CN114157490A - User request event analysis method based on clustering algorithm - Google Patents
User request event analysis method based on clustering algorithm Download PDFInfo
- Publication number
- CN114157490A CN114157490A CN202111475084.0A CN202111475084A CN114157490A CN 114157490 A CN114157490 A CN 114157490A CN 202111475084 A CN202111475084 A CN 202111475084A CN 114157490 A CN114157490 A CN 114157490A
- Authority
- CN
- China
- Prior art keywords
- analysis
- request
- clustering algorithm
- event
- identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/23—Clustering techniques
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention provides a user request event analysis method based on a clustering algorithm, which expresses characteristic information by acquiring account login request, wherein the expression characteristic information comprises the following steps: IP address, account number, equipment model; analyzing the performance characteristic information according to a preset analysis model to obtain an analysis result; the analysis result comprises the results of request environment analysis, data tampering analysis and the like; the preset analysis model is an analysis model obtained by training according to historical data and a simulator, risk request events are identified in real time based on a clustering algorithm and the analysis results, identification results are obtained, risk users are controlled according to the identification results, and safety of a service platform is improved. The user request event analysis method based on the clustering algorithm has the advantages that risk request events can be identified in real time, and the safety of a service platform can be improved.
Description
Technical Field
The invention relates to the technical field of risk assessment, in particular to a user request event analysis method based on a clustering algorithm.
Background
Risk assessment refers to the task of quantitatively assessing the likelihood of impact and loss on various aspects of a person's life, property, etc. before or after (but not before) a risk event, namely, risk assessment is to quantify the degree of possibility of assessing the influence or loss of an event or thing, and from the perspective of information security, risk assessment is to assess the threat, existing weakness, and impact on an information asset (i.e., an information set of an event or thing), and the evaluation of the risk possibility brought by the comprehensive action of the three components is taken as the basis of risk management, the risk evaluation is an important way for organizing and determining the information security requirement, belongs to the process planned by an information security management system, and a project investment risk evaluation report is the process for analyzing and determining the risk along with the rapid development of the Internet and the mobile communication technology.
At present, when a user operates a service platform, certain potential safety hazards exist, when a request is sent, the false nature of the event exists, the event is easy to be utilized by lawbreakers, the risk request event cannot be identified in real time, the safety of the service platform cannot be improved, the account safety of the user is reduced, and the use requirement of the user cannot be met.
Therefore, it is necessary to provide a user request event analysis method based on a clustering algorithm to solve the above technical problems.
Disclosure of Invention
In order to solve the technical problems, the invention provides a user request event analysis method based on a clustering algorithm, which can identify risk request events in real time and improve the safety of a service platform.
The invention provides a user request event analysis method based on a clustering algorithm, which comprises the following steps:
s1, obtaining the account login request performance characteristic information;
s2, analyzing the performance characteristic information according to a preset analysis model to obtain an analysis result;
and S3, identifying the risk request event in real time based on the clustering algorithm and the analysis result, and obtaining an identification result.
In order to implement the present feature information conveniently, the present feature information in step S1 includes an IP address, and a user account number and a device model.
In order to achieve the effect of facilitating analysis of the environment analysis and the data tampering analysis, the analysis result in step S2 includes a request for environment analysis, and the analysis result also includes results of data tampering analysis and the like.
In order to achieve the effect of conveniently analyzing the historical data, the preset analysis model in step S2 is an analysis model obtained by training the simulator according to the historical data, and is used for analyzing the historical data.
In order to achieve the effect of conveniently controlling the risky users according to the recognition result, in step S3, the real-time recognition controls the risky users according to the recognition result, so as to control the risky users.
In order to achieve the effect of conveniently identifying whether the data is tampered, the event real-time identification further comprises tampering identification for identifying whether the data is tampered.
In order to achieve the effects of conveniently identifying the environment and conveniently performing counterfeit identification, the event real-time identification further comprises environment identification and counterfeit identification.
In order to achieve the effects of facilitating the environment for the event request and identifying whether the event request is forged, the environment identification is used for identifying whether the event request environment is normal, and the forged identification is used for identifying whether the event request is forged.
In order to achieve the effect of conveniently acquiring data and comparing and identifying, the event real-time identification comprises an acquisition module and an identification module, and the acquisition module is used for acquiring data and comparing and identifying.
In order to achieve the effect of conveniently identifying and comparing the event request data with the original IP address, the account and the equipment model, the acquisition module and the identification module identify and compare the event request data with the original IP address, the account and the equipment model and are used for identifying and comparing the risk request event in real time.
Compared with the related technology, the user request event analysis method based on the clustering algorithm has the following beneficial effects:
1. the invention expresses characteristic information by obtaining the account login request, and the expressed characteristic information comprises the following steps: IP address, account number, equipment model; analyzing the performance characteristic information according to a preset analysis model to obtain an analysis result; the analysis result comprises the results of request environment analysis, data tampering analysis and the like; the preset analysis model is an analysis model obtained according to historical data and simulator training, risk request events are identified in real time based on a clustering algorithm and an analysis result, an identification result is obtained, risk users are controlled according to the identification result, the risk request events are identified in real time, the safety of a service platform is improved, and the problems that certain potential safety hazards exist when the users operate the service platform, the false nature of the events exists when the users send the requests, the events are easy to be utilized by lawbreakers, the risk request events cannot be identified in real time, the safety of the service platform cannot be improved, and the safety of user accounts is reduced are solved;
2. the performance characteristic information comprises an IP address, and comprises a user account number and an equipment model, wherein the IP address, the user account number and the equipment model can be used as characteristic information of a user account for subsequent comparison and identification, the analysis result comprises request environment analysis, the request environment analysis comprises data tampering analysis, the safety of the account can be improved by analyzing whether the data is tampered, the analysis model is preset according to historical data and an analysis model obtained by simulator training, the data can be conveniently analyzed, when the user sends a request, the request sent by the user can be conveniently analyzed, the IP address, the account number and the equipment model sent by the user can be conveniently analyzed, the obtained analysis result can protect the account safety of the user, the real-time identification controls a risk user according to the identification result, and the control of the risk user is convenient, when a user sends a request, a risk request sent by the user is controlled, so that the safety of a user account can be improved, the account of the user is protected conveniently, when the user sends the request, the event real-time identification comprises tampering identification for identifying whether data is tampered or not, the tampering identification comprises environment identification and counterfeiting identification, whether data is tampered or not and whether the data is counterfeit or not can be identified, meanwhile, the event real-time identification comprises an acquisition module and an identification module, the data can be acquired, the acquired data can be compared and identified conveniently, the acquisition module and the identification module can identify and compare the event request data with an original IP address, an account and a device model, the risk request event can be identified in real time, and the account safety of the user is guaranteed.
Drawings
Fig. 1 is a flowchart of a method for analyzing a user request event based on a clustering algorithm according to a preferred embodiment of the present invention.
Detailed Description
The invention is further described with reference to the following figures and embodiments.
Please refer to fig. 1 in combination, wherein fig. 1 is a flowchart illustrating a method for analyzing a user request event based on a clustering algorithm according to a preferred embodiment of the present invention. The user request event analysis method based on the clustering algorithm comprises the following steps:
s1, obtaining the account login request performance characteristic information;
s2, analyzing the performance characteristic information according to a preset analysis model to obtain an analysis result;
and S3, identifying the risk request event in real time based on the clustering algorithm and the analysis result, and obtaining an identification result.
In a specific implementation process, as shown in fig. 1, the representation characteristic information in step S1 includes an IP address, a user account number and a device model.
The analysis result in step S2 includes a request for environment analysis, and the analysis result also includes results such as data tampering analysis.
The preset analysis model in step S2 is an analysis model obtained by training the simulator according to the historical data, and is used for analyzing the historical data.
It should be noted that: the performance characteristic information comprises an IP address, a user account number and an equipment model, wherein the IP address, the user account number and the equipment model can be used as characteristic information of a user account and used for subsequent comparison and identification, the analysis result comprises request environment analysis, the request environment analysis comprises data tampering analysis, whether the data are tampered or not is analyzed, the safety of the account can be improved, the analysis model is preset and is convenient to analyze the data according to historical data and an obtained analysis model trained by a simulator, when the user sends the request, the request sent by the user can be convenient, the request comprises the IP address, the account number and the equipment model sent by the user, and the obtained analysis result can protect the account safety of the user.
Referring to fig. 1, in step S3, the real-time recognition controls the risky users according to the recognition result, so as to control the risky users.
It should be noted that: the risk users are controlled according to the identification results through real-time identification, the risk users are conveniently controlled, when the users send requests, the risk requests sent by the users are controlled, the safety of user accounts can be improved, and the accounts of the users can be conveniently protected.
Referring to fig. 1, the event real-time identification further includes tamper identification for identifying whether data is tampered.
The real-time event identification also comprises environment identification and counterfeit identification.
The environment identification is used for identifying whether the environment of the event request is normal, and the forgery identification is used for identifying whether the event request is forged.
The event real-time identification comprises an acquisition module and an identification module, and is used for acquiring data and comparing identification.
The acquisition module and the identification module identify and compare the event request data with the original IP address, the account and the equipment model and are used for identifying the risk request event in real time.
It should be noted that: when a user sends a request, the event real-time identification comprises tampering identification used for identifying whether data are tampered or not, meanwhile, the tampering identification comprises environment identification and counterfeiting identification, whether the data are tampered or not and whether the data are counterfeit or not can be identified, meanwhile, the event real-time identification comprises an acquisition module and an identification module, the data can be acquired, the acquired data can be conveniently compared and identified, the acquisition module and the identification module can be used for identifying and comparing the event request data with an original IP address, an account and an equipment model, the risk request event can be identified in real time, and account safety of the user is guaranteed.
The working principle of the user request event analysis method based on the clustering algorithm provided by the invention is as follows:
the invention expresses characteristic information by obtaining the account login request, and the expressed characteristic information comprises the following steps: IP address, account number, equipment model; analyzing the performance characteristic information according to a preset analysis model to obtain an analysis result; the analysis result comprises the results of request environment analysis, data tampering analysis and the like; the preset analysis model is an analysis model obtained according to historical data and simulator training, risk request events are identified in real time based on a clustering algorithm and analysis results, identification results are obtained, risk users are controlled according to the identification results, the risk request events are identified in real time, the safety of a service platform is improved, the performance characteristic information comprises an IP address and a user account number and an equipment model, the IP address, the user account number and the equipment model can be used as characteristic information of the user account for subsequent comparison and identification, the analysis results comprise request environment analysis, the request environment analysis comprises data tampering analysis, the safety of the account can be improved by analyzing whether data are tampered, and the preset analysis model is convenient for analyzing the data according to the historical data and the analysis model obtained by simulator training, when a user sends a request, the request sent by the user can be conveniently analyzed, the analysis result can protect the account security of the user, when the user sends the request, the event real-time identification comprises tampering identification and is used for identifying whether data are tampered, the tampering identification comprises environment identification and counterfeiting identification and can identify whether the data are tampered and whether the data are counterfeit, the event real-time identification comprises an acquisition module and an identification module and can acquire the data and conveniently compare and identify the acquired data, the acquisition module and the identification module can identify and compare the event request data with the original IP address, the account and the device model, the risk request event can be identified in real time, and the account security of the user is guaranteed, the problem of when the user operates at the service platform, have certain potential safety hazard, when sending the request, have the false nature of incident, easily be utilized by lawless persons, can't pass through real-time discernment to the risk request incident, lead to can not improve service platform security, reduced user account safety is solved.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A user request event analysis method based on a clustering algorithm is characterized by comprising the following steps:
s1, obtaining the account login request performance characteristic information;
s2, analyzing the performance characteristic information according to a preset analysis model to obtain an analysis result;
and S3, identifying the risk request event in real time based on the clustering algorithm and the analysis result, and obtaining an identification result.
2. The method for analyzing user request events based on clustering algorithm as claimed in claim 1, wherein the representation characteristic information in step S1 includes IP address, user account number and device model.
3. The method for analyzing user request events based on clustering algorithm as claimed in claim 1, wherein the analysis result in step S2 includes request environment analysis, and the analysis result further includes data tampering analysis and the like.
4. The method for analyzing user request events based on clustering algorithm as claimed in claim 1, wherein the predetermined analysis model in step S2 is an analysis model obtained from historical data and simulator training, and is used for analyzing historical data.
5. The method for analyzing user request events based on clustering algorithm according to claim 1, wherein the real-time recognition in step S3 controls the at-risk user according to the recognition result, for controlling the at-risk user.
6. The user request event analyzing method based on clustering algorithm as claimed in claim 1, wherein the event real-time identification further comprises tamper identification for identifying whether data is tampered.
7. The method for analyzing user request events based on clustering algorithm as claimed in claim 1, wherein the real-time event identification further comprises environment identification and counterfeit identification.
8. The user request event analyzing method based on clustering algorithm as claimed in claim 7, wherein the environment recognition is used to recognize whether the environment of the event request is normal, and the forgery recognition is used to recognize whether the event request is forged.
9. The method for analyzing user request events based on clustering algorithm according to claim 1, wherein the real-time event recognition comprises an acquisition module and a recognition module for acquiring data and comparing recognition.
10. The method for analyzing user request events based on clustering algorithm according to claim 9, wherein the obtaining module and the identifying module compare the event request data with the original IP address, the account and the device model for identifying the risk request events in real time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111475084.0A CN114157490A (en) | 2021-12-03 | 2021-12-03 | User request event analysis method based on clustering algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111475084.0A CN114157490A (en) | 2021-12-03 | 2021-12-03 | User request event analysis method based on clustering algorithm |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114157490A true CN114157490A (en) | 2022-03-08 |
Family
ID=80452563
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111475084.0A Pending CN114157490A (en) | 2021-12-03 | 2021-12-03 | User request event analysis method based on clustering algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114157490A (en) |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020010684A1 (en) * | 1999-12-07 | 2002-01-24 | Moskowitz Scott A. | Systems, methods and devices for trusted transactions |
CN106503562A (en) * | 2015-09-06 | 2017-03-15 | 阿里巴巴集团控股有限公司 | A kind of Risk Identification Method and device |
US20170237752A1 (en) * | 2016-02-11 | 2017-08-17 | Honeywell International Inc. | Prediction of potential cyber security threats and risks in an industrial control system using predictive cyber analytics |
CN107256257A (en) * | 2017-06-12 | 2017-10-17 | 上海携程商务有限公司 | Abnormal user generation content identification method and system based on business datum |
CN109922032A (en) * | 2017-12-13 | 2019-06-21 | 百度在线网络技术(北京)有限公司 | Method and apparatus for determining the risk of logon account |
US20190394242A1 (en) * | 2012-09-28 | 2019-12-26 | Rex Wig | System and method of a requirement, active compliance and resource management for cyber security application |
CN111125695A (en) * | 2019-12-26 | 2020-05-08 | 武汉极意网络科技有限公司 | Account risk assessment method, device, equipment and storage medium |
CN111400357A (en) * | 2020-02-21 | 2020-07-10 | 中国建设银行股份有限公司 | Method and device for identifying abnormal login |
US20210297447A1 (en) * | 2015-10-28 | 2021-09-23 | Qomplx, Inc. | Detecting and mitigating attacks using forged authentication objects within a domain |
-
2021
- 2021-12-03 CN CN202111475084.0A patent/CN114157490A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020010684A1 (en) * | 1999-12-07 | 2002-01-24 | Moskowitz Scott A. | Systems, methods and devices for trusted transactions |
US20190394242A1 (en) * | 2012-09-28 | 2019-12-26 | Rex Wig | System and method of a requirement, active compliance and resource management for cyber security application |
CN106503562A (en) * | 2015-09-06 | 2017-03-15 | 阿里巴巴集团控股有限公司 | A kind of Risk Identification Method and device |
US20210297447A1 (en) * | 2015-10-28 | 2021-09-23 | Qomplx, Inc. | Detecting and mitigating attacks using forged authentication objects within a domain |
US20170237752A1 (en) * | 2016-02-11 | 2017-08-17 | Honeywell International Inc. | Prediction of potential cyber security threats and risks in an industrial control system using predictive cyber analytics |
CN107256257A (en) * | 2017-06-12 | 2017-10-17 | 上海携程商务有限公司 | Abnormal user generation content identification method and system based on business datum |
CN109922032A (en) * | 2017-12-13 | 2019-06-21 | 百度在线网络技术(北京)有限公司 | Method and apparatus for determining the risk of logon account |
CN111125695A (en) * | 2019-12-26 | 2020-05-08 | 武汉极意网络科技有限公司 | Account risk assessment method, device, equipment and storage medium |
CN111400357A (en) * | 2020-02-21 | 2020-07-10 | 中国建设银行股份有限公司 | Method and device for identifying abnormal login |
Non-Patent Citations (1)
Title |
---|
杨天红;刘西文;: "互联网移动支付安全风险研究", 农村经济与科技, no. 02 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106330919A (en) | Operation and maintenance safety auditing method and system | |
CN111861732A (en) | Risk assessment system and method | |
TW201723967A (en) | Financial terminal security system and financial terminal security method | |
CN109446936A (en) | A kind of personal identification method and device for monitoring scene | |
CN112052731B (en) | Intelligent portrait identification card punching attendance system and method | |
CN110458662B (en) | Anti-fraud wind control method and device | |
CN103778560A (en) | Loan business information authenticity verification implementation method and device | |
WO2022142319A1 (en) | False insurance claim report processing method and apparatus, and computer device and storage medium | |
CN113076859A (en) | Safety monitoring method and system for face recognition, electronic equipment and storage medium | |
CN114155614B (en) | Method and system for identifying anti-violation behavior of operation site | |
CN106817342A (en) | Active identity authorization system based on user behavior feature recognition | |
CN110689443A (en) | Insurance data processing method and device, storage medium and server | |
CN208705952U (en) | A kind of rights management unit | |
CN111462417A (en) | Multi-information verification system and multi-information verification method for unmanned bank | |
CN107491891A (en) | A kind of safety monitor information cloud plateform system based on Quick Response Code | |
CN114157490A (en) | User request event analysis method based on clustering algorithm | |
CN109345186B (en) | Service handling method based on Internet of things and terminal equipment | |
CN115240264B (en) | Visitor risk value evaluation method and system | |
CN110246250A (en) | A kind of laboratory safety access management system | |
CN113642462A (en) | Driving behavior assessment method and device, terminal equipment and storage medium | |
CN109194672A (en) | A kind of network intrusions warning system and method based on man machine language's interaction | |
CN115776411A (en) | Data security analysis method, system and readable storage medium | |
CN113553555A (en) | Client security authentication method and device | |
CN114511200A (en) | Job data generation method and device, computer equipment and storage medium | |
US11354910B2 (en) | Frictionless authentication and monitoring |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |