CN111966995A - User permission dynamic control method and device based on user behavior and equipment - Google Patents
User permission dynamic control method and device based on user behavior and equipment Download PDFInfo
- Publication number
- CN111966995A CN111966995A CN202010825324.4A CN202010825324A CN111966995A CN 111966995 A CN111966995 A CN 111966995A CN 202010825324 A CN202010825324 A CN 202010825324A CN 111966995 A CN111966995 A CN 111966995A
- Authority
- CN
- China
- Prior art keywords
- user
- data
- real
- unit
- time log
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 230000006399 behavior Effects 0.000 claims abstract description 85
- 238000012549 training Methods 0.000 claims abstract description 17
- 238000007781 pre-processing Methods 0.000 claims description 34
- 238000004590 computer program Methods 0.000 claims description 22
- 238000007418 data mining Methods 0.000 claims description 20
- 230000001131 transforming effect Effects 0.000 claims description 16
- 238000012545 processing Methods 0.000 claims description 12
- 238000004140 cleaning Methods 0.000 claims description 11
- 238000007405 data analysis Methods 0.000 claims description 11
- 238000004422 calculation algorithm Methods 0.000 claims description 9
- 238000007619 statistical method Methods 0.000 claims description 7
- 238000005406 washing Methods 0.000 claims description 6
- 238000004458 analytical method Methods 0.000 claims description 4
- 238000005094 computer simulation Methods 0.000 claims description 3
- 206010063385 Intellectualisation Diseases 0.000 abstract description 7
- 238000007726 management method Methods 0.000 description 22
- 230000001276 controlling effect Effects 0.000 description 11
- 230000008569 process Effects 0.000 description 9
- 230000008520 organization Effects 0.000 description 7
- 230000002159 abnormal effect Effects 0.000 description 6
- 238000012550 audit Methods 0.000 description 5
- 238000012217 deletion Methods 0.000 description 5
- 230000037430 deletion Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000010354 integration Effects 0.000 description 5
- 238000005065 mining Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000013501 data transformation Methods 0.000 description 1
- 238000013079 data visualisation Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000000691 measurement method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012805 post-processing Methods 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/103—Workflow collaboration or project management
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Strategic Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Economics (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Quality & Reliability (AREA)
- Operations Research (AREA)
- Computer Security & Cryptography (AREA)
- Marketing (AREA)
- General Engineering & Computer Science (AREA)
- Game Theory and Decision Science (AREA)
- Educational Administration (AREA)
- Development Economics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a user authority dynamic control method based on user behaviors, which comprises the following steps: acquiring collected user behavior data; wherein the user behavior data comprises user history data and real-time log data; training the historical data to generate a user portrait; analyzing the real-time log data to obtain a user characteristic profile; comparing the user portrait with the user characteristic outline, and generating a corresponding user danger index through the deviation degree generated by comparison; judging the corresponding relation between the user danger index and a preset matching threshold value in real time, and dynamically controlling the user permission; and dividing the user risk level and carrying out classification management and control. The authority of the user in the business application system can be dynamically adjusted through the user danger index which is dynamically changed, the intellectualization and the automation of the auditing system are realized, the fault tolerance of the auditing system to the misoperation of the user is improved, and the false alarm rate are reduced.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a user authority dynamic control method, a user authority dynamic control device and user authority dynamic control equipment based on user behaviors.
Background
According to the latest statistical data of an authoritative security organization, 70% of serious information security incidents threatening an organization are caused by internal personnel behaviors from the organization, and the internal personnel of the organization serving as a legal user becomes a backdrop of information leakage in a business application system. Technologies such as safety control, audit, abnormal behavior early warning and the like are required to be adopted to improve the safety protection level of business application.
The existing user behavior representation methods are different, and some abstract the behavior overall view of the user by analyzing the data of the operation habit, the position, the use time and the like of the user; some data mining algorithms obtain the probability distribution of the normal behaviors of the user, and the probability distribution is used as a standard for verifying whether the behaviors of the user are abnormal; still others represent the user's behavior by using a combination of grammar and context based approaches.
Therefore, the existing auditing technology aiming at user behaviors has the defects of high computer resource occupation, high auditing resource cost and lagged safety protection measures caused by the huge auditing user group, the existing auditing strategy aiming at the user behaviors can not realize intelligent auditing, the real-time early warning of abnormal user behaviors is slow, and the auditing strategy has the problems of false report, high false report rate, low fault tolerance, low auditing data visualization degree, insufficient auditing granularity and the like.
Disclosure of Invention
In view of this, the present invention provides a method, an apparatus, and a device for dynamically controlling user permissions based on user behaviors, which can dynamically adjust the permissions of users in a business application system through a dynamically changing user risk index, so as to implement intellectualization and automation of an auditing system, and improve the fault tolerance of the auditing system to user misoperation, reduce false alarm and false alarm rates, and reduce the auditing range by monitoring or auditing the users whose risk indexes exceed a safety threshold.
In order to achieve the above object, the present invention provides a dynamic control method for user permissions based on user behaviors, which comprises:
acquiring collected user behavior data; the user behavior data comprises historical data and real-time log data of user historical access records;
training the historical data to generate a user portrait;
analyzing the real-time log data to obtain a user characteristic profile;
comparing the user portrait with the user characteristic outline, and generating a corresponding user danger index through the deviation degree generated by comparison;
and judging the corresponding relation between the user danger index and a preset matching threshold value in real time, and dynamically controlling the user permission.
Preferably, the training the historical data to generate a user representation includes:
acquiring the historical data in an offline mode;
preprocessing the historical data; wherein the preprocessing comprises one or more of cleaning, integrating, generalizing, or transforming the data;
carrying out statistical analysis and data mining on the preprocessed data by using a data analysis and data mining algorithm to obtain a multi-dimensional label system of the similar user;
and modeling the multi-dimensional label system of the class user to generate the user portrait.
Preferably, the analyzing the real-time log data includes:
acquiring the real-time log data in real time in an online mode;
preprocessing the real-time log data; wherein the pre-processing comprises one or more of washing, integrating, generalizing, or transforming the data.
Preferably, the determining the relationship between the user risk index and a preset threshold in real time further includes, after dynamically controlling the user permission:
and classifying risk levels, and performing classification management and control according to the user permissions of different levels. In order to achieve the above object, the present invention further provides a dynamic management and control apparatus for user permissions based on user behaviors, the apparatus including:
the acquisition unit is used for acquiring the collected user behavior data; the user behavior data comprises historical data and real-time log data of user historical access records;
the training unit is used for training the historical data to generate a user portrait;
the analysis unit is used for analyzing the real-time log data to obtain a user characteristic profile;
the comparison unit is used for comparing the user portrait with the user characteristic outline and generating a corresponding user danger index through the deviation degree generated by comparison;
and the control unit is used for judging the corresponding relation between the user danger index and a preset matching threshold value in real time and dynamically controlling the user permission.
Preferably, the training unit further includes:
the off-line acquisition unit is used for acquiring the historical data in an off-line mode;
the first processing unit is used for preprocessing the historical data; wherein the preprocessing comprises one or more of cleaning, integrating, generalizing, or transforming the data;
the data analysis and mining unit is used for carrying out statistical analysis and data mining on the preprocessed data by utilizing a data analysis and data mining algorithm to obtain a multi-dimensional label system of the similar user;
and the system modeling unit is used for modeling the multi-dimensional label system of the class user to generate the user portrait.
Preferably, the analysis unit further includes:
the online acquisition unit is used for acquiring the real-time log data in an online mode in real time;
the second processing unit is used for preprocessing the real-time log data; wherein the pre-processing comprises one or more of washing, integrating, generalizing, or transforming the data.
Preferably, the apparatus further comprises:
and the dividing unit is used for dividing risk grades and carrying out classification management and control according to the user permissions of different grades.
In order to achieve the above object, the present invention further provides a device for dynamically managing user permissions based on user behaviors, which includes a processor, a memory, and a computer program stored in the memory, and the computer program is capable of implementing the method for dynamically managing user permissions based on user behaviors as described in the above embodiments when executed by the processor.
In order to achieve the above object, the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, and when the computer program runs, the apparatus where the computer-readable storage medium is controlled to execute, implement the method for dynamically managing and controlling user permissions based on user behaviors, as described in the above embodiment.
According to the scheme, the collected user behavior data is obtained, wherein the user behavior data comprises historical data and real-time log data of a user historical access record, the historical data is trained to generate a user portrait, the real-time log data is analyzed to obtain a user characteristic profile, the user portrait is compared with the user characteristic profile, a corresponding user danger index is generated through the deviation degree generated by comparison, the corresponding relation between the user danger index and a preset matching threshold value is judged in real time, the user permission is dynamically controlled, the permission of a user in a service application system can be dynamically adjusted through the dynamically changed user danger index, the intellectualization and automation of the auditing system are realized, the fault tolerance performance of the auditing system to user misoperation is improved, the false alarm rate and the false alarm rate are reduced, and the auditing range is narrowed.
The above scheme trains historical data to generate a user portrait, and includes: the method comprises the steps of acquiring historical data in an offline mode, preprocessing the historical data, wherein the preprocessing comprises cleaning, integrating, summarizing and transforming the data, mining the preprocessed data by using a data mining algorithm to obtain a multi-dimensional label system of a class user, modeling the multi-dimensional label system of the class user to generate a user portrait, auditing fine granularity of user behaviors, and realizing more refined management of user permissions.
The above scheme, analyzing the real-time log data, includes: real-time log data are acquired in real time in an online mode, and the real-time log data are preprocessed; the preprocessing comprises one or more of cleaning, integrating, summarizing or transforming the data to obtain the user characteristic outline, the user authority can be dynamically updated in real time, and the auditing timeliness and the safety of a service application system are improved.
According to the scheme, the corresponding relation between the user danger index and the preset matching threshold is judged in real time, after the user grade is dynamically divided in real time, the risk grade is divided, classification management and control are performed according to user authorities of different grades, the user organization grade can be dynamically divided in real time, the user is subjected to classification management and control, the auditing range is reduced, the auditing intelligence is improved, the alarming frequency of an auditing manager is reduced, and the workload of the auditing manager is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a dynamic user right management and control method based on user behavior according to an embodiment of the present invention.
Fig. 2 is a schematic flowchart of a dynamic user right management and control method based on user behavior according to another embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a dynamic user right management and control device based on user behavior according to an embodiment of the present invention.
Fig. 4 is a schematic structural diagram of a dynamic user right management and control device based on user behavior according to another embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be noted that the following examples are only illustrative of the present invention, and do not limit the scope of the present invention. Similarly, the following examples are only some but not all examples of the present invention, and all other examples obtained by those skilled in the art without any inventive work are within the scope of the present invention.
The present invention will be described in detail with reference to the following examples.
The invention provides a user authority dynamic control method based on user behaviors, which can dynamically adjust the authority of a user in a business application system through a dynamically-changed user danger index, realize the intellectualization and the automation of an auditing system, improve the fault-tolerant performance of the auditing system to the misoperation of the user, and reduce the false alarm and the false alarm rate.
Fig. 1 is a schematic flow chart of a dynamic user right management and control method based on user behavior according to an embodiment of the present invention.
A user authority dynamic control method based on user behaviors comprises the following steps:
s1, acquiring the collected user behavior data; wherein the user behavior data comprises historical data and real-time log data of user historical access records.
In this embodiment, the user behavior data includes:
(1) the log data in the service application system comprises the addition, deletion, modification and check of a user on a data object of the service application system, the copy, upload, download and deletion of a file object, the login time and the login times of the user.
(2) The login network equipment information of the user comprises a user IP address, an MAC address of user equipment, information and types of the user equipment, and the user equipment comprises a mobile phone, a tablet, a computer, a printer and the like.
(3) Usage records of hardware resources associated with the business application system.
S2, training the historical data to generate the user portrait.
Wherein training the historical data to generate a user representation comprises:
and S2-1, acquiring the historical data in an offline mode.
S2-2, preprocessing the historical data; wherein the pre-processing comprises one or more of washing, integrating, generalizing, or transforming the data.
In this embodiment, the preprocessing of the historical data is to provide clean, accurate and concise data for the post-processing process, so that the data quality, the information processing rate and the accuracy are improved, the data analysis and data mining processes are more effective, and the quality of the mining result is also improved. Wherein the content of the first and second substances,
data cleaning is a process of mapping an original data set with problems of spelling errors, missing values, abnormal values and the like into a new data set meeting quality requirements through means of data conversion, missing processing, abnormal processing and the like, wherein the common methods comprise missing value filling, repeated value deduplication, invalid value deletion, abnormal value processing and the like.
Data integration, including integration of multimodal data for the same entity, such as integration of unstructured data, semi-structured, or structured data; convergence and integration of different attribute information of users with the same entity, such as convergence and integration of basic attributes, equipment attributes and behavior attributes of the same user; and integrating data consistency, such as eliminating conflicts of dimension, unit, data type, synonymy and summary time.
The data transformation mainly carries out data generalization and standardization processing on the data, and achieves the aim of being suitable for mining. The method comprises the steps that numerical coding is needed for character type characteristics in a data set, so that a model can better process data; the data is discretized according to the continuous data, so that the model has stronger robustness to abnormal data, the model operation complexity can be reduced, and the model operation speed is increased.
And S2-3, performing statistical analysis and data mining on the preprocessed data by using a data analysis and data mining algorithm to obtain a multi-dimensional label system of the similar users.
In this embodiment, the multi-dimensional label system of the class users refers to a label system of a certain user group, and includes users having the same post responsibilities and having high similarity, and generally the users are grouped into a user role, the user right is generally granted to a role, all users in the role inherit the right of the role, and the role generally represents a class of user group. The behavior of the user should be consistent with the behavior of the user group in the role.
In order to comprehensively mine user information and more finely construct a user portrait, the user portrait needs to be described from different dimensions, and the process of constructing the user portrait is a process of performing tagging management on the user information. And after the multi-dimensional labels of one user are constructed, converged and integrated, the user portrait is obtained.
And S2-4, modeling the multi-dimensional label system of the class user to generate the user portrait.
In this embodiment, a multi-dimensional label system of class users is modeled, and modeling is performed based on user basic attributes, user equipment attributes, and user behavior attributes. The modeling may be performed using a conventional general modeling tool or modeling method, and is not limited herein. The multi-dimensional label system of the class users comprises:
(1) basic user attributes: user information and location information; the user information includes an account number, a user role, registration time, last login time and the like. The position information comprises sign-in information, position monitoring information, entrance guard information, positioning sensor information and the like.
(2) User equipment attributes: the method comprises the steps of user equipment IP, user equipment interface usage and browser type;
(3) user behavior attributes: the method comprises the following steps of (1) accessing habits, operating behaviors and login behaviors; the access habit comprises a behavior path, a frequently-accessed data object, an access duration, a number of lines influenced by data table access, a frequently-accessed module and a frequently-accessed application; the operation behaviors comprise access types, wherein the access types comprise addition, deletion, inquiry and modification of data objects, and copying, uploading, downloading and deletion of storage objects (such as files); the login behavior comprises login time period, login duration, daily login times and monthly login times.
And S3, analyzing the real-time log data to obtain a user characteristic profile.
In this embodiment, the characteristic profile of the user is obtained by processing and analyzing log data of the user activity trajectory collected in real time. By extracting the log data information of the user in real time and preprocessing the log data information, the operation behavior label of the user in the latest period is constructed, and due to the limitation of factors such as time and the like, partial operation behavior labels are obtained possibly, and only rough user images can be formed, so that the operation behavior labels are called user characteristic profiles.
Wherein, analyzing the real-time log data to obtain a user characteristic profile comprises:
s3-1, acquiring the real-time log data in real time in an online mode;
s3-2, preprocessing the real-time log data; wherein the preprocessing comprises one or more of cleaning, integrating, generalizing or transforming the data to obtain the user feature profile.
In this embodiment, the process of preprocessing the real-time log data may be the process of preprocessing the historical data as described above, which is not described herein again, and please refer to the above description for details.
And S4, comparing the user portrait with the user characteristic outline, and generating a corresponding user danger index through the deviation degree generated by comparison.
In this embodiment, the deviation degree refers to a deviation degree between a user portrait and a user feature outline, which is specifically represented by a matching degree between each tag and a specific user tag on a specific user multi-dimensional tag system, and the matching degree may be determined by a general similarity measurement method according to different tag attributes, or by methods such as sequence pattern mining, clustering, and classification, and the matching degree may be quantified by a plurality of discrete variables, or may be simplified to a discrete value with only [0, 1] two states. For example, two states of 0 or 1 are defined for each tag comparison result, wherein 1 is not met, 0 is met, corresponding weight is set for each tag state according to importance, finally, the accumulated sum of all tag states of the user feature profile multiplied by the weight is used as a quantized deviation value, and then the risk index of the user between 0 and 1 is obtained through [0-1] standardized transformation.
And S5, judging the corresponding relation between the user danger index and a preset matching threshold value in real time, and dynamically controlling the user permission. In this embodiment, the user risk index is set as x, and the corresponding relationship between the user risk index and the preset matching threshold includes x <0.2, x <0.5 > and 0.2, x <0.7 > and 0.5, and x > and 0.7.
When x is less than 0.2, the user belongs to a safe user and is not limited by the authority;
when x is more than or equal to 0.2 and less than 0.5, the system belongs to a low-level dangerous user, the limit of authority is not carried out, and the user is added into a supervision user library for supervision and tracking;
when x is more than or equal to 0.5 and less than 0.7, the system belongs to a middle-level dangerous user, appropriately limits partial authority of the user, adopts an authority control management and control strategy, and adds the user to a dangerous user library;
and when x is more than or equal to 0.7, belonging to a high-level dangerous user, limiting all authorities, sending alarm information to an administrator, and adding the user to a high-risk user library. In this embodiment, the level to which the user belongs is adjusted in real time according to the relationship between the user risk index and a preset threshold, and then according to the change of the user attribution level, it is determined which of the following adjustments is performed for the user: 1) the authority is not changed; 2) the authority level and the authority range are reduced, for example, the operation authority of a part of sensitive data objects is recovered, and the obtained authority is recovered for authorization transfer; 3) and recovering all operation rights of the user to all operation objects.
Wherein, after judging the relationship between the user risk index and a preset threshold value in real time and dynamically controlling the user permission, the method further comprises the following steps:
and risk levels are divided, classification management and control are performed according to the user permissions of different levels, the user organization levels can be dynamically divided in real time, and the users are subjected to classification management and control, so that the intellectualization of audit is improved, the alarm frequency of an audit manager is reduced, the audit range is narrowed, and the workload of the audit manager is reduced.
According to the scheme, the collected user behavior data is obtained, wherein the user behavior data comprises historical data and real-time log data of a user historical access record, the historical data is trained to generate a user portrait, the real-time log data is analyzed to obtain a user characteristic profile, the user portrait is compared with the user characteristic profile, a corresponding user danger index is generated through the deviation degree generated by comparison, the corresponding relation between the user danger index and a preset matching threshold value is judged in real time, the user permission is dynamically controlled, the permission of a user in a service application system can be dynamically adjusted through the dynamically changed user danger index, the intellectualization and automation of an auditing system are realized, the fault-tolerant performance of the auditing system on user misoperation is improved, and the false alarm rate are reduced.
The above scheme trains historical data to generate a user portrait, and includes: the method comprises the steps of obtaining historical data in an offline mode, preprocessing the historical data, wherein the preprocessing comprises one or more of cleaning, integrating, summarizing or transforming the data, carrying out statistical analysis and data mining on the preprocessed data by utilizing a data analysis and data mining algorithm to obtain a multi-dimensional label system of a similar user, modeling the multi-dimensional label system of the similar user to generate a user portrait, auditing fine granularity of user behaviors, and realizing more refined management of user permissions.
The above scheme, analyzing the real-time log data, includes: real-time log data are acquired in real time in an online mode, and the real-time log data are preprocessed; the preprocessing comprises the steps of cleaning, integrating, summarizing and transforming data to obtain a user characteristic outline, the user authority can be dynamically updated in real time, and the timeliness of auditing and the safety of a service application system are improved.
Fig. 2 is a schematic flow chart of a dynamic user right management and control method based on user behavior according to another embodiment of the present invention. In this embodiment, the method includes:
s21, acquiring the collected user behavior data; wherein the user behavior data comprises historical data and real-time log data of user historical access records.
As described above in S1, and will not be described herein.
S22, training the historical data to generate the user portrait.
As described above in S2, and will not be described herein.
And S23, analyzing the real-time log data to obtain a user characteristic profile.
As described above in S3, and will not be described herein.
And S24, comparing the user portrait with the user characteristic outline, and generating a corresponding user danger index through the deviation degree generated by comparison.
As described above in S4, and will not be described herein.
And S25, judging the corresponding relation between the user danger index and a preset matching threshold value in real time, and dynamically controlling the user permission.
As described above in S5, and will not be described herein.
And S26, dividing risk grades, and performing classification management and control according to the user permissions of different grades.
It can be found that, in this embodiment, according to the user risk index condition, the user organization levels are dynamically divided in real time, the users are managed and controlled in a hierarchical manner, and further, the user permissions of different levels are regulated and controlled, so that the auditing intelligence is improved, the alarm frequency of an auditing manager is reduced, and the workload of the auditing manager is reduced.
The invention also provides a user authority dynamic control device based on user behaviors, which can dynamically adjust the authority of the user in the service application system through the user danger index which dynamically changes, realize the intellectualization and the automation of the auditing system, improve the fault-tolerant performance of the auditing system to the misoperation of the user, and reduce the false alarm and the false alarm rate.
Fig. 3 is a schematic structural diagram of a dynamic user right management and control apparatus based on user behavior according to an embodiment of the present invention. In the present embodiment, the apparatus 30 includes:
the acquiring unit 31 is used for acquiring the collected user behavior data; the user behavior data comprises historical data and real-time log data of user historical access records;
a training unit 32 for training the historical data to generate a user portrait;
the analysis unit 33 is configured to analyze the real-time log data to obtain a user feature profile;
a comparison unit 34, configured to compare the user representation with the user feature profile, and generate a corresponding user risk index according to a deviation degree generated by the comparison;
and the control unit 35 is configured to judge a corresponding relationship between the user risk index and a preset matching threshold in real time, and dynamically control the user permission.
Optionally, the training unit 32 further includes:
an offline acquisition unit 321 (not shown in the figure) for acquiring the history data in an offline mode;
a first processing unit 322 (not shown in the figure) for preprocessing the history data; wherein the preprocessing comprises one or more of cleaning, integrating, generalizing, or transforming the data;
a data analysis and mining unit 323 (not shown in the figure) for performing statistical analysis and data mining on the preprocessed data by using a data analysis and data mining algorithm to obtain a multi-dimensional label system of the class user;
and the system modeling unit 324 (not shown in the figure) is used for modeling the multi-dimensional label system of the class of users to generate the user portrait.
Optionally, the analyzing unit 33 further includes:
an online obtaining unit 331 (not shown in the figure) for obtaining the real-time log data in an online mode in real time;
a second processing unit 332 (not shown in the figure) for preprocessing the real-time log data; wherein the pre-processing comprises one or more of washing, integrating, generalizing, or transforming the data.
Fig. 4 is a schematic structural diagram of a dynamic user right management and control apparatus based on user behavior according to another embodiment of the present invention. Different from the previous embodiment, the apparatus 40 of the present embodiment further includes a dividing unit 41.
The management and control unit 41 is configured to classify risk levels and perform classification management and control according to the user permissions at different levels.
Each unit of the apparatus 30/40 can respectively execute the corresponding steps in the above method embodiments, and therefore, the description of each unit is not repeated herein, please refer to the description of the corresponding steps above.
The embodiment of the present invention further provides a device for dynamically managing and controlling user permissions based on user behaviors, which includes a processor, a memory, and a computer program stored in the memory, where the computer program can be executed by the processor to implement the method for dynamically managing and controlling user permissions based on user behaviors as described in the above embodiment.
The embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, and when the computer program runs, the device where the computer-readable storage medium is located is controlled to execute the method for dynamically managing and controlling user permissions based on user behaviors, as described in the above embodiment.
Illustratively, the computer program may be divided into one or more units, which are stored in the memory and executed by the processor to accomplish the present invention. The one or more units may be a series of instruction segments of the computer program capable of performing specific functions, and the instruction segments are used for describing the execution process of the computer program in the user authority dynamic control device based on the user behavior.
The user authority dynamic control device based on the user behavior can comprise but is not limited to a processor and a memory. Those skilled in the art will appreciate that the schematic diagram is merely an example of a device for dynamically managing user permissions based on user behaviors, and does not constitute a limitation of the device for dynamically managing user permissions based on user behaviors, and may include more or less components than those shown, or combine some components, or different components, for example, the device for dynamically managing user permissions based on user behaviors may further include an input-output device, a network access device, a bus, and the like.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general-purpose processor may be a microprocessor or the processor may be any conventional processor, and the like, and the control center of the user right dynamic control device based on the user behavior uses various interfaces and lines to connect various parts of the entire user right dynamic control device based on the user behavior.
The memory may be used for storing the computer program and/or the module, and the processor may implement various functions of the device for dynamically managing user rights based on user behaviors by executing or executing the computer program and/or the module stored in the memory and calling data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
The unit integrated by the user right dynamic control device based on user behaviors can be stored in a computer readable storage medium if the unit is realized in the form of a software functional unit and sold or used as an independent product. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc.
The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
It should be noted that the above-described device embodiments are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. In addition, in the drawings of the embodiment of the apparatus provided by the present invention, the connection relationship between the modules indicates that there is a communication connection between them, and may be specifically implemented as one or more communication buses or signal lines. One of ordinary skill in the art can understand and implement it without inventive effort.
The embodiments in the above embodiments can be further combined or replaced, and the embodiments are only used for describing the preferred embodiments of the present invention, and do not limit the concept and scope of the present invention, and various changes and modifications made to the technical solution of the present invention by those skilled in the art without departing from the design idea of the present invention belong to the protection scope of the present invention.
Claims (10)
1. A user authority dynamic control method based on user behaviors is characterized by comprising the following steps:
acquiring collected user behavior data; the user behavior data comprises historical data and real-time log data of user historical access records;
training the historical data to generate a user portrait;
analyzing the real-time log data to obtain a user characteristic profile;
comparing the user portrait with the user characteristic outline, and generating a corresponding user danger index through the deviation degree generated by comparison;
and judging the corresponding relation between the user danger index and a preset matching threshold value in real time, and dynamically controlling the user permission.
2. The method for dynamically managing and controlling user permissions based on user behaviors of claim 1, wherein the training the historical data to generate a user representation comprises:
acquiring the historical data in an offline mode;
preprocessing the historical data; wherein the preprocessing comprises one or more of cleaning, integrating, generalizing, or transforming the data;
carrying out statistical analysis and data mining on the preprocessed data by using a data analysis and data mining algorithm to obtain a multi-dimensional label system of the similar user;
and modeling the multi-dimensional label system of the class user to generate the user portrait.
3. The method according to claim 1, wherein the analyzing the real-time log data includes:
acquiring the real-time log data in real time in an online mode;
preprocessing the real-time log data; wherein the pre-processing comprises one or more of washing, integrating, generalizing, or transforming the data.
4. The method according to claim 1, wherein after dynamically managing the user right, the method further comprises:
and classifying risk levels, and performing classification management and control according to the user permissions of different levels.
5. A dynamic management and control device for user authority based on user behavior is characterized in that the device comprises:
the acquisition unit is used for acquiring the collected user behavior data; the user behavior data comprises historical data and real-time log data of user historical access records;
the training unit is used for training the historical data to generate a user portrait;
the analysis unit is used for analyzing the real-time log data to obtain a user characteristic profile;
the comparison unit is used for comparing the user portrait with the user characteristic outline and generating a corresponding user danger index through the deviation degree generated by comparison;
and the control unit is used for judging the corresponding relation between the user danger index and a preset matching threshold value in real time and dynamically controlling the user permission.
6. The apparatus according to claim 5, wherein the training unit further includes:
the off-line acquisition unit is used for acquiring the historical data in an off-line mode;
the first processing unit is used for preprocessing the historical data; wherein the preprocessing comprises one or more of cleaning, integrating, generalizing, and/or transforming the data;
the data analysis and mining unit is used for carrying out statistical analysis and data mining on the preprocessed data by utilizing a data analysis and data mining algorithm to obtain a multi-dimensional label system of the similar user;
and the system modeling unit is used for modeling the multi-dimensional label system of the class user to generate the user portrait.
7. The apparatus for dynamically managing user's authority based on user's behavior according to claim 5, wherein the analyzing unit further includes:
the online acquisition unit is used for acquiring the real-time log data in an online mode in real time;
the second processing unit is used for preprocessing the real-time log data; wherein the pre-processing comprises one or more of washing, integrating, generalizing, or transforming the data.
8. The apparatus for dynamically managing user authority based on user behavior according to claim 5, further comprising:
and the dividing unit is used for dividing risk grades and carrying out classification management and control according to the user permissions of different grades.
9. A device for dynamic management and control of user permissions based on user behaviors, comprising a processor, a memory and a computer program stored in the memory, the computer program being executable by the processor to implement the method for dynamic management and control of user permissions based on user behaviors as claimed in any one of claims 1 to 4.
10. A computer-readable storage medium, comprising a stored computer program, wherein when the computer program runs, the apparatus on which the computer-readable storage medium is located is controlled to execute the method for dynamically managing user right based on user behavior according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010825324.4A CN111966995A (en) | 2020-08-17 | 2020-08-17 | User permission dynamic control method and device based on user behavior and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010825324.4A CN111966995A (en) | 2020-08-17 | 2020-08-17 | User permission dynamic control method and device based on user behavior and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111966995A true CN111966995A (en) | 2020-11-20 |
Family
ID=73389114
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010825324.4A Pending CN111966995A (en) | 2020-08-17 | 2020-08-17 | User permission dynamic control method and device based on user behavior and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111966995A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112651002A (en) * | 2020-12-31 | 2021-04-13 | 大为国际工程咨询有限公司 | Intelligent pricing method and system for project cost list and storage medium |
| CN112765591A (en) * | 2021-02-01 | 2021-05-07 | 深圳前海微众银行股份有限公司 | Authority management method, device and system and computer readable storage medium |
| CN113973087A (en) * | 2021-11-24 | 2022-01-25 | 中国银联股份有限公司 | Webpage access current limiting method and device and computer readable storage medium |
| CN114389901A (en) * | 2022-03-24 | 2022-04-22 | 湖南三湘银行股份有限公司 | Client authentication system based on online |
| CN117478441A (en) * | 2023-12-28 | 2024-01-30 | 云南建投物流有限公司 | Dynamic access control method and system based on intelligent analysis of user behaviors |
| CN117911085A (en) * | 2024-03-18 | 2024-04-19 | 南京焦点方寸信息技术有限公司 | User management system, method and terminal based on enterprise marketing |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140189098A1 (en) * | 2012-12-28 | 2014-07-03 | Equifax Inc. | Systems and Methods for Network Risk Reduction |
| CN106504099A (en) * | 2015-09-07 | 2017-03-15 | 国家计算机网络与信息安全管理中心 | A kind of system for building user's portrait |
| CN109460644A (en) * | 2018-10-22 | 2019-03-12 | 平安科技(深圳)有限公司 | A kind of determination method and apparatus of user right |
| CN109992982A (en) * | 2019-04-11 | 2019-07-09 | 北京信息科技大学 | Big data access authorization methods, device and big data platform |
| CN110781930A (en) * | 2019-10-14 | 2020-02-11 | 西安交通大学 | User portrait grouping and behavior analysis method and system based on log data of network security equipment |
-
2020
- 2020-08-17 CN CN202010825324.4A patent/CN111966995A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140189098A1 (en) * | 2012-12-28 | 2014-07-03 | Equifax Inc. | Systems and Methods for Network Risk Reduction |
| CN106504099A (en) * | 2015-09-07 | 2017-03-15 | 国家计算机网络与信息安全管理中心 | A kind of system for building user's portrait |
| CN109460644A (en) * | 2018-10-22 | 2019-03-12 | 平安科技(深圳)有限公司 | A kind of determination method and apparatus of user right |
| CN109992982A (en) * | 2019-04-11 | 2019-07-09 | 北京信息科技大学 | Big data access authorization methods, device and big data platform |
| CN110781930A (en) * | 2019-10-14 | 2020-02-11 | 西安交通大学 | User portrait grouping and behavior analysis method and system based on log data of network security equipment |
Non-Patent Citations (1)
| Title |
|---|
| 韩忠明,段大高: "《数据分析与R》", 北京邮电大学出版社 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112651002A (en) * | 2020-12-31 | 2021-04-13 | 大为国际工程咨询有限公司 | Intelligent pricing method and system for project cost list and storage medium |
| CN112765591A (en) * | 2021-02-01 | 2021-05-07 | 深圳前海微众银行股份有限公司 | Authority management method, device and system and computer readable storage medium |
| CN112765591B (en) * | 2021-02-01 | 2024-01-16 | 深圳前海微众银行股份有限公司 | Rights management method, device, system and computer readable storage medium |
| CN113973087A (en) * | 2021-11-24 | 2022-01-25 | 中国银联股份有限公司 | Webpage access current limiting method and device and computer readable storage medium |
| CN113973087B (en) * | 2021-11-24 | 2024-01-05 | 中国银联股份有限公司 | Webpage access current limiting method and device and computer readable storage medium |
| CN114389901A (en) * | 2022-03-24 | 2022-04-22 | 湖南三湘银行股份有限公司 | Client authentication system based on online |
| CN117478441A (en) * | 2023-12-28 | 2024-01-30 | 云南建投物流有限公司 | Dynamic access control method and system based on intelligent analysis of user behaviors |
| CN117478441B (en) * | 2023-12-28 | 2024-03-12 | 云南建投物流有限公司 | Dynamic access control method and system based on intelligent analysis of user behaviors |
| CN117911085A (en) * | 2024-03-18 | 2024-04-19 | 南京焦点方寸信息技术有限公司 | User management system, method and terminal based on enterprise marketing |
| CN117911085B (en) * | 2024-03-18 | 2024-06-11 | 南京焦点方寸信息技术有限公司 | User management system, method and terminal based on enterprise marketing |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111966995A (en) | User permission dynamic control method and device based on user behavior and equipment | |
| US11157629B2 (en) | Identity risk and cyber access risk engine | |
| EP3616096B1 (en) | Anomaly and causation detection in computing environments | |
| CN106789885B (en) | User abnormal behavior detection and analysis method under big data environment | |
| CN111027615B (en) | Middleware fault early warning method and system based on machine learning | |
| CN112800116B (en) | Method and device for detecting abnormity of service data | |
| CN111885040A (en) | Distributed network situation perception method, system, server and node equipment | |
| CN109977689A (en) | A kind of Method of Database Secure Audit method, apparatus and electronic equipment | |
| CN110020687B (en) | Abnormal behavior analysis method and device based on operator situation perception portrait | |
| WO2019051042A1 (en) | Apparatus and method for real time analysis, predicting and reporting of anomalous database transaction log activity | |
| CN111737101A (en) | User behavior monitoring method, device, equipment and medium based on big data | |
| CN106383916B (en) | Data processing method based on predictive maintenance of industrial equipment | |
| CN112965979B (en) | User behavior analysis method and device and electronic equipment | |
| CN111489166A (en) | Risk prevention and control method, device, processing equipment and system | |
| CN113556358A (en) | Abnormal flow data detection method, device, equipment and storage medium | |
| CN116112194A (en) | User behavior analysis method and device, electronic equipment and computer storage medium | |
| CN113705074B (en) | Chemical accident risk prediction method and device | |
| CN116668192B (en) | Network user behavior anomaly detection method and system | |
| CN115982646B (en) | Management method and system for multisource test data based on cloud platform | |
| CN110740111A (en) | data leakage-proof method, device and computer readable storage medium | |
| CN115098336A (en) | Method, system, equipment and storage medium for monitoring warehouse tasks | |
| CN113518058B (en) | Abnormal login behavior detection method and device, storage medium and computer equipment | |
| CN109685217B (en) | Data processing method, device, storage medium and processor | |
| CN111435346A (en) | Offline data processing method, device and equipment | |
| CN117376030B (en) | Flow anomaly detection method, device, computer equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201120 |