CN114172717A - Account risk evaluation method based on event tracking - Google Patents
Account risk evaluation method based on event tracking Download PDFInfo
- Publication number
- CN114172717A CN114172717A CN202111466557.0A CN202111466557A CN114172717A CN 114172717 A CN114172717 A CN 114172717A CN 202111466557 A CN202111466557 A CN 202111466557A CN 114172717 A CN114172717 A CN 114172717A
- Authority
- CN
- China
- Prior art keywords
- account
- login information
- method based
- event tracking
- login
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/06—Asset management; Financial planning or analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention provides an account risk evaluation method based on event tracking, which comprises the steps of obtaining login information such as an IP address, a login equipment identification number and a login mobile phone number when an account logs in, determining whether the login information is the login information used by the account once according to the login information, monitoring and recording operation records of the account for each service in real time, calling an operation history record of the account for each service, comparing the operation history record with the current operation record to obtain operation similarity, locking the account when the operation similarity is lower than a preset safety threshold, monitoring the account which possibly has abnormity, and timely locking when the operation similarity is judged to have the risk of being stolen by a hacker according to the operation behavior to prevent loss. The account risk evaluation method based on event tracking has the advantages that accounts can be locked in time, and loss can be prevented in time.
Description
Technical Field
The invention relates to the technical field of account risk evaluation, in particular to an account risk evaluation method based on event tracking.
Background
Risk assessment refers to the work of quantitatively assessing the possibility of influence and loss caused by a risk event on various aspects of people's life, property and the like before or after the occurrence of the risk event, that is, risk assessment is the assessment of the possibility of quantitatively assessing the influence or loss caused by an event or thing, from the perspective of information security, risk assessment is the assessment of the possibility of risk caused by the combined action of threat, existing weakness and caused influence faced by an information asset (i.e. an information set possessed by an event or thing), and serves as the basis of risk management, the risk assessment is an important way for organizing and determining information security requirements, belongs to the process planned by an organization information security management system, and with the rapid development of the internet and mobile communication technology, an investment project risk assessment report is the process of analyzing and determining risk, in the international investment field, in order to reduce investment errors and risks of investors, a set of scientific theory and method which are suitable for the characteristics of the investment activities of the investors must be established for each investment activity, a project investment risk assessment report is a way of utilizing abundant data and data to qualitatively and quantitatively combine to comprehensively analyze and evaluate the risks of investment projects and take corresponding measures to reduce, solve and avoid the risks, the project investment risk assessment report is a way of objectively and fairly analyzing the investment risks of enterprises and projects from a third party according to an internationally-popular investment risk assessment method on the basis of comprehensively and systematically analyzing target enterprises and projects, and the investment risk assessment report contains all contents concerned by investment decisions, such as enterprise detailed introduction, project detailed introduction, product and service modes, market analysis, investment and the like, Financing requirements, operation plans, competitive analysis, financial analysis and the like, and on the basis, the investment risk is objectively and fairly evaluated from the perspective of a third party.
At present, when an existing account system is used, risk assessment is not perfect enough, an account which is possibly abnormal cannot be monitored, whether the risk of embezzlement by a hacker exists or not cannot be judged according to operation behaviors, certain loss is caused to a user, the account cannot be locked timely, and further loss cannot be prevented timely.
Therefore, it is necessary to provide an account risk evaluation method based on event tracking to solve the above technical problems.
Disclosure of Invention
In order to solve the technical problems, the invention provides an account risk evaluation method based on event tracking, which can lock an account in time and prevent loss in time.
The account risk evaluation method based on event tracking provided by the invention comprises the following steps:
s1, acquiring an IP address when the account logs in;
s2, obtaining operation records after account login;
and S3, comparing operation records after the account is logged in, and monitoring the account which may have abnormity.
In order to achieve the effect of conveniently obtaining the identification number of the user login device and the login information such as the login mobile phone number, the step S1 further includes obtaining the identification number of the user login device and the login information such as the login mobile phone number, which are used for tracking the event.
In order to achieve the effect of conveniently determining whether the account is the login information used once, the login information is used for determining whether the account is the login information used once, and the comparison of the login information is carried out.
In order to achieve the effect of conveniently judging the login information, the step S1 judges the login information, and when the login information is not the login information used once, monitors and records the operation record of the account for each service in real time.
In order to achieve the effect of facilitating the retrieval of the account of the login information, in step S1, the account of the login information is retrieved, and the operation history of the account for each service is retrieved.
In order to achieve the effect of conveniently calling the login information of the account, the login information of the called account comprises operation gestures, input instructions and other operation instruction record information of a user.
In order to achieve the effect of facilitating the acquisition of the operation history, the operation history is acquired in step S2, and the current operation record is acquired at the same time.
In order to achieve the effect of conveniently comparing the current operation record with the historical record, the current operation record and the historical record are obtained for comparing before and after to obtain the operation similarity.
In order to achieve the effect of conveniently sending out the account safety early warning and locking the account, in the operation similarity, when the operation similarity is lower than a preset safety threshold, the account safety early warning can be sent out and the account is locked.
In order to achieve the effect of conveniently analyzing and comparing the acquired data, the step S3 further includes a data analyzing module and a comparing module, which are used for analyzing and comparing the acquired data, so as to prevent the account from being lost.
Compared with the related technology, the account risk evaluation method based on event tracking provided by the invention has the following beneficial effects:
1. the invention realizes monitoring the account which may be abnormal by obtaining the login information such as IP address, login equipment identification number and login mobile phone number when the account is logged in, then determining whether the account is the login information which is used once according to the login information, monitoring and recording the operation record of the account for each service in real time when the account is not the login information which is used once, calling the operation history record of the account for each service, which can contain the operation gesture, input instruction and other operation instruction record information of the user, comparing the operation history record with the current operation record to obtain the operation similarity, when the operation similarity is lower than the preset safety threshold, sending out the account safety early warning, and locking the account immediately, and locking the account in time when the risk of being stolen by a hacker is judged according to the operation behavior to prevent loss, the problem that when the existing account system is used, risk assessment is not perfect enough, an account which is possibly abnormal cannot be monitored, whether the risk of being embezzled by a hacker exists or not cannot be judged according to operation behaviors, certain loss is caused to a user, the account cannot be locked in time, and loss cannot be prevented in time is solved;
2. the invention can conveniently monitor the user when logging in by acquiring the login information such as the identification number of the user login equipment, the login mobile phone number and the like, and tracks the operation event of the user during logging in, thereby being convenient for improving the account security of the user, and the obtained login information is used for determining whether the account is the login information used once, so that comparison with historical login information is facilitated, judgment of the case is facilitated, meanwhile, when the judgment result is not the login information used once, the operation record of the account for each service is monitored and recorded in real time, and simultaneously, the account of the login information is called, the operation history of each service of the account is called, the operation behavior event of the user is conveniently monitored, if the operation behavior event is abnormal, the control can be carried out in time, and the login information of the account is called, wherein the login information comprises the operation gesture of the user. Inputting an instruction and other operation instruction record information to facilitate event tracking, simultaneously acquiring an operation history record, simultaneously acquiring a current operation record, comparing the acquired current operation record with the history record in a front-back manner to obtain operation similarity, in the obtained operation similarity, when the operation similarity is lower than a preset safety threshold, giving an account safety early warning to further lock the account and improve the account safety, in step S3, a data analysis module and a comparison module are included to analyze and compare the acquired data and prevent the account from losing, the acquired data can be analyzed and processed through the set analysis module, and simultaneously the obtained current acquisition information and the history information can be compared through the set amount comparison module to further realize real-time tracking of the user on the login operation event, the security of the user account is improved, the user account is prevented from being stolen, and the benefit of the user is guaranteed.
Drawings
Fig. 1 is a flowchart of a method of an account risk assessment method based on event tracking according to a preferred embodiment of the present invention.
Detailed Description
The invention is further described with reference to the following figures and embodiments.
Please refer to fig. 1 in combination, wherein fig. 1 is a flowchart illustrating a method of an account risk evaluation method based on event tracking according to a preferred embodiment of the present invention. The account risk evaluation method based on event tracking comprises the following steps:
s1, acquiring an IP address when the account logs in;
s2, obtaining operation records after account login;
and S3, comparing operation records after the account is logged in, and monitoring the account which may have abnormity.
In a specific implementation process, as shown in fig. 1, step S1 further includes acquiring a login information such as a user login device identification number and a login mobile phone number, for event tracking.
The login information is used for determining whether the account is the login information used once or not, and is used for comparing the login information.
Step S1 judges the login information, and when the login information is not the login information used once, monitors and records the operation record of the account for each service in real time.
In step S1, an account of the login information is called, and an operation history of the account for each service is called.
It should be noted that: the method and the device have the advantages that the login information such as the identification number of the user login equipment and the login mobile phone number is acquired, the user can be monitored conveniently during login, the operation events of the user during login are tracked, the account safety of the user is improved conveniently, the login information is acquired and then used for determining whether the account is the login information used once, the comparison with the historical login information is facilitated, the case judgment is facilitated, meanwhile, when the judgment result is not the login information used once, the operation records of the account on each service subsequently are monitored and recorded in real time, meanwhile, the account of the login information is called, the operation historical record of the account on each service is called, the operation behavior event of the user is monitored conveniently, and if the abnormal condition occurs, the control can be carried out timely.
Referring to fig. 1, the login information of the account to be called includes an operation gesture, an input instruction, and other operation instruction record information of the user.
In step S2, the operation history is acquired, and the current operation record is acquired.
And obtaining the current operation record and comparing the current operation record with the historical record before and after so as to obtain the operation similarity.
In the operation similarity, when the operation similarity is lower than a preset safety threshold, an account safety early warning can be sent out, and the account is locked.
It should be noted that: the login information of the called account includes an operation gesture of the user. The method has the advantages that the method can conveniently track events by inputting instructions and other operation instruction record information, meanwhile obtains operation history records, simultaneously obtains current operation records, and compares the obtained current operation records with the history records in a front-back mode to obtain operation similarity.
Referring to fig. 1, step S3 further includes a data analysis module and a comparison module, which are used to analyze and compare the acquired data to prevent loss of the account.
It should be noted that: in step S3, the data analysis module and the comparison module are included for analyzing and comparing the acquired data to prevent loss of the account, the acquired data can be analyzed and processed by the set analysis module, and the obtained current acquisition information and the history information can be compared by the set amount comparison module, so as to realize real-time tracking of the user on the login operation event, improve the security of the user account, prevent the user account from being stolen, and ensure the benefit of the user.
The working principle of the account risk evaluation method based on event tracking provided by the invention is as follows:
the method comprises the steps of obtaining an IP address, a login equipment identification number, a login mobile phone number and other login information when an account is logged in, determining whether the login information is used by the account or not according to the login information, monitoring and recording operation records of the account on various services in real time when the login information is not used by the account, calling an operation history record of the account on each service, wherein the operation history record can contain operation gestures, input instructions and other operation instruction record information of a user, comparing the operation history record with the current operation record to obtain operation similarity, sending an account security early warning when the operation similarity is lower than a preset security threshold, immediately locking the account, monitoring the account which possibly has abnormality, timely locking when the operation behavior is judged that the account is stolen by a hacker, and preventing loss, the login information such as the identification number of the user login equipment, the login mobile phone number and the like is acquired, so that the user can be conveniently monitored during login, and tracks the operation event of the user during logging in, thereby being convenient for improving the account security of the user, and the obtained login information is used for determining whether the account is the login information used once, so that comparison with historical login information is facilitated, judgment of the case is facilitated, meanwhile, when the judgment result is not the login information used once, the operation record of the account for each service is monitored and recorded in real time, and simultaneously, the account of the login information is called, the operation history of each service of the account is called, the operation behavior event of the user is conveniently monitored, if the operation behavior event is abnormal, the control can be carried out in time, and the login information of the account is called, wherein the login information comprises the operation gesture of the user. Inputting an instruction and other operation instruction record information to facilitate event tracking, simultaneously acquiring an operation history record, simultaneously acquiring a current operation record, comparing the acquired current operation record with the history record in a front-back manner to obtain operation similarity, in the obtained operation similarity, when the operation similarity is lower than a preset safety threshold, giving an account safety early warning to further lock the account and improve the account safety, in step S3, a data analysis module and a comparison module are included to analyze and compare the acquired data and prevent the account from losing, the acquired data can be analyzed and processed through the set analysis module, and simultaneously the obtained current acquisition information and the history information can be compared through the set amount comparison module to further realize real-time tracking of the user on the login operation event, the method and the system improve the security of the user account, avoid the user account from being stolen, ensure the benefits of the user, and solve the problems that when the existing account system is used, the risk assessment is not perfect enough, the account which is possibly abnormal can not be monitored, whether the risk of being embezzled by a hacker exists can not be judged according to the operation behavior, certain loss is caused to the user, the account can not be locked timely, and further the loss can not be prevented timely.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. An account risk evaluation method based on event tracking is characterized by comprising the following steps:
s1, acquiring an IP address when the account logs in;
s2, obtaining operation records after account login;
and S3, comparing operation records after the account is logged in, and monitoring the account which may have abnormity.
2. The account risk assessment method based on event tracking as claimed in claim 1, wherein the step S1 further includes obtaining login information such as a user login device identification number and a login mobile phone number for event tracking.
3. The account risk assessment method based on event tracking as claimed in claim 2, wherein the login information is used to determine whether the account is the login information used once, and is used for comparing the login information.
4. The account risk assessment method based on event tracking as claimed in claim 1, wherein the step S1 is implemented by determining login information, and when the login information is not used once, monitoring and recording the operation record of the account for each subsequent transaction in real time.
5. The account risk assessment method based on event tracking according to claim 1, wherein in step S1, an account of login information is called, and an operation history of each service of the account is called.
6. The account risk assessment method based on event tracking as claimed in claim 5, wherein the login information of the called account comprises user's operation gesture, input instruction and other operation instruction record information.
7. The account risk assessment method based on event tracking according to claim 1, wherein the operation history record is obtained in step S2, and the current operation record is obtained at the same time.
8. The account risk assessment method based on event tracking according to claim 7, wherein the current operation record is obtained and compared with the historical record before and after obtaining, so as to obtain the operation similarity.
9. The account risk evaluation method based on event tracking according to claim 8, wherein in the operation similarity, when the operation similarity is lower than a preset safety threshold, an account safety early warning can be sent out, and the account is locked.
10. The account risk assessment method based on event tracking according to claim 1, wherein the step S3 further comprises a data analysis module and a comparison module, for analyzing and comparing the obtained data, so as to prevent account loss.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111466557.0A CN114172717A (en) | 2021-12-03 | 2021-12-03 | Account risk evaluation method based on event tracking |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111466557.0A CN114172717A (en) | 2021-12-03 | 2021-12-03 | Account risk evaluation method based on event tracking |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114172717A true CN114172717A (en) | 2022-03-11 |
Family
ID=80483130
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111466557.0A Pending CN114172717A (en) | 2021-12-03 | 2021-12-03 | Account risk evaluation method based on event tracking |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114172717A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114896615A (en) * | 2022-05-19 | 2022-08-12 | 广西泛华于成信息科技有限公司 | Data security access system based on big data |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004013721A2 (en) * | 2002-08-02 | 2004-02-12 | First Data Corporation | Methods and systems to identify and control payment fraud |
CN103532797A (en) * | 2013-11-06 | 2014-01-22 | 网之易信息技术(北京)有限公司 | Abnormity monitoring method and device for user registration |
CN105897683A (en) * | 2015-12-14 | 2016-08-24 | 乐视网信息技术(北京)股份有限公司 | Account management method and system |
CN106251214A (en) * | 2016-08-02 | 2016-12-21 | 东软集团股份有限公司 | account monitoring method and device |
WO2018019243A1 (en) * | 2016-07-28 | 2018-02-01 | 腾讯科技(深圳)有限公司 | Verification method, apparatus and device, and storage medium |
CN107911396A (en) * | 2017-12-30 | 2018-04-13 | 世纪龙信息网络有限责任公司 | Log in method for detecting abnormality and system |
CN112417439A (en) * | 2019-08-21 | 2021-02-26 | 北京达佳互联信息技术有限公司 | Account detection method, device, server and storage medium |
CN112491875A (en) * | 2020-11-26 | 2021-03-12 | 四川长虹电器股份有限公司 | Intelligent tracking safety detection method and system based on account system |
-
2021
- 2021-12-03 CN CN202111466557.0A patent/CN114172717A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004013721A2 (en) * | 2002-08-02 | 2004-02-12 | First Data Corporation | Methods and systems to identify and control payment fraud |
CN103532797A (en) * | 2013-11-06 | 2014-01-22 | 网之易信息技术(北京)有限公司 | Abnormity monitoring method and device for user registration |
CN105897683A (en) * | 2015-12-14 | 2016-08-24 | 乐视网信息技术(北京)股份有限公司 | Account management method and system |
WO2018019243A1 (en) * | 2016-07-28 | 2018-02-01 | 腾讯科技(深圳)有限公司 | Verification method, apparatus and device, and storage medium |
CN106251214A (en) * | 2016-08-02 | 2016-12-21 | 东软集团股份有限公司 | account monitoring method and device |
CN107911396A (en) * | 2017-12-30 | 2018-04-13 | 世纪龙信息网络有限责任公司 | Log in method for detecting abnormality and system |
CN112417439A (en) * | 2019-08-21 | 2021-02-26 | 北京达佳互联信息技术有限公司 | Account detection method, device, server and storage medium |
CN112491875A (en) * | 2020-11-26 | 2021-03-12 | 四川长虹电器股份有限公司 | Intelligent tracking safety detection method and system based on account system |
Non-Patent Citations (2)
Title |
---|
JING TAO; WANER WANG; NING ZHENG; TING HAN; YUE CHANG; XUNA ZHAN: "An Abnormal Login Detection Method Based on Multi-source Log Fusion Analysis", 2019 IEEE INTERNATIONAL CONFERENCE ON BIG KNOWLEDGE (ICBK) * |
姚伟;: "业务系统异常行为检测", 邮电设计技术, no. 01 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114896615A (en) * | 2022-05-19 | 2022-08-12 | 广西泛华于成信息科技有限公司 | Data security access system based on big data |
CN114896615B (en) * | 2022-05-19 | 2023-03-28 | 厦门智宇信息技术有限公司 | Data security access system based on big data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9280661B2 (en) | System administrator behavior analysis | |
Wang et al. | Research note—A value-at-risk approach to information security investment | |
US20190342341A1 (en) | Information technology governance and controls methods and apparatuses | |
Lunt | IDES: An intelligent system for detecting intruders | |
CN108520464B (en) | Real-time automatic supervision reporting system based on traditional block chain | |
CN106330919A (en) | Operation and maintenance safety auditing method and system | |
US20150213276A1 (en) | Addrressable smart agent data structures | |
CN103413088B (en) | A kind of computer document operation safety auditing system | |
US20040167793A1 (en) | Network monitoring method for information system, operational risk evaluation method, service business performing method, and insurance business managing method | |
KR100755000B1 (en) | Security risk management system and method | |
KR20070039478A (en) | Database user behavior monitor system and method | |
Claycomb et al. | Chronological examination of insider threat sabotage: Preliminary observations. | |
CN114172717A (en) | Account risk evaluation method based on event tracking | |
US11899784B2 (en) | Addressable smart agent data technology to detect unauthorized transaction activity | |
CN117240594A (en) | Multi-dimensional network security operation and maintenance protection management system and method | |
Torres | Incident response: How to fight back | |
Ahmad | The forensic chain of evidence model: Improving the process of evidence collection in incident handling procedures | |
US20090234827A1 (en) | Citizenship fraud targeting system | |
CN114140124A (en) | Account risk assessment method based on account behaviors | |
KR101137498B1 (en) | Maintenance system for IT security property and method therefor | |
CN111754054A (en) | Intelligent security management platform, method, medium and device based on active perception | |
Sievierinov et al. | Enterprise Security Operations Center | |
Jiang et al. | System monitoring with metric-correlation models | |
US11645603B1 (en) | Computer system for automatic alert assessment | |
CN114490261A (en) | Terminal security event linkage processing method, device and equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |