CN110881032B - Identification method and device for unauthorized account operation - Google Patents
Identification method and device for unauthorized account operation Download PDFInfo
- Publication number
- CN110881032B CN110881032B CN201911075032.7A CN201911075032A CN110881032B CN 110881032 B CN110881032 B CN 110881032B CN 201911075032 A CN201911075032 A CN 201911075032A CN 110881032 B CN110881032 B CN 110881032B
- Authority
- CN
- China
- Prior art keywords
- account
- risk value
- equipment
- information
- unauthorized
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
The invention discloses an identification method of account number unauthorized operation, which is applied to an operation and maintenance authority management platform, wherein the operation and maintenance authority management platform comprises a plurality of service domain subsystems and comprises the following steps: when detecting that an account logs in a system, acquiring account information of the account and equipment information of account logging equipment; identifying whether the account is a public account; if the account is not a public account, calculating a risk value of the account operation; if the obtained risk value exceeds a threshold value, canceling or modifying the authority of the account; and a corresponding apparatus is disclosed. The invention can search out the possible common account without occupying resources, thereby ensuring that the occurrence rate of the unauthorized account is reduced; the calculation of the summation can eliminate a large number of accidental data login conditions.
Description
Technical Field
The invention relates to the technical field of internet, in particular to an account number unauthorized operation identification method and device.
Background
In the operation and maintenance of the communication professional department, due to the fact that long-term personnel shortage can lead to heavy operation and maintenance of a team and light management, updating of equipment ledgers is delayed, omission often occurs, and a corresponding control means is lacked.
In the daily operation and maintenance of the communication professional department, the main security management risk points of the unauthorized use of the account number are as follows: the communication, transportation and maintenance work of the basic unit falls to the class level, and after the post is adjusted, the adjustment information cannot be obtained at the first time, so that the authority adjustment is delayed; effective control measures are lacked for the cross use of high-authority accounts, and the mixed use and the generation approval of the high-authority accounts are ubiquitous; off-site login of an account poses risks due to different security and usage conditions of the computer system.
According to the information/3 website 782 and 2015 file, in order to ensure the security of the application system account, the information operation and maintenance department should make the following control:
1) and adjusting and timely changing the account authority of the application system according to the personnel position to ensure that the authority and responsibility are consistent.
2) Strictly controlling abnormal use of high-authority accounts (service approval, core data viewing).
3) Remote login (considering computer application environment security differentiation) of accounts.
Disclosure of Invention
The invention provides an account number unauthorized operation identification method and device to solve the technical problem.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
the identification method of the account number unauthorized operation is applied to an operation and maintenance authority management platform, the operation and maintenance authority management platform comprises a plurality of service domain subsystems, and the identification method is characterized by comprising the following steps:
calculating the risk value P of the account operation1Either the physical risk value or the override risk value,
calculating the risk value P of the account operation1When the physical risk value is the physical risk value, the device information of the device corresponding to the account is ID1(d1,f1,r2) The device information of the device logged in by the account is ID2(d2,f2,r2) Then the physical risk value P1:
P1=|(d1-d2)*1000|+|(f1-f2)*100|+|(r1-r2)|
Wherein the content of the first and second substances,d1for the account corresponds to the equipment number of the equipment, d2Secondary node level position of the device logged in for the account, f1For the secondary node level position of the device corresponding to the account, f2Is the hierarchical position below the secondary node of the equipment logged in by the account number r1For the account corresponds to the actual geographical location of the device, r2The actual geographic position of the equipment logged in by the account;
calculating the risk value P of the account operation1When the risk value is an unauthorized risk value, the risk coefficient of each account owner exceeding the original authority is set as b1The risk of the account owner logging in the device is b2:
Preferably, the account information includes: the authority of the account, the responsibility of the account owner, and the equipment information of the equipment corresponding to the account.
Preferably, when the account shows multiple logins, the risk values are accumulated:
wherein i and n are integers, and i is more than or equal to 1 and less than or equal to n.
According to a second aspect of the embodiments of the present invention, there is provided an apparatus for identifying an account unauthorized operation, where the apparatus is applied to an operation and maintenance authority management platform, where the operation and maintenance authority management platform includes a plurality of service domain subsystems, and the apparatus includes:
the account detection module is used for acquiring account information of the account and equipment information of the account login equipment when detecting that the account logs in the system;
the account number identification module is used for identifying whether the account number is a public account number;
the risk value calculation module is used for calculating the risk value of the account operation if the account is not a public account;
and the permission modification module is used for canceling the account or modifying the permission if the obtained risk value exceeds a threshold value.
Preferably, the account information includes: the authority of the account, the responsibility of the account owner, and the equipment information of the equipment corresponding to the account.
Compared with the prior art, the method is simpler, does not occupy resources, finds out the possible common account numbers, and ensures that the occurrence rate of unauthorized account numbers is reduced; the calculation of the summation can eliminate a large number of accidental data login conditions.
Drawings
FIG. 1 is a flow chart of a method for identifying unauthorized operation of an account according to the present invention;
fig. 2 is a block diagram of an account unauthorized operation recognition device according to the present invention.
In the figure, 201-account number detection module, 202-account number identification module, 203-risk value calculation module, 204-authority modification module.
Detailed Description
The present invention will be described in detail below with reference to specific embodiments shown in the drawings. These embodiments are not intended to limit the present invention, and structural, methodological, or functional changes made by those skilled in the art according to these embodiments are included in the scope of the present invention.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
As shown in fig. 1, an account unauthorized operation identification method is applied to an operation and maintenance authority management platform, where the operation and maintenance authority management platform includes multiple service domain subsystems, and includes the following steps:
and 104, if the obtained risk value exceeds a threshold value, canceling the account or modifying the authority.
Here, the account information may include: the authority of the account, the responsibility of the account owner, and the equipment information of the equipment corresponding to the account. Specifically, the account information and the device information are collected to know the current login account information, the computer connection port of the login device, the account user and account authority, the physical location and the like, and the personnel information can include the department, position, responsibility and the like of the account user.
In one implementation of the present invention, the calculating the risk value P of the account operation1May be a physical risk value, and the device information of the device corresponding to the account is ID1(d1,f1,r2) The device information of the device logged in by the account is ID2(d2,f2,r2) Then the physical risk value P1:
P1=|(d1-d2)*1000|+|(f1-f2)*100|+|(r1-r2)|。
Wherein, ID1、d1、f1、r1Respectively representing the equipment number, the hierarchical position of the secondary node, the hierarchical position below the secondary node and the actual geographic position, ID, of the equipment corresponding to the account2、d2、f2、r2Respectively representing the equipment number, the hierarchical position of the secondary node, the hierarchical position below the secondary node and the actual geographic position of the equipment logged in by the account.
The distance value of the actual geographic position can be calculated by using an actual numerical value, and the calculated values of the distances of the hierarchical positions of the secondary nodes and the hierarchical positions below the secondary nodes pass through a set valueAnd converting to obtain 1000, which is the assigned risk value when the account data source changes on the level of the secondary node, and 100, which is the assigned risk value under the secondary node. P1The larger the value of (a), the higher the risk of commonization.
In one implementation of the present invention, the calculating the risk value P of the account operation1The risk value can be an override risk value, the override risk value is override, the more override, the larger the department phase difference, and the explosive increase of the risk value. Setting the risk coefficient of each account owner exceeding the original authority as b1The risk of the account owner logging in the device is b2:
In particular, when the account shows multiple logins, the risk values can be accumulated:
wherein i and n are integers, and i is more than or equal to 1 and less than or equal to n.
Correspondingly, the present invention further provides an identification apparatus for an account unauthorized operation, which is applied to an operation and maintenance authority management platform, where the operation and maintenance authority management platform includes a plurality of service domain subsystems, as shown in fig. 2, and includes:
an account detection module 201, configured to, when it is detected that an account logs in a system, obtain account information of the account and device information of the account logging device;
an account identification module 202, configured to identify whether the account is a public account;
a risk value calculating module 203, configured to calculate a risk value of the account operation if the account is not a public account;
and an authority modifying module 204, configured to, if the obtained risk value exceeds the threshold, cancel or modify the authority from the account.
The account information includes: the authority of the account, the responsibility of the account owner, and the equipment information of the equipment corresponding to the account.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
According to the invention, the relationship between the account owner and the login account equipment and the relationship between the account owner and the login equipment are analyzed by combing the equipment port distribution diagram, the communication point location personnel attribute data and personnel data, and the specific violation behavior is judged by using the behavior setting tree. Therefore, the method can be simpler, does not occupy resources, finds out the possible common account numbers, and ensures that the occurrence rate of the unauthorized account numbers is reduced. The calculation of the summation can eliminate a large number of accidental data login conditions.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
Claims (5)
1. The identification method of the account number unauthorized operation is applied to an operation and maintenance authority management platform, the operation and maintenance authority management platform comprises a plurality of service domain subsystems, and the identification method is characterized by comprising the following steps:
step 101, when detecting that an account logs in a system, acquiring account information of the account and equipment information of account logging equipment;
step 102, identifying whether the account is a public account;
step 103, if the account is not a public account, calculating a risk value of the account operation;
step 104, if the obtained risk value exceeds a threshold value, canceling the account or modifying the authority;
calculating the risk value P of the account operation1Either the physical risk value or the override risk value,
calculating the risk value P of the account operation1When the physical risk value is the physical risk value, the device information of the device corresponding to the account is ID1(d1,f1,r2) The device information of the device logged in by the account is ID2(d2,f2,r2) Then the physical risk value P1:
P1=|(d1-d2)*1000|+|(f1-f2)*100|+|(r1-r2)|
Wherein, ID1、d1、f1、r1Respectively representing the equipment number, the hierarchical position of the secondary node, the hierarchical position below the secondary node and the actual geographic position, ID, of the equipment corresponding to the account2、d2、f2、r2Respectively representing the equipment number, the hierarchical position of a secondary node, the hierarchical position below the secondary node and the actual geographic position of equipment logged in by the account;
calculating the risk value P of the account operation1When the risk value is an unauthorized risk value, the risk coefficient of each account owner exceeding the original authority is set as b1The risk of the account owner logging in the device is b2:
2. The method for identifying account unauthorized operation according to claim 1, wherein the account information includes: the authority of the account, the responsibility of the account owner, and the equipment information of the equipment corresponding to the account.
3. The method for identifying unauthorized account operation according to claim 1, wherein when the account shows multiple logins, the risk values are accumulated:
wherein i and n are integers, and i is more than or equal to 1 and less than or equal to n.
4. The recognition device of account number unauthorized operation, characterized in that, be applied to operation and maintenance authority management platform, operation and maintenance authority management platform includes a plurality of business domain subsystems, its characterized in that includes:
the account detection module is used for acquiring account information of the account and equipment information of the account login equipment when detecting that the account logs in the system;
the account number identification module is used for identifying whether the account number is a public account number;
the risk value calculation module is used for calculating the risk value of the account operation if the account is not a public account;
the permission modification module is used for canceling the account number or modifying permission if the obtained risk value exceeds a threshold value;
the identification device for the account number unauthorized operation is used for executing an identification method for the account number unauthorized operation, and the identification method for the account number unauthorized operation specifically comprises the following steps:
step 101, when detecting that an account logs in a system, acquiring account information of the account and equipment information of account logging equipment;
step 102, identifying whether the account is a public account;
step 103, if the account is not a public account, calculating a risk value of the account operation;
step 104, if the obtained risk value exceeds a threshold value, canceling the account or modifying the authority;
calculating the risk value P of the account operation1Either the physical risk value or the override risk value,
calculating the risk value P of the account operation1When the physical risk value is the physical risk value, the device information of the device corresponding to the account is ID1(d1,f1,r2) The device information of the device logged in by the account is ID2(d2,f2,r2) Then the physical risk value P1:
P1=|(d1-d2)*1000|+|(f1-f2)*100|+|(r1-r2)|
Wherein, ID1、d1、f1、r1Respectively representing the equipment number, the hierarchical position of the secondary node, the hierarchical position below the secondary node and the actual geographic position, ID, of the equipment corresponding to the account2、d2、f2、r2Respectively representing the equipment number, the hierarchical position of a secondary node, the hierarchical position below the secondary node and the actual geographic position of equipment logged in by the account;
calculating the risk value P of the account operation1When the risk value is an unauthorized risk value, the risk coefficient of each account owner exceeding the original authority is set as b1The risk of the account owner logging in the device is b2:
5. The apparatus for recognizing an account unauthorized operation according to claim 4, wherein the account information includes: the authority of the account, the responsibility of the account owner, and the equipment information of the equipment corresponding to the account.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911075032.7A CN110881032B (en) | 2019-11-06 | 2019-11-06 | Identification method and device for unauthorized account operation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911075032.7A CN110881032B (en) | 2019-11-06 | 2019-11-06 | Identification method and device for unauthorized account operation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110881032A CN110881032A (en) | 2020-03-13 |
| CN110881032B true CN110881032B (en) | 2022-02-22 |
Family
ID=69729096
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911075032.7A Active CN110881032B (en) | 2019-11-06 | 2019-11-06 | Identification method and device for unauthorized account operation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110881032B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105139139A (en) * | 2015-08-31 | 2015-12-09 | 国家电网公司 | Data processing method, device and system for operation and maintenance audit |
| CN107154919A (en) * | 2016-03-03 | 2017-09-12 | 中国移动通信集团江苏有限公司 | A kind of safe login method and device |
| EP3257226A1 (en) * | 2015-04-30 | 2017-12-20 | Palmaso ApS | Method for identifying unauthorized access of an account of an online service |
| CN108696490A (en) * | 2017-04-11 | 2018-10-23 | 腾讯科技(深圳)有限公司 | The recognition methods of account permission and device |
| CN108710807A (en) * | 2018-07-16 | 2018-10-26 | 国网安徽省电力有限公司亳州供电公司 | It is gone beyond one's commission management method and its system based on regional electrical energy system |
| CN110135693A (en) * | 2019-04-12 | 2019-08-16 | 北京中科闻歌科技股份有限公司 | A kind of Risk Identification Method, device, equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8751794B2 (en) * | 2011-12-28 | 2014-06-10 | Pitney Bowes Inc. | System and method for secure nework login |
-
2019
- 2019-11-06 CN CN201911075032.7A patent/CN110881032B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3257226A1 (en) * | 2015-04-30 | 2017-12-20 | Palmaso ApS | Method for identifying unauthorized access of an account of an online service |
| CN105139139A (en) * | 2015-08-31 | 2015-12-09 | 国家电网公司 | Data processing method, device and system for operation and maintenance audit |
| CN107154919A (en) * | 2016-03-03 | 2017-09-12 | 中国移动通信集团江苏有限公司 | A kind of safe login method and device |
| CN108696490A (en) * | 2017-04-11 | 2018-10-23 | 腾讯科技(深圳)有限公司 | The recognition methods of account permission and device |
| CN108710807A (en) * | 2018-07-16 | 2018-10-26 | 国网安徽省电力有限公司亳州供电公司 | It is gone beyond one's commission management method and its system based on regional electrical energy system |
| CN110135693A (en) * | 2019-04-12 | 2019-08-16 | 北京中科闻歌科技股份有限公司 | A kind of Risk Identification Method, device, equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| "Optimization of the structures locations using a genetic algorithm in the transmission line design";Enes Kalajac、Almir Karabegović、Mirza Ponjavić;《2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO)》;20180702;全文 * |
| "基于ITIL的应用级运维支撑平台研究与实现";李灿全;《中国优秀硕士学位论文全文数据库 信息科技辑》;20130715(第7期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110881032A (en) | 2020-03-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106295349A (en) | Risk Identification Method, identification device and the anti-Ore-controlling Role that account is stolen | |
| CA3134595C (en) | Verification of electronic identity components | |
| RU2622883C2 (en) | System and method for managing access to personal data | |
| US20160057164A1 (en) | Device for quantifying vulnerability of system and method therefor | |
| CN108537243B (en) | Violation warning method and device | |
| US20230281278A1 (en) | Software License Management Platform | |
| CN105005874A (en) | Examination method and system of network administrator | |
| CN113392426A (en) | Method and system for enhancing data privacy of an industrial or electrical power system | |
| EP3745328A1 (en) | System and method for performing device analytics | |
| Krundyshev et al. | The security risk analysis methodology for smart network environments | |
| CN116644825B (en) | Big data-based outpatient information inquiry reservation management system | |
| CN110881032B (en) | Identification method and device for unauthorized account operation | |
| CN109446768B (en) | Application access behavior abnormity detection method and system | |
| CN110995465B (en) | Communication point panoramic view information operation and maintenance method and system | |
| CN110706098A (en) | Accurate poverty alleviation system and method based on block chain | |
| CN113240269A (en) | Data risk management method and system for enterprise management system | |
| Da Silva et al. | Return on security investment for cloud computing: a customer perspective | |
| CN111882415A (en) | Training method and related device of quality detection model | |
| Brown et al. | AMI system security requirements | |
| CN110175109B (en) | User type determining method, determining device, equipment and medium | |
| CN115587374B (en) | Dynamic access control method and control system based on trust value | |
| CN111314266B (en) | Traffic fraud detection method and device, electronic equipment and storage medium | |
| CN110969349B (en) | Network security risk probability determination method and device and electronic equipment | |
| CN115292272B (en) | Enterprise-level authority management method, system, electronic equipment and storage medium | |
| KR102521627B1 (en) | Method, system and non-transitory computer-readable recording medium for estimating information of real estate to be transacted |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |