CN114157490A - User request event analysis method based on clustering algorithm - Google Patents

User request event analysis method based on clustering algorithm Download PDF

Info

Publication number
CN114157490A
CN114157490A CN202111475084.0A CN202111475084A CN114157490A CN 114157490 A CN114157490 A CN 114157490A CN 202111475084 A CN202111475084 A CN 202111475084A CN 114157490 A CN114157490 A CN 114157490A
Authority
CN
China
Prior art keywords
analysis
request
clustering algorithm
event
identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111475084.0A
Other languages
Chinese (zh)
Inventor
谢强
陈晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Jiyi Network Technology Co ltd
Original Assignee
Wuhan Jiyi Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Jiyi Network Technology Co ltd filed Critical Wuhan Jiyi Network Technology Co ltd
Priority to CN202111475084.0A priority Critical patent/CN114157490A/en
Publication of CN114157490A publication Critical patent/CN114157490A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/23Clustering techniques
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The invention provides a user request event analysis method based on a clustering algorithm, which expresses characteristic information by acquiring account login request, wherein the expression characteristic information comprises the following steps: IP address, account number, equipment model; analyzing the performance characteristic information according to a preset analysis model to obtain an analysis result; the analysis result comprises the results of request environment analysis, data tampering analysis and the like; the preset analysis model is an analysis model obtained by training according to historical data and a simulator, risk request events are identified in real time based on a clustering algorithm and the analysis results, identification results are obtained, risk users are controlled according to the identification results, and safety of a service platform is improved. The user request event analysis method based on the clustering algorithm has the advantages that risk request events can be identified in real time, and the safety of a service platform can be improved.

Description

User request event analysis method based on clustering algorithm
Technical Field
The invention relates to the technical field of risk assessment, in particular to a user request event analysis method based on a clustering algorithm.
Background
Risk assessment refers to the task of quantitatively assessing the likelihood of impact and loss on various aspects of a person's life, property, etc. before or after (but not before) a risk event, namely, risk assessment is to quantify the degree of possibility of assessing the influence or loss of an event or thing, and from the perspective of information security, risk assessment is to assess the threat, existing weakness, and impact on an information asset (i.e., an information set of an event or thing), and the evaluation of the risk possibility brought by the comprehensive action of the three components is taken as the basis of risk management, the risk evaluation is an important way for organizing and determining the information security requirement, belongs to the process planned by an information security management system, and a project investment risk evaluation report is the process for analyzing and determining the risk along with the rapid development of the Internet and the mobile communication technology.
At present, when a user operates a service platform, certain potential safety hazards exist, when a request is sent, the false nature of the event exists, the event is easy to be utilized by lawbreakers, the risk request event cannot be identified in real time, the safety of the service platform cannot be improved, the account safety of the user is reduced, and the use requirement of the user cannot be met.
Therefore, it is necessary to provide a user request event analysis method based on a clustering algorithm to solve the above technical problems.
Disclosure of Invention
In order to solve the technical problems, the invention provides a user request event analysis method based on a clustering algorithm, which can identify risk request events in real time and improve the safety of a service platform.
The invention provides a user request event analysis method based on a clustering algorithm, which comprises the following steps:
s1, obtaining the account login request performance characteristic information;
s2, analyzing the performance characteristic information according to a preset analysis model to obtain an analysis result;
and S3, identifying the risk request event in real time based on the clustering algorithm and the analysis result, and obtaining an identification result.
In order to implement the present feature information conveniently, the present feature information in step S1 includes an IP address, and a user account number and a device model.
In order to achieve the effect of facilitating analysis of the environment analysis and the data tampering analysis, the analysis result in step S2 includes a request for environment analysis, and the analysis result also includes results of data tampering analysis and the like.
In order to achieve the effect of conveniently analyzing the historical data, the preset analysis model in step S2 is an analysis model obtained by training the simulator according to the historical data, and is used for analyzing the historical data.
In order to achieve the effect of conveniently controlling the risky users according to the recognition result, in step S3, the real-time recognition controls the risky users according to the recognition result, so as to control the risky users.
In order to achieve the effect of conveniently identifying whether the data is tampered, the event real-time identification further comprises tampering identification for identifying whether the data is tampered.
In order to achieve the effects of conveniently identifying the environment and conveniently performing counterfeit identification, the event real-time identification further comprises environment identification and counterfeit identification.
In order to achieve the effects of facilitating the environment for the event request and identifying whether the event request is forged, the environment identification is used for identifying whether the event request environment is normal, and the forged identification is used for identifying whether the event request is forged.
In order to achieve the effect of conveniently acquiring data and comparing and identifying, the event real-time identification comprises an acquisition module and an identification module, and the acquisition module is used for acquiring data and comparing and identifying.
In order to achieve the effect of conveniently identifying and comparing the event request data with the original IP address, the account and the equipment model, the acquisition module and the identification module identify and compare the event request data with the original IP address, the account and the equipment model and are used for identifying and comparing the risk request event in real time.
Compared with the related technology, the user request event analysis method based on the clustering algorithm has the following beneficial effects:
1. the invention expresses characteristic information by obtaining the account login request, and the expressed characteristic information comprises the following steps: IP address, account number, equipment model; analyzing the performance characteristic information according to a preset analysis model to obtain an analysis result; the analysis result comprises the results of request environment analysis, data tampering analysis and the like; the preset analysis model is an analysis model obtained according to historical data and simulator training, risk request events are identified in real time based on a clustering algorithm and an analysis result, an identification result is obtained, risk users are controlled according to the identification result, the risk request events are identified in real time, the safety of a service platform is improved, and the problems that certain potential safety hazards exist when the users operate the service platform, the false nature of the events exists when the users send the requests, the events are easy to be utilized by lawbreakers, the risk request events cannot be identified in real time, the safety of the service platform cannot be improved, and the safety of user accounts is reduced are solved;
2. the performance characteristic information comprises an IP address, and comprises a user account number and an equipment model, wherein the IP address, the user account number and the equipment model can be used as characteristic information of a user account for subsequent comparison and identification, the analysis result comprises request environment analysis, the request environment analysis comprises data tampering analysis, the safety of the account can be improved by analyzing whether the data is tampered, the analysis model is preset according to historical data and an analysis model obtained by simulator training, the data can be conveniently analyzed, when the user sends a request, the request sent by the user can be conveniently analyzed, the IP address, the account number and the equipment model sent by the user can be conveniently analyzed, the obtained analysis result can protect the account safety of the user, the real-time identification controls a risk user according to the identification result, and the control of the risk user is convenient, when a user sends a request, a risk request sent by the user is controlled, so that the safety of a user account can be improved, the account of the user is protected conveniently, when the user sends the request, the event real-time identification comprises tampering identification for identifying whether data is tampered or not, the tampering identification comprises environment identification and counterfeiting identification, whether data is tampered or not and whether the data is counterfeit or not can be identified, meanwhile, the event real-time identification comprises an acquisition module and an identification module, the data can be acquired, the acquired data can be compared and identified conveniently, the acquisition module and the identification module can identify and compare the event request data with an original IP address, an account and a device model, the risk request event can be identified in real time, and the account safety of the user is guaranteed.
Drawings
Fig. 1 is a flowchart of a method for analyzing a user request event based on a clustering algorithm according to a preferred embodiment of the present invention.
Detailed Description
The invention is further described with reference to the following figures and embodiments.
Please refer to fig. 1 in combination, wherein fig. 1 is a flowchart illustrating a method for analyzing a user request event based on a clustering algorithm according to a preferred embodiment of the present invention. The user request event analysis method based on the clustering algorithm comprises the following steps:
s1, obtaining the account login request performance characteristic information;
s2, analyzing the performance characteristic information according to a preset analysis model to obtain an analysis result;
and S3, identifying the risk request event in real time based on the clustering algorithm and the analysis result, and obtaining an identification result.
In a specific implementation process, as shown in fig. 1, the representation characteristic information in step S1 includes an IP address, a user account number and a device model.
The analysis result in step S2 includes a request for environment analysis, and the analysis result also includes results such as data tampering analysis.
The preset analysis model in step S2 is an analysis model obtained by training the simulator according to the historical data, and is used for analyzing the historical data.
It should be noted that: the performance characteristic information comprises an IP address, a user account number and an equipment model, wherein the IP address, the user account number and the equipment model can be used as characteristic information of a user account and used for subsequent comparison and identification, the analysis result comprises request environment analysis, the request environment analysis comprises data tampering analysis, whether the data are tampered or not is analyzed, the safety of the account can be improved, the analysis model is preset and is convenient to analyze the data according to historical data and an obtained analysis model trained by a simulator, when the user sends the request, the request sent by the user can be convenient, the request comprises the IP address, the account number and the equipment model sent by the user, and the obtained analysis result can protect the account safety of the user.
Referring to fig. 1, in step S3, the real-time recognition controls the risky users according to the recognition result, so as to control the risky users.
It should be noted that: the risk users are controlled according to the identification results through real-time identification, the risk users are conveniently controlled, when the users send requests, the risk requests sent by the users are controlled, the safety of user accounts can be improved, and the accounts of the users can be conveniently protected.
Referring to fig. 1, the event real-time identification further includes tamper identification for identifying whether data is tampered.
The real-time event identification also comprises environment identification and counterfeit identification.
The environment identification is used for identifying whether the environment of the event request is normal, and the forgery identification is used for identifying whether the event request is forged.
The event real-time identification comprises an acquisition module and an identification module, and is used for acquiring data and comparing identification.
The acquisition module and the identification module identify and compare the event request data with the original IP address, the account and the equipment model and are used for identifying the risk request event in real time.
It should be noted that: when a user sends a request, the event real-time identification comprises tampering identification used for identifying whether data are tampered or not, meanwhile, the tampering identification comprises environment identification and counterfeiting identification, whether the data are tampered or not and whether the data are counterfeit or not can be identified, meanwhile, the event real-time identification comprises an acquisition module and an identification module, the data can be acquired, the acquired data can be conveniently compared and identified, the acquisition module and the identification module can be used for identifying and comparing the event request data with an original IP address, an account and an equipment model, the risk request event can be identified in real time, and account safety of the user is guaranteed.
The working principle of the user request event analysis method based on the clustering algorithm provided by the invention is as follows:
the invention expresses characteristic information by obtaining the account login request, and the expressed characteristic information comprises the following steps: IP address, account number, equipment model; analyzing the performance characteristic information according to a preset analysis model to obtain an analysis result; the analysis result comprises the results of request environment analysis, data tampering analysis and the like; the preset analysis model is an analysis model obtained according to historical data and simulator training, risk request events are identified in real time based on a clustering algorithm and analysis results, identification results are obtained, risk users are controlled according to the identification results, the risk request events are identified in real time, the safety of a service platform is improved, the performance characteristic information comprises an IP address and a user account number and an equipment model, the IP address, the user account number and the equipment model can be used as characteristic information of the user account for subsequent comparison and identification, the analysis results comprise request environment analysis, the request environment analysis comprises data tampering analysis, the safety of the account can be improved by analyzing whether data are tampered, and the preset analysis model is convenient for analyzing the data according to the historical data and the analysis model obtained by simulator training, when a user sends a request, the request sent by the user can be conveniently analyzed, the analysis result can protect the account security of the user, when the user sends the request, the event real-time identification comprises tampering identification and is used for identifying whether data are tampered, the tampering identification comprises environment identification and counterfeiting identification and can identify whether the data are tampered and whether the data are counterfeit, the event real-time identification comprises an acquisition module and an identification module and can acquire the data and conveniently compare and identify the acquired data, the acquisition module and the identification module can identify and compare the event request data with the original IP address, the account and the device model, the risk request event can be identified in real time, and the account security of the user is guaranteed, the problem of when the user operates at the service platform, have certain potential safety hazard, when sending the request, have the false nature of incident, easily be utilized by lawless persons, can't pass through real-time discernment to the risk request incident, lead to can not improve service platform security, reduced user account safety is solved.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A user request event analysis method based on a clustering algorithm is characterized by comprising the following steps:
s1, obtaining the account login request performance characteristic information;
s2, analyzing the performance characteristic information according to a preset analysis model to obtain an analysis result;
and S3, identifying the risk request event in real time based on the clustering algorithm and the analysis result, and obtaining an identification result.
2. The method for analyzing user request events based on clustering algorithm as claimed in claim 1, wherein the representation characteristic information in step S1 includes IP address, user account number and device model.
3. The method for analyzing user request events based on clustering algorithm as claimed in claim 1, wherein the analysis result in step S2 includes request environment analysis, and the analysis result further includes data tampering analysis and the like.
4. The method for analyzing user request events based on clustering algorithm as claimed in claim 1, wherein the predetermined analysis model in step S2 is an analysis model obtained from historical data and simulator training, and is used for analyzing historical data.
5. The method for analyzing user request events based on clustering algorithm according to claim 1, wherein the real-time recognition in step S3 controls the at-risk user according to the recognition result, for controlling the at-risk user.
6. The user request event analyzing method based on clustering algorithm as claimed in claim 1, wherein the event real-time identification further comprises tamper identification for identifying whether data is tampered.
7. The method for analyzing user request events based on clustering algorithm as claimed in claim 1, wherein the real-time event identification further comprises environment identification and counterfeit identification.
8. The user request event analyzing method based on clustering algorithm as claimed in claim 7, wherein the environment recognition is used to recognize whether the environment of the event request is normal, and the forgery recognition is used to recognize whether the event request is forged.
9. The method for analyzing user request events based on clustering algorithm according to claim 1, wherein the real-time event recognition comprises an acquisition module and a recognition module for acquiring data and comparing recognition.
10. The method for analyzing user request events based on clustering algorithm according to claim 9, wherein the obtaining module and the identifying module compare the event request data with the original IP address, the account and the device model for identifying the risk request events in real time.
CN202111475084.0A 2021-12-03 2021-12-03 User request event analysis method based on clustering algorithm Pending CN114157490A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111475084.0A CN114157490A (en) 2021-12-03 2021-12-03 User request event analysis method based on clustering algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111475084.0A CN114157490A (en) 2021-12-03 2021-12-03 User request event analysis method based on clustering algorithm

Publications (1)

Publication Number Publication Date
CN114157490A true CN114157490A (en) 2022-03-08

Family

ID=80452563

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111475084.0A Pending CN114157490A (en) 2021-12-03 2021-12-03 User request event analysis method based on clustering algorithm

Country Status (1)

Country Link
CN (1) CN114157490A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020010684A1 (en) * 1999-12-07 2002-01-24 Moskowitz Scott A. Systems, methods and devices for trusted transactions
CN106503562A (en) * 2015-09-06 2017-03-15 阿里巴巴集团控股有限公司 A kind of Risk Identification Method and device
US20170237752A1 (en) * 2016-02-11 2017-08-17 Honeywell International Inc. Prediction of potential cyber security threats and risks in an industrial control system using predictive cyber analytics
CN107256257A (en) * 2017-06-12 2017-10-17 上海携程商务有限公司 Abnormal user generation content identification method and system based on business datum
CN109922032A (en) * 2017-12-13 2019-06-21 百度在线网络技术(北京)有限公司 Method and apparatus for determining the risk of logon account
US20190394242A1 (en) * 2012-09-28 2019-12-26 Rex Wig System and method of a requirement, active compliance and resource management for cyber security application
CN111125695A (en) * 2019-12-26 2020-05-08 武汉极意网络科技有限公司 Account risk assessment method, device, equipment and storage medium
CN111400357A (en) * 2020-02-21 2020-07-10 中国建设银行股份有限公司 Method and device for identifying abnormal login
US20210297447A1 (en) * 2015-10-28 2021-09-23 Qomplx, Inc. Detecting and mitigating attacks using forged authentication objects within a domain

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020010684A1 (en) * 1999-12-07 2002-01-24 Moskowitz Scott A. Systems, methods and devices for trusted transactions
US20190394242A1 (en) * 2012-09-28 2019-12-26 Rex Wig System and method of a requirement, active compliance and resource management for cyber security application
CN106503562A (en) * 2015-09-06 2017-03-15 阿里巴巴集团控股有限公司 A kind of Risk Identification Method and device
US20210297447A1 (en) * 2015-10-28 2021-09-23 Qomplx, Inc. Detecting and mitigating attacks using forged authentication objects within a domain
US20170237752A1 (en) * 2016-02-11 2017-08-17 Honeywell International Inc. Prediction of potential cyber security threats and risks in an industrial control system using predictive cyber analytics
CN107256257A (en) * 2017-06-12 2017-10-17 上海携程商务有限公司 Abnormal user generation content identification method and system based on business datum
CN109922032A (en) * 2017-12-13 2019-06-21 百度在线网络技术(北京)有限公司 Method and apparatus for determining the risk of logon account
CN111125695A (en) * 2019-12-26 2020-05-08 武汉极意网络科技有限公司 Account risk assessment method, device, equipment and storage medium
CN111400357A (en) * 2020-02-21 2020-07-10 中国建设银行股份有限公司 Method and device for identifying abnormal login

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杨天红;刘西文;: "互联网移动支付安全风险研究", 农村经济与科技, no. 02 *

Similar Documents

Publication Publication Date Title
CN106330919A (en) Operation and maintenance safety auditing method and system
CN111861732A (en) Risk assessment system and method
TW201723967A (en) Financial terminal security system and financial terminal security method
CN109446936A (en) A kind of personal identification method and device for monitoring scene
CN112052731B (en) Intelligent portrait identification card punching attendance system and method
CN110458662B (en) Anti-fraud wind control method and device
CN103778560A (en) Loan business information authenticity verification implementation method and device
WO2022142319A1 (en) False insurance claim report processing method and apparatus, and computer device and storage medium
CN113076859A (en) Safety monitoring method and system for face recognition, electronic equipment and storage medium
CN114155614B (en) Method and system for identifying anti-violation behavior of operation site
CN106817342A (en) Active identity authorization system based on user behavior feature recognition
CN110689443A (en) Insurance data processing method and device, storage medium and server
CN208705952U (en) A kind of rights management unit
CN111462417A (en) Multi-information verification system and multi-information verification method for unmanned bank
CN107491891A (en) A kind of safety monitor information cloud plateform system based on Quick Response Code
CN114157490A (en) User request event analysis method based on clustering algorithm
CN109345186B (en) Service handling method based on Internet of things and terminal equipment
CN115240264B (en) Visitor risk value evaluation method and system
CN110246250A (en) A kind of laboratory safety access management system
CN113642462A (en) Driving behavior assessment method and device, terminal equipment and storage medium
CN109194672A (en) A kind of network intrusions warning system and method based on man machine language's interaction
CN115776411A (en) Data security analysis method, system and readable storage medium
CN113553555A (en) Client security authentication method and device
CN114511200A (en) Job data generation method and device, computer equipment and storage medium
US11354910B2 (en) Frictionless authentication and monitoring

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination