S0501 is calculatedacctSimilarity therebetween;
s0505, adding each similarity output by the S0504 into a set, and generating a similarity set U of the specific accountsim。
And S06, if the value in the similarity set is larger, the abnormal access risk level is higher, the maximum value in the set can be selected to represent the highest risk, and the risk grade can be output to the highest risk according to the preset interval.
S0601, setting risk grade interval without loss of generality, e.g., [0,0.3) low risk, [0.3,0.6] medium risk, (0.6,1] high risk;
s0602, feature output to S05Similarity set U of fixed account numberssimTaking the maximum value SimmaxRepresents the highest risk for the account;
s0603, highest risk Sim output as S0602maxMatching the risk grade interval of S0601 and outputting corresponding risk grade Drisk。
Referring to fig. 2, the present invention also discloses a system for detecting the behavior of an account accessing sensitive data abnormally, which includes:
the log acquisition module is used for acquiring a database operation log;
the SQL analysis module is used for analyzing SQL sentences from the database operation logs and generating records of the account accessing data table;
an account type level reference vector generation module, configured to combine the known normal account information, account type information, and sensitive table information with the first access record accumulated in the first time period to generate an access behavior reference vector set U of each account type for all sensitive tablesV-basic;
An account level access behavior vector generation module, configured to generate an access behavior vector set U of each account for all sensitive tables according to a second access record in a second time periodV-acct;
The similarity calculation module is used for outputting a similarity set of an access behavior vector of a specific account and access behavior reference vectors of all non-home account types by using a similarity calculation method; the non-home account number type is an absolute complement set of the existing account number type relative to the full set of account number types of the specific account number, namely: the method comprises the following steps that (1) PC is a non-home account type, U is a full set of account types, and P is a specific account preset account type;
and the risk grade calculation module is used for calculating the maximum value in the similarity set and outputting the risk grade to the highest risk according to the existing interval.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (5)
1. A detection method for abnormal access sensitive data behavior of an account is characterized in that: the method comprises the following steps:
s01, acquiring a database operation log;
s02, analyzing SQL statements from the database operation log to generate records of the account accessing data table;
s03, combining the first access records accumulated in the first time period with the known normal account information, account type information and sensitive table information to generate an access behavior reference vector set U of each account type to all sensitive tablesV-basic;
The step S03 specifically includes:
s0301, screening the first access records by using the normal account information, and selecting a first record subset of all normal accounts;
s0302, screening the first record subset by using the sensitive table information, and selecting out the second record subset of all the sensitive tables;
s0303, the account type information is used for carrying out type identification on accounts in the second record subset, grouping statistics is carried out according to the type identification, and statistical data with the account type as a statistical object and the access times of the sensitive table as statistical indexes, namely an access behavior reference vector set U, is generatedV-basic;
S04, generating an access behavior vector set U of each account for all sensitive tables according to the second access records in the second time periodV-acct;
The step S04 specifically includes:
grouping and counting the second access records according to the account number to generate statistical data with the account number as a statistical object and the access times of the sensitive table as statistical indexes, namely an access behavior vector set UV-acct(ii) a The access behavior vector is a vector formed by taking the times of accessing each sensitive table as a component, and the vector is a special vectorThe account number is taken as a statistical subject, so that the counted times represent the access behavior of the account number;
s05, using a similarity algorithm to output the access behavior vector of the specific account and the similarity set of the access behavior reference vectors of all non-home account types; the non-home account number type is an absolute complement set of the existing account number type relative to the full set of account number types of the specific account number, namely: the method comprises the following steps that (1) PC is a non-home account type, U is a full set of account types, and P is a specific account preset account type;
in step S05, a cosine similarity meter algorithm is adopted, and the formula is as follows:
wherein: similarity is similarity, A is one of reference vectors of the access behaviors of the non-home account types, B is the access behavior vector of the specific account, theta is an included angle between A, B two vectors, Ai、BiA, B, n being the dimension of A, B two vectors;
and S06, determining the abnormal access risk level according to the value size in the similarity set.
2. The method for detecting the abnormal access sensitive data behavior of the account according to claim 1, wherein: the specific process is as follows:
s0501, set U of access behavior vectors output from S04V-acctSelecting access behavior vector V of specific accountacct;
S0502, removing the existing account number type P of the specific account number from the account number type complete set U as the non-home account number type PC;
s0503, access behavior reference vector set U output from S03V-basicSelecting an access behavior reference vector set U of all non-home account types PC of a specific accountV-basic-pc;
S0504, access behavior benchmark for S0503 outputVector set UV-basic-pcEach access behavior reference vector V inbasic-pcThe access behavior vector V of the specific account outputted by S0501 is calculatedacctSimilarity therebetween;
s0505, adding each similarity output by the S0504 into a set, and generating a similarity set U of the specific accountsim。
3. The method for detecting the abnormal access sensitive data behavior of the account according to claim 2, wherein: the step S06 specifically includes:
s0601, setting a risk grade interval;
s0602, the similarity set U of the specific account output in S05simTaking the maximum value SimmaxRepresents the highest risk for the account;
s0603, highest risk Sim output as S0602maxMatching the risk grade interval of S0601 and outputting corresponding risk grade Drisk。
4. A detection system for the abnormal access of an account to sensitive data behaviors is characterized in that: comprises that
The log acquisition module is used for acquiring a database operation log;
the SQL analysis module is used for analyzing SQL sentences from the database operation logs and generating records of the account accessing data table;
an account type level reference vector generation module, configured to combine the known normal account information, account type information, and sensitive table information with the first access record accumulated in the first time period to generate an access behavior reference vector set U of each account type for all sensitive tablesV-basic;
An account level access behavior vector generation module, configured to generate an access behavior vector set U of each account for all sensitive tables according to a second access record in a second time periodV-acct;
The similarity calculation module is used for outputting a similarity set of an access behavior vector of a specific account and access behavior reference vectors of all non-home account types by using a similarity calculation method; the non-home account number type is an absolute complement set of the existing account number type relative to the full set of account number types of the specific account number, namely: the method comprises the following steps that (1) PC is a non-home account type, U is a full set of account types, and P is a specific account preset account type;
the risk grade calculation module is used for calculating the maximum value in the similarity set and outputting the risk grade to the highest risk according to the existing interval;
the account type level reference vector generation module screens the first access records by using normal account information, and selects a first record subset of all normal accounts; screening the first record subset by using the sensitive table information, and selecting a second record subset of all the sensitive tables; finally, account type information is used for carrying out type identification on accounts in the second record subset, grouping statistics is carried out according to the type identification, and statistical data with account types as statistical objects and sensitive table access times as statistical indexes, namely an access behavior reference vector set U is generatedV-basic;
The account-level access behavior vector generation module performs grouping statistics on the second access records according to accounts to generate statistical data with the accounts as statistical objects and the access times of the sensitive table as statistical indexes, namely an access behavior vector set UV-acct(ii) a The access behavior vector is a vector formed by taking the times of accessing each sensitive table as a component, and the vector takes a specific account number as a statistical subject, so that the counted times represent the access behavior of the account number;
the similarity calculation module adopts a cosine similarity algorithm, and the formula is as follows:
wherein: similarity is similarity, A is one of reference vectors of the access behaviors of the non-home account types, B is the access behavior vector of the specific account, theta is an included angle between A, B two vectors, Ai、BiA, B is twoThe components of the vector, n, are A, B dimensions of two vectors.
5. The system for detecting the abnormal access behavior of the account to the sensitive data according to claim 4, wherein: the similarity calculation module comprises the following specific processes:
set of access behavior vectors U from outputV-acctSelecting access behavior vector V of specific accountacct;
Removing an existing account type A of a specific account from a full set U of account types as a non-home account type PC;
set of access behavior reference vectors U from the outputV-basicSelecting an access behavior reference vector set U of all non-home account types PC of a specific accountV-basic-pc;
Set of reference vectors U for access behavior of outputV-basic-pcEach access behavior reference vector V inbasic-pcAll calculate the output access behavior vector V of the specific accountacctSimilarity therebetween;
adding each output similarity into a set to generate a similarity set U of a specific accountsim。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911045981.0A CN110750786B (en) | 2019-10-30 | 2019-10-30 | Method and system for detecting abnormal access behavior of account to sensitive data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911045981.0A CN110750786B (en) | 2019-10-30 | 2019-10-30 | Method and system for detecting abnormal access behavior of account to sensitive data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110750786A CN110750786A (en) | 2020-02-04 |
CN110750786B true CN110750786B (en) | 2021-09-14 |
Family
ID=69281246
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911045981.0A Active CN110750786B (en) | 2019-10-30 | 2019-10-30 | Method and system for detecting abnormal access behavior of account to sensitive data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110750786B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111652626B (en) * | 2020-06-18 | 2023-03-24 | 支付宝(杭州)信息技术有限公司 | Method and device for realizing service |
CN112416895A (en) * | 2020-11-16 | 2021-02-26 | 杭州安恒信息技术股份有限公司 | Database information processing method and device, readable storage medium and electronic equipment |
CN112836223A (en) * | 2021-02-01 | 2021-05-25 | 长沙市到家悠享网络科技有限公司 | Data processing method, device and equipment |
CN117014224B (en) * | 2023-09-12 | 2024-01-30 | 联通(广东)产业互联网有限公司 | Network attack defense method and system based on Gaussian process regression |
CN117574362B (en) * | 2024-01-15 | 2024-04-30 | 广东茉莉数字科技集团股份有限公司 | Method and system for resolving abnormal data of dactylogyrus account |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11409770B2 (en) * | 2015-03-26 | 2022-08-09 | Oracle International Corporation | Multi-distance similarity analysis with tri-point arbitration |
CN106210044B (en) * | 2016-07-11 | 2019-06-11 | 焦点科技股份有限公司 | A kind of any active ues recognition methods based on access behavior |
CN108446546A (en) * | 2018-03-20 | 2018-08-24 | 深信服科技股份有限公司 | Abnormal access detection method, device, equipment and computer readable storage medium |
CN108932426B (en) * | 2018-06-27 | 2022-05-03 | 平安科技(深圳)有限公司 | Unauthorized vulnerability detection method and device |
CN109885554A (en) * | 2018-12-20 | 2019-06-14 | 顺丰科技有限公司 | Method of Database Secure Audit method, system and computer readable storage medium |
-
2019
- 2019-10-30 CN CN201911045981.0A patent/CN110750786B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN110750786A (en) | 2020-02-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110750786B (en) | Method and system for detecting abnormal access behavior of account to sensitive data | |
EP3306512B1 (en) | Account theft risk identification method, identification apparatus, and prevention and control system | |
TW201629824A (en) | Anomaly detection using adaptive behavioral profiles | |
CN107579956B (en) | User behavior detection method and device | |
Becker et al. | Fraud detection in telecommunications: History and lessons learned | |
US7693767B2 (en) | Method for generating predictive models for a business problem via supervised learning | |
US7937321B2 (en) | Managed service for detection of anomalous transactions | |
US20050086529A1 (en) | Detection of misuse or abuse of data by authorized access to database | |
US20020147694A1 (en) | Retraining trainable data classifiers | |
US20100257092A1 (en) | System and method for predicting a measure of anomalousness and similarity of records in relation to a set of reference records | |
CN110990242B (en) | Method and device for determining fluctuation abnormality of user operation times | |
CN109446768B (en) | Application access behavior abnormity detection method and system | |
CN109684863A (en) | Data leakage prevention method, device, equipment and storage medium | |
CN112291261A (en) | Network security log audit analysis method driven by knowledge graph | |
CN109242658B (en) | Suspicious transaction report generation method, suspicious transaction report generation system, suspicious transaction report generation computer device and suspicious transaction report storage medium | |
CN113032824B (en) | Low-frequency data leakage detection method and system based on database flow logs | |
CN117235731B (en) | Big data monitoring and early warning system for secret equipment | |
US20230396640A1 (en) | Security event management system and associated method | |
CN116720194A (en) | Method and system for evaluating data security risk | |
CN110990867A (en) | Database-based data leakage detection model modeling method and device, and leakage detection method and system | |
CN111861734B (en) | Test evaluation system and method for three-party data source | |
Eling et al. | Time dynamics of cyber risk | |
CN111626586B (en) | Data quality detection method, device, computer equipment and storage medium | |
CN112150036B (en) | Method and device for detecting gas theft of boiler gas user based on data driving | |
CN117726435B (en) | Image data management method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |