CN114238959A - User access behavior evaluation method and system based on zero-trust security system - Google Patents

User access behavior evaluation method and system based on zero-trust security system Download PDF

Info

Publication number
CN114238959A
CN114238959A CN202111535695.XA CN202111535695A CN114238959A CN 114238959 A CN114238959 A CN 114238959A CN 202111535695 A CN202111535695 A CN 202111535695A CN 114238959 A CN114238959 A CN 114238959A
Authority
CN
China
Prior art keywords
user
action
behavior
risk
trust
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111535695.XA
Other languages
Chinese (zh)
Inventor
郭倜颖
刘伟超
陈远旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN202111535695.XA priority Critical patent/CN114238959A/en
Publication of CN114238959A publication Critical patent/CN114238959A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures

Abstract

The invention relates to artificial intelligence, and provides a user access behavior evaluation method based on a zero-trust security system, which comprises the steps of obtaining the access behavior of a user; performing risk assessment and credit assessment on each action item in the user login action set and the user access action set, and obtaining a behavior score corresponding to the action item and a total behavior score of user access behaviors; screening high-risk behaviors of the user according to the total behavior score, a preset user risk threshold value and a user trust threshold value; performing a limiting operation on the user high-risk behavior; according to the invention, technical improvement is carried out on a traditional Internet of things equipment platform, so that the user behavior is evaluated, the high-risk user behavior is blocked through risk evaluation of the user behavior, and the technical effect of reducing network attacks is achieved.

Description

User access behavior evaluation method and system based on zero-trust security system
Technical Field
The invention relates to the technical field of artificial intelligence, in particular to a user access behavior evaluation method and system based on a zero-trust security system, electronic equipment and a storage medium.
Background
Today, network technology has become a basic service for supporting social operation, and network attacks are developed along with the basic service and bring huge security threats. The network attack is becoming more complex through long-term development, and is active in different main networks such as social networks and computer networks, and is spread in a large scale along with the interconnection of everything and the increase of the internet speed. The existing network attack research mainly uses an attack graph to search for vulnerable nodes and paths in a network, so that improvement is performed in the aspect of network security conditions, and the effect of avoiding network attack is further achieved. However, there are disadvantages as follows: risk assessment of user behavior is lacking, and further, a method for reasonably blocking user behavior with a high risk level is lacking.
Therefore, a user access behavior evaluation method based on a zero-trust security system, which is accurate and effective in reducing network attacks, is needed.
Disclosure of Invention
The invention provides a user access behavior evaluation method, a user access behavior evaluation system, electronic equipment and a computer readable storage medium based on a zero trust security system, which are used for solving the problem that a method for reasonably blocking user behaviors with high risk levels is lacked in the prior art.
In order to achieve the above object, the present invention provides a user access behavior evaluation method based on a zero trust security system, the method comprising:
acquiring an access behavior of a user; the access behavior of the user comprises a user login action set and a user access action set;
respectively carrying out risk judgment and trust judgment on behaviors on each action item in the user login action set and the user access action set; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items; wherein the behavior score comprises a risk score for the behavior and a credit score for the behavior;
obtaining a total behavior score of the user access behavior by using the behavior score corresponding to each action item in the user login action set and the behavior score corresponding to each action item in the user access action set; screening high-risk behaviors of the user according to the total behavior score, a preset user risk threshold value and a user trust threshold value;
and executing a limiting operation on the high-risk behavior of the user.
Further, preferably, the action items of the user login action set include:
whether the device ID used for logging in is a new ID; the login times required by the successful login of the equipment ID and the number of login user names corresponding to the equipment ID; the user accessing the action items of the action set comprises: the user using time, the user operating frequency, the relevance of the user downloading files and the existence of information change behaviors.
Further, preferably, the device ID data of the user is acquired and stored through the behavior information of the user login; the behavior information of the user login is obtained through login information input when the user logs in; the device ID data of the user includes a request time for the device ID to access the server;
comparing the acquired request time of the equipment ID for accessing the server with the login records stored in a database, and acquiring the login times required by successful login of the equipment ID;
performing risk judgment and trust judgment of the behavior according to the login times required by successful login of the equipment ID;
if the login times required by the successful login of the equipment ID are larger than a set login time threshold, judging that the action item of the equipment ID is a risk action, and performing risk scoring of the action according to a preset risk action scoring rule;
and if the occurrence frequency of the equipment ID is smaller than a set login frequency threshold value, judging that the action item of the equipment ID is a trust action, and performing trust scoring of the behavior according to a preset trust action scoring rule.
Further, it is preferable that the risk determination of the behavior and the trust determination of the behavior are performed on the action item whether the device ID for login is the new ID; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items, wherein the steps comprise:
acquiring and storing the equipment ID data of the user through the behavior information of user login; the behavior information of the user login is obtained through login information input when the user logs in; the device ID data of the user comprises a device ID and request time when the device ID logs in;
comparing the obtained equipment ID with the equipment ID in the login record stored in the database to obtain the occurrence frequency of the equipment ID;
performing risk judgment and trust judgment of the behavior according to the occurrence number of the equipment ID;
if the occurrence frequency of the equipment ID is zero, judging that the equipment ID is a new ID, the action item is a risk action, and performing risk scoring of the action according to a preset risk action scoring rule;
and if the occurrence frequency of the equipment ID is more than or equal to 1, judging that the equipment ID is a trustable ID, and the action item is a trust action, and performing trust scoring of the behavior according to a preset trust action scoring rule.
Further, preferably, the risk judgment and the trust judgment of the behavior are performed on the action items of the user name number corresponding to the device ID; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items, wherein the steps comprise:
acquiring and storing the equipment ID data of the user through the behavior information of user login; the behavior information of the user login is obtained through login information input when the user logs in; the device ID data of the user comprises a login user name corresponding to the device ID;
comparing the obtained login user name corresponding to the equipment ID with the login user name corresponding to the equipment ID in the login record stored in a database, and obtaining the number of the login user names corresponding to the equipment ID;
performing risk judgment and trust judgment of behaviors according to the number of login user names of the equipment ID;
if the number of login user names of the equipment ID is larger than 3, judging that the action item is a risk action, and performing risk scoring of the action according to a preset risk action scoring rule;
and if the number of login user names of the equipment ID is less than or equal to 3, judging that the action item is a trust action, and performing trust scoring of the action according to a preset trust action scoring rule.
Further, preferably, the risk judgment and the trust judgment of the behavior are performed on the action items of the user operation frequency; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items, wherein the steps comprise:
acquiring and storing the operating frequency of the user through the behavior information accessed by the user; the behavior information accessed by the user is obtained through an access operation request sent when the user accesses; the operation frequency of the user comprises a screenshot frequency and a downloading frequency;
performing behavior risk judgment and behavior trust judgment on the operation frequency of the user according to a preset screenshot frequency threshold and a preset downloading frequency threshold;
if the operation frequency of the user is greater than a preset screenshot frequency threshold or a preset downloading frequency threshold, judging the action item to be a risk action, and scoring the risk of the action according to a preset risk action scoring rule;
and if the operation frequency of the user is less than a preset screenshot frequency threshold or a preset downloading frequency threshold, judging the action item to be a trust action, and performing trust scoring of the action according to a preset trust action scoring rule.
Further, preferably, the risk judgment and the trust judgment of the behavior are performed on the action items of the relevance of the file downloaded by the user; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items, wherein the steps comprise:
acquiring and storing data of a file downloaded by a user through behavior information accessed by the user; the behavior information accessed by the user is obtained through an access operation request sent when the user accesses; the data of the user downloaded file comprises a file name of the user downloaded file named according to the classification attribute;
judging the association degree of the user downloaded file according to whether the file name of the user downloaded file belongs to the same category;
performing risk judgment and trust judgment of behaviors on the relevance of the user downloaded files according to the preset relevance threshold;
if the relevance of the file downloaded by the user is smaller than the preset relevance threshold, judging the action item to be a risk action, and performing risk scoring of the action according to a preset risk action scoring rule;
and if the relevance of the file downloaded by the user is greater than the preset relevance threshold, judging the action item as a trust action, and performing trust scoring of the action according to a preset trust action scoring rule.
In order to solve the above problem, the present invention further provides a user access behavior evaluation system based on a zero trust security system, where the system includes:
the access behavior acquisition unit of the user is used for acquiring the access behavior of the user; the access behavior of the user comprises a user login action set and a user access action set;
the action item scoring unit is used for respectively carrying out action risk judgment and action trust judgment on each action item in the user login action set and the user access action set; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items; wherein the behavior score comprises a risk score for the behavior and a credit score for the behavior;
the high-risk behavior screening unit is used for obtaining the total behavior score of the user access behavior by utilizing the behavior score corresponding to each action item in the user login action set and the behavior score corresponding to each action item in the user access action set; screening high-risk behaviors of the user according to the total behavior score, a preset user risk threshold value and a user trust threshold value;
and the user high-risk behavior limiting execution unit is used for executing limiting operation on the user high-risk behavior.
In order to solve the above problem, the present invention also provides an electronic device, including:
a memory storing at least one instruction; and
and the processor executes the instructions stored in the memory to realize the steps in the user access behavior evaluation method based on the zero-trust security system.
In order to solve the above problem, the present invention further provides a computer-readable storage medium, where at least one instruction is stored, and the at least one instruction is executed by a processor in an electronic device to implement the zero-trust security system-based user access behavior evaluation method described above.
According to the user access behavior evaluation method, the user access behavior evaluation system, the electronic equipment and the storage medium based on the zero trust security system, the access behavior of the user is obtained; respectively carrying out risk judgment and trust judgment on behaviors on each action item in the user login action set and the user access action set; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items; wherein the behavior score comprises a risk score for the behavior and a credit score for the behavior; obtaining a total behavior score of the user access behavior by using the behavior score corresponding to each action item in the user login action set and the behavior score corresponding to each action item in the user access action set; screening high-risk behaviors of the user according to the total behavior score, a preset user risk threshold value and a user trust threshold value; performing a limiting operation on the user high-risk behavior; according to the invention, technical improvement is carried out on a traditional Internet of things equipment platform, so that the user behavior is evaluated, the high-risk user behavior is blocked through risk evaluation of the user behavior, and the technical effect of reducing network attacks is achieved.
Drawings
Fig. 1 is a schematic flowchart of a user access behavior evaluation method based on a zero-trust security system according to an embodiment of the present invention;
fig. 2 is a schematic block diagram of a user access behavior evaluation system based on a zero-trust security system according to an embodiment of the present invention;
fig. 3 is a schematic internal structural diagram of an electronic device implementing a user access behavior evaluation method based on a zero-trust security system according to an embodiment of the present invention;
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, a schematic flow chart of a user access behavior evaluation method based on a zero-trust security system according to an embodiment of the present invention is shown. The method can be executed by a system, which can be implemented by software and/or hardware, and is particularly suitable for a risk assessment link of user behaviors.
In this embodiment, the user access behavior evaluation method based on the zero trust security system includes steps S110 to S140:
s110, obtaining access behaviors of a user; the access behavior of the user comprises a user login action set and a user access action set.
It should be noted that the execution subject of the method for acquiring the access behavior of the user in this embodiment may be a hardware device with data information processing capability and/or necessary software required for driving the hardware device to operate. Alternatively, the execution body may include a workstation, a server, a computer, a user terminal and other intelligent devices. The user terminal includes, but is not limited to, a mobile phone, a computer, an intelligent voice interaction device, an intelligent household appliance, a vehicle-mounted terminal, and the like. That is, the access behavior of the user may be utilized for risk assessment as well as trust assessment. Specifically, the access behavior of the user includes a user login action set and a user access action set. And the evaluation on the user login action set and the user access action set can be performed from four basic elements of time, place, visitor and access behavior.
The server may be an independent server, or may be a cloud server that provides basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a Content Delivery Network (CDN), and a big data and artificial intelligence platform.
In the prior art, the login of a user occurs in the user login process, and the user inputs information required by login through a web page; the web page sends the verification information to the back-end application; the back-end application compares the login information with the content in the database and feeds back the comparison result to the web front end; if the comparison fails, guiding the user to input the verification information again; if the comparison is successful, the user enters the system. The behavior data accessed by the user is stored in the web page server, and the web page server is a server for receiving the web page access request, and may be a cloud or a local server.
The current server sends a webpage access data acquisition request to the webpage server in order to monitor user access, and the webpage access data, and/or webpage sharing data, and/or webpage data are counted according to specific data carried in the webpage access data acquisition request response. The webpage access data acquisition request is sent by the current server, and the request carries specific data to be acquired, such as the number of users accessing a certain website and the like. Taking a common company management system as an example, the management system of a company is deployed on a back-end server, and the internal members log in and use the company management system through different subsystems of a web front-end page, a desktop application and a mobile phone APP access management system. For example, the human resource management entry corresponds to functional modules such as human resources and employee benefits; the IT system corresponds to modules such as software service, authority application and the like; the financial system corresponds to modules such as budget, reimbursement, department cost statistics and the like.
S120, respectively carrying out risk judgment and trust judgment on behaviors on each action item in the user login action set and the user access action set; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items; wherein the behavior score comprises a risk score for the behavior and a credit score for the behavior.
In particular, various action items in the user login action set and the user access action set need to be rated, and various actions are rated as risk actions or trustworthy actions. Wherein, the action item can be, but is not limited to, web page access data, and/or web page sharing data, and/or web page data, the web page access data can also include pv data and uv data, such as ten-minute visit amount, hourly visit amount, daily visit amount, visit total amount, visit pv of each region, visit pv of each device and the like, the webpage sharing data also comprises hourly share amount, daily share amount, share total amount, share destination, propagation level and the like, the propagation level is visit pv and uv amount corresponding to each sharing level, the web page data may also include page access depth information, page access duration, page drain rate, page element click, web id, terminal device number, terminal device information, terminal location information, reading source information, sharing level information, and the like, which is not specifically limited in the embodiment of the present invention.
In a specific embodiment, the action items of the user login action set include: whether the device ID used for logging in is a new ID; the login times required by successful login of the equipment ID and the number of login user names corresponding to the equipment ID.
In a specific embodiment, the accessing of the action item of the action set by the user includes: the user using time, the user operating frequency, the relevance of the user downloading files and the existence of information change behaviors.
Taking whether an action item of a user login action set is a device ID for login as a new ID or not as an example, that is, performing risk judgment and trust judgment on the action of whether the device ID for login is the new ID or not; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items, wherein the steps comprise:
s1211, obtaining and storing the equipment ID data of the user through the behavior information of user login; the behavior information of the user login is obtained through login information input when the user logs in; the device ID data of the user comprises a device ID and request time when the device ID logs in;
s1212, comparing the obtained equipment ID with the equipment ID in the login record stored in the database, and obtaining the occurrence frequency of the equipment ID;
s1213, performing risk judgment and trust judgment of the behavior according to the occurrence number of the equipment ID; if the occurrence frequency of the equipment ID is zero, judging that the equipment ID is a new ID, the action item is a risk action, and performing risk scoring of the action according to a preset risk action scoring rule; and if the occurrence frequency of the equipment ID is more than or equal to 1, judging that the equipment ID is a trustable ID, and the action item is a trust action, and performing trust scoring of the behavior according to a preset trust action scoring rule.
Taking the number of user names corresponding to the device ID as the action items of the user login action set as an example, that is, performing risk judgment and trust judgment on the action items of the number of user names corresponding to the device ID; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items, wherein the steps comprise:
s1221, acquiring and storing the equipment ID data of the user through the login behavior information of the user; the behavior information of the user login is obtained through login information input when the user logs in; the device ID data of the user comprises a login user name corresponding to the device ID;
s1222, comparing the login user name corresponding to the obtained device ID with the login user name corresponding to the device ID in the login record stored in the database, and obtaining the number of the login user names corresponding to the device ID;
s1223, performing risk judgment and trust judgment of behaviors according to the number of login user names of the equipment ID; if the number of login user names of the equipment ID is larger than 3, judging that the action item is a risk action, and performing risk scoring of the action according to a preset risk action scoring rule; and if the number of login user names of the equipment ID is less than or equal to 3, judging that the action item is a trust action, and performing trust scoring of the action according to a preset trust action scoring rule.
Taking an action item of a user access action set as a user operation frequency as an example, namely performing risk judgment and trust judgment on the action item of the user operation frequency; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items, wherein the steps comprise:
s1231, acquiring and storing the operation frequency of the user through the behavior information accessed by the user; the behavior information accessed by the user is obtained through an access operation request sent when the user accesses; the operation frequency of the user comprises a screenshot frequency and a downloading frequency;
s1232, performing risk judgment and trust judgment of behaviors on the operation frequency of the user according to a preset screenshot frequency threshold and a preset downloading frequency threshold;
s1233, if the operation frequency of the user is greater than a preset screenshot frequency threshold or a preset downloading frequency threshold, judging that the action item is a risk action, and performing risk scoring of the action according to a preset risk action scoring rule; and if the operation frequency of the user is less than a preset screenshot frequency threshold or a preset downloading frequency threshold, judging the action item to be a trust action, and performing trust scoring of the action according to a preset trust action scoring rule. That is, the screenshot and the downloading action of the user appearing on the section of the data table, the user information, the statistical information and the like are counted; then comparing the screenshot frequency and the downloading frequency with respectively set frequency thresholds, and evaluating the action of which the screenshot frequency is greater than the screenshot frequency threshold and the downloading frequency is greater than the downloading frequency threshold as a risk action; evaluating the action of which the screenshot frequency is less than the screenshot frequency threshold and the downloading frequency is less than the downloading frequency threshold as a trusted action; it should be noted that the preset screenshot frequency threshold may be 100 times or 50 times, or the preset screenshot frequency is more than 1 minute/frame and appears continuously for 5 minutes; and the preset download frequency is 5 times per minute or 10 times per minute. The actual preset screenshot frequency threshold and the download frequency threshold need to be set according to the actual application scenario, and are not specifically limited herein.
Taking the association degree of the action items of the user access action set as the user download files as an example, that is, performing risk judgment and trust judgment on the actions of the action items of the association degree of the user download files; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items, wherein the steps comprise:
s1241, acquiring and storing data of the file downloaded by the user through behavior information accessed by the user; the behavior information accessed by the user is obtained through an access operation request sent when the user accesses; the data of the user downloaded file comprises a file name of the user downloaded file named according to the classification attribute;
s1242, judging the association degree of the user downloaded file according to whether the file name of the user downloaded file belongs to the same category;
s1243, performing risk judgment and trust judgment of behaviors on the relevance of the user downloaded file according to the preset relevance threshold; if the relevance of the file downloaded by the user is smaller than the preset relevance threshold, judging the action item to be a risk action, and performing risk scoring of the action according to a preset risk action scoring rule; and if the relevance of the file downloaded by the user is greater than the preset relevance threshold, judging the action item as a trust action, and performing trust scoring of the action according to a preset trust action scoring rule. It should be noted that, for the same system, the background uniformly defines the file storage naming mode, for example, a financial system, and for the cost data files of the same department, names are given according to the department number, date and classification mode; if the part of the serial number, the classification and the like is overlapped in the naming of the file, the file is regarded as a file with larger relevance; otherwise, the file is a file with low relevance.
In short, the determination of the risk behavior and the determination rule of the trust behavior need to be set according to the actual application scenario. For example, the login behavior of the device ID which is frequently logged in is set as a trust action; setting a trust action for the login action of one-time successful login; and setting the login action of one device ID corresponding to one user name as a trust action. On the contrary, the login behavior of the device ID appearing for the first time is set as a risk action; setting the login action for successfully logging in after logging in for multiple times as a risk action; the risk operation is set for the login operation in which one device ID corresponds to a plurality of user names.
And performing risk assessment and credit assessment on the behaviors according to the risk assessment and trust assessment results of the behaviors, and obtaining behavior scores of the users, wherein the behavior scores of the users comprise risk scores and credit scores of the behaviors.
In a specific implementation process, the overall principle is that the risk score R and the trust score T are both 0. If the risk factors appear, accumulating the risk scores; and if the credible behavior occurs, accumulating the credible scores.
In a specific embodiment, whether the device ID used for login is a new ID, if the device ID never appears, the task is a brand new device; for the first login, the device is a new device since there is no ID stored in the database. If the device is judged to be a new device, adding 0.1R 11 to R; if not, then obtain the login number of device ID, otherwise T increases 0.1T 11.
Taking the login times required by successful login by taking the action items of the user login action set as the equipment ID in the user side scene as examples, acquiring and storing the equipment ID data of the user through the behavior information of the user login; the behavior information of the user login is obtained through login information input when the user logs in; the device ID data of the user includes a request time for the device ID to access the server; comparing the acquired request time of the equipment ID for accessing the server with the login records stored in a database, and acquiring the login times required by successful login of the equipment ID; performing risk judgment and trust judgment of the behavior according to the login times required by successful login of the equipment ID; if the login times required by the successful login of the equipment ID are larger than a set login time threshold, judging that the action item of the equipment ID is a risk action, and performing risk scoring of the action according to a preset risk action scoring rule; and if the occurrence frequency of the equipment ID is smaller than a set login frequency threshold value, judging that the action item of the equipment ID is a trust action, and performing trust scoring of the behavior according to a preset trust action scoring rule.
That is, the user enters the login interface and inputs the login information required by the system; the client sends an access request to the background server, and the content of the request comprises equipment ID information and login authentication information; each time the client accesses the server, the server caches the request time and the request ID within the set time (within 24 hours) in the database; and comparing the equipment ID, the request time corresponding to the equipment ID and the login verification information with records in a database, so that the login times of the equipment ID required for successfully entering the system within the set time can be obtained, and the login times of the equipment ID required for successfully entering the system within the set time can be obtained through the request times and the failure times stored in the database. If the user logs in successfully for the first time, T + 0.3T 12, increments by 0.1T 13 for each 1 increment. The user may try 3 times. If no log-in was possible for 3 times, then R + 0.1R 12.
Taking the action items of the user login action set as the number of user names corresponding to the equipment ID as an example, the scoring rule is as follows, if the ID is lower than that used by 3 users, the login request of the corresponding user is judged to be a trusted action; then T +0.3 × T31. If more than 3 users use the method, increasing users within the range of 1-10, R +0.1 n R31; r +0.2 (n-10) R31 for each 11-20 added users; for every 21-30 users added, R +0.3 (n-20) R31, and so on. Still taking the action item of the user access action set as the user operation frequency as an example, for example, if the screenshots appear in the cross section of the data table, the user information, the statistical information, etc., R +0.1 × R51, if the screenshots frequency is more than 1 minute/frame and continuously appear for 5 minutes, R +0.2 × R52 is taken once per screenshot. Taking the action items of the user login action set as the use time of the user as an example, firstly collecting the access request of the user, wherein the content of the access request comprises the use time of the user; comparing the use time of the user with a use time frequency threshold, and if the use time of the user exceeds the use time frequency threshold, judging the access request of the user as a risk action; t +0.1 × T41 if the user is using during the high frequency usage time; otherwise, R +0.1 × R41. Taking the action item of the user access action set as the association degree of the user downloading the file as an example, for example, if the file is continuously downloaded and the file association is not large, the number of downloads is below 10, and each time the download is increased by R +0.1 × R61; if more than 10 next weeks occur within 30 minutes, then every 1 download is added, R + 0.2R 62. Taking whether an action item of a user access action set has an information change behavior as an example, counting the information modification times in single login of the user; then, the information modification times in single login are compared with the modification time threshold values set respectively, and the action with the information modification times larger than the modification time threshold value in single login is evaluated as a risk action; the action with the information modification times smaller than the modification time threshold value in single login is judged as a trusted action; for example, if a user's single login only modifies information 1 time, then T +0.2 × T71; t +0.1 × T72 if the user modifies the information 2-3 times a single login; if the user modifies the information 3-10 times by single login, R + 0.1T 73 every time the information is modified; if the user modifies the information 10-20 times by single login, R + 0.2T 74 every 1 modification; if the user modifies the information 20-30 times in a single login, R + 0.3T 75 every 1 modification.
S130, obtaining a total behavior score of the user access behavior by utilizing the behavior scores corresponding to all the action items in the user login action set and the behavior scores corresponding to all the action items in the user access action set; and screening the high-risk behaviors of the user according to the total behavior score, a preset user risk threshold value and a user trust threshold value.
In a specific implementation process, the total behavior score of the user access behavior is the sum of scores of action items in the user login action set and action items in the user access action set. Of course, the total behavior score of the user access behavior still includes the total risk score of the user access behavior and the total credit score of the user access behavior; the total risk score of the user access behavior is equal to the sum of the risk scores of the action items in the user login action set and the sum of the risk scores of the action items in the user access action set. The total trust score of the user access behavior is equal to the sum of the trust scores of the action items in the user login action set and the sum of the trust scores of the action items in the user access action set. That is, the risk score and the trust scores R and T of the user are monitored in real time, and the risk values R _ threshold and T _ threshold of the two scores are set. The user risk threshold is R _ threshold and the user trust threshold is T _ threshold. In a particular embodiment, user high risk behavior is assessed when R > T _ threshold or R-T > T _ threshold.
And S140, executing limiting operation on the high-risk behaviors of the user.
And carrying out operations such as forced authentication, quitting, access limitation and the like on the user carrying out the high-risk behavior. That is, the restricting operation includes forced authentication, logout, or restricted access.
In a word, by using the user access behavior evaluation method based on the zero trust security system, the behavior of the user can be monitored in real time by using a risk scoring and trust scoring mode. The method can be applied to the scene of a zero trust scheme, enhanced identity authentication is carried out, and the risk of information and data leakage is reduced. Through the dynamic real-time evaluation strategy, the behavior of the user can be monitored in real time, measures for reducing risks can be taken in time, and the technical effect of effectively protecting information and data safety is achieved.
As shown in fig. 2, the present invention provides a user access behavior evaluation system 200 based on a zero trust security system, and the present invention can be installed in an electronic device. According to the implemented functions, the user access behavior evaluation system 200 based on the zero trust security system may include a user access behavior acquisition unit 210, an action item scoring unit 220, a high risk behavior screening unit 230, and a user high risk behavior limitation execution unit 240. The units of the invention, which may also be referred to as modules, are a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function and that are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
a user access behavior obtaining unit 210, configured to obtain an access behavior of a user; the access behavior of the user comprises a user login action set and a user access action set;
an action item scoring unit 220, configured to perform risk judgment and trust judgment on an action on each action item in the user login action set and the user access action set; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items; wherein the behavior score comprises a risk score for the behavior and a credit score for the behavior;
the high-risk behavior screening unit 230 is configured to obtain a total behavior score of the user access behavior by using the behavior score corresponding to each action item in the user login action set and the behavior score corresponding to each action item in the user access action set; screening high-risk behaviors of the user according to the total behavior score, a preset user risk threshold value and a user trust threshold value;
and the user high-risk behavior limiting execution unit 240 is used for executing limiting operation on the user high-risk behavior.
The user access behavior evaluation system 200 based on the zero trust security system can monitor the behavior of the user in real time by using a risk scoring and trust scoring mode. The method can be applied to the scene of a zero trust scheme, enhanced identity authentication is carried out, and the risk of information and data leakage is reduced. Through the dynamic real-time evaluation strategy, the behavior of the user can be monitored in real time, measures for reducing risks can be taken in time, and the technical effect of effectively protecting information and data safety is achieved.
As shown in fig. 3, the present invention provides an electronic device 3 of a user access behavior evaluation method based on a zero trust security system.
The electronic device 3 may comprise a processor 30, a memory 31 and a bus, and may further comprise a computer program stored in the memory 31 and executable on said processor 30, such as a user access behavior evaluation program 32 based on a zero trust security system. The memory 31 may also include both internal and external storage units of the artificial intelligence zero trust security system-based user access behavior evaluation system. The memory 31 may be used not only to store application software installed in the artificial intelligence assistance apparatus and various kinds of data, such as codes of the artificial intelligence assistance program, etc., but also to temporarily store data that has been output or is to be output.
The memory 31 includes at least one type of readable storage medium, which includes flash memory, removable hard disk, multimedia card, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 31 may in some embodiments be an internal storage unit of the electronic device 3, for example a removable hard disk of the electronic device 3. The memory 31 may also be an external storage device of the electronic device 3 in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device 3. Further, the memory 31 may also include both an internal storage unit and an external storage device of the electronic device 3. The memory 31 may be used not only to store application software installed in the electronic device 3 and various types of data, such as codes of a user access behavior evaluation program based on a zero trust security system, but also to temporarily store data that has been output or is to be output.
The processor 30 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 30 is a Control Unit of the electronic device, connects various components of the electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device 3 by running or executing programs or modules (e.g., a user access behavior evaluation program based on a zero trust security system, etc.) stored in the memory 31 and calling data stored in the memory 31.
The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. The bus is arranged to enable connection communication between the memory 31 and at least one processor 30 or the like.
Fig. 3 shows only an electronic device with components, and it will be understood by those skilled in the art that the structure shown in fig. 3 does not constitute a limitation of the electronic device 3, and may comprise fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
For example, although not shown, the electronic device 3 may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 30 through a power management system, so that functions such as charge management, discharge management, and power consumption management are implemented through the power management system. The power supply may also include any component of one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device 3 may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Further, the electronic device 3 may further include a network interface, and optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are generally used for establishing a communication connection between the electronic device 3 and other electronic devices.
Optionally, the electronic device 3 may further comprise a user interface, which may be a Display (Display), an input unit (such as a Keyboard), or optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the electronic device 3 and for displaying a visualized user interface.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
The memory 31 in the electronic device 3 stores a zero trust security system based user access behavior evaluation program 32 that is a combination of instructions that, when executed in the processor 30, may implement: acquiring an access behavior of a user; the access behavior of the user comprises a user login action set and a user access action set; respectively carrying out risk judgment and trust judgment on behaviors on each action item in the user login action set and the user access action set; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items; wherein the behavior score comprises a risk score for the behavior and a credit score for the behavior; obtaining a total behavior score of the user access behavior by using the behavior score corresponding to each action item in the user login action set and the behavior score corresponding to each action item in the user access action set; screening high-risk behaviors of the user according to the total behavior score, a preset user risk threshold value and a user trust threshold value; and executing a limiting operation on the high-risk behavior of the user.
Specifically, the processor 30 may refer to the description of the relevant steps in the embodiment corresponding to fig. 1 for a specific implementation method of the instruction, which is not described herein again. It is emphasized that, in order to further ensure the privacy and security of the user access behavior evaluation program based on the zero-trust security system, the database high-available processing data is stored in the node of the blockchain where the server cluster is located.
Further, the integrated modules/units of the electronic device 3, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. The computer-readable medium may include: any entity or system capable of carrying said computer program code, a recording medium, a usb-disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
An embodiment of the present invention further provides a computer-readable storage medium, where the storage medium may be nonvolatile or volatile, and the storage medium stores a computer program, and when the computer program is executed by a processor, the computer program implements: acquiring an access behavior of a user; the access behavior of the user comprises a user login action set and a user access action set; respectively carrying out risk judgment and trust judgment on behaviors on each action item in the user login action set and the user access action set; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items; wherein the behavior score comprises a risk score for the behavior and a credit score for the behavior; obtaining a total behavior score of the user access behavior by using the behavior score corresponding to each action item in the user login action set and the behavior score corresponding to each action item in the user access action set; screening high-risk behaviors of the user according to the total behavior score, a preset user risk threshold value and a user trust threshold value; and executing a limiting operation on the high-risk behavior of the user.
Specifically, the specific implementation method of the computer program when being executed by the processor may refer to the description of the relevant steps in the user access behavior evaluation method based on the zero-trust security system in the embodiment, which is not described herein again.
In the embodiments provided by the present invention, it should be understood that the disclosed apparatus, system, and method may be implemented in other ways. For example, the system embodiments described above are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or systems recited in the system claims may also be implemented by one unit or system in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (10)

1. A user access behavior evaluation method based on a zero-trust security system is characterized by comprising the following steps:
acquiring an access behavior of a user; the access behavior of the user comprises a user login action set and a user access action set;
respectively carrying out risk judgment and trust judgment on behaviors on each action item in the user login action set and the user access action set; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items; wherein the behavior score comprises a risk score for the behavior and a credit score for the behavior;
obtaining a total behavior score of the user access behavior by using the behavior score corresponding to each action item in the user login action set and the behavior score corresponding to each action item in the user access action set; screening high-risk behaviors of the user according to the total behavior score, a preset user risk threshold value and a user trust threshold value;
and executing a limiting operation on the high-risk behavior of the user.
2. The zero-trust security system-based user access behavior evaluation method of claim 1, wherein the action items of the user login action set comprise: whether the device ID used for logging in is a new ID; the login times required by the successful login of the equipment ID and the number of login user names corresponding to the equipment ID; the user accessing the action items of the action set comprises: the user using time, the user operating frequency, the relevance of the user downloading files and the existence of information change behaviors.
3. The user access behavior evaluation method based on the zero-trust security system according to claim 2, wherein a risk judgment of behavior and a trust judgment of behavior are performed on the action items of the login times required for successful login of the device ID; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items, wherein the steps comprise:
acquiring and storing the equipment ID data of the user through the behavior information of user login; the behavior information of the user login is obtained through login information input when the user logs in; the device ID data of the user includes a request time for the device ID to access the server;
comparing the acquired request time of the equipment ID for accessing the server with the login records stored in a database, and acquiring the login times required by successful login of the equipment ID;
performing risk judgment and trust judgment of the behavior according to the login times required by successful login of the equipment ID;
if the login times required by the successful login of the equipment ID are larger than a set login time threshold, judging that the action item of the equipment ID is a risk action, and performing risk scoring of the action according to a preset risk action scoring rule;
and if the occurrence frequency of the equipment ID is smaller than a set login frequency threshold value, judging that the action item of the equipment ID is a trust action, and performing trust scoring of the behavior according to a preset trust action scoring rule.
4. The user access behavior evaluation method based on the zero-trust security system according to claim 2, wherein a risk determination of behavior and a trust determination of behavior are performed on whether the device ID for login is an action item of a new ID; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items, wherein the steps comprise:
acquiring and storing the equipment ID data of the user through the behavior information of user login; the behavior information of the user login is obtained through login information input when the user logs in; the device ID data of the user comprises a device ID and request time when the device ID logs in;
comparing the obtained equipment ID with the equipment ID in the login record stored in the database to obtain the occurrence frequency of the equipment ID;
performing risk judgment and trust judgment of the behavior according to the occurrence number of the equipment ID;
if the occurrence frequency of the equipment ID is zero, judging that the equipment ID is a new ID, the action item is a risk action, and performing risk scoring of the action according to a preset risk action scoring rule;
and if the occurrence frequency of the equipment ID is more than or equal to 1, judging that the equipment ID is a trustable ID, and the action item is a trust action, and performing trust scoring of the behavior according to a preset trust action scoring rule.
5. The user access behavior evaluation method based on the zero-trust security system as claimed in claim 2, wherein the risk determination and the trust determination of the behavior are performed on the action items of the user name number corresponding to the device ID; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items, wherein the steps comprise:
acquiring and storing the equipment ID data of the user through the behavior information of user login; the behavior information of the user login is obtained through login information input when the user logs in; the device ID data of the user comprises a login user name corresponding to the device ID;
comparing the obtained login user name corresponding to the equipment ID with the login user name corresponding to the equipment ID in the login record stored in a database, and obtaining the number of the login user names corresponding to the equipment ID;
performing risk judgment and trust judgment of behaviors according to the number of login user names of the equipment ID;
if the number of login user names of the equipment ID is larger than 3, judging that the action item is a risk action, and performing risk scoring of the action according to a preset risk action scoring rule;
and if the number of login user names of the equipment ID is less than or equal to 3, judging that the action item is a trust action, and performing trust scoring of the action according to a preset trust action scoring rule.
6. The user access behavior evaluation method based on the zero-trust security system of claim 2, wherein the risk judgment and the trust judgment of the behavior are performed on the action items of the user operation frequency; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items, wherein the steps comprise:
acquiring and storing the operating frequency of the user through the behavior information accessed by the user; the behavior information accessed by the user is obtained through an access operation request sent when the user accesses; the operation frequency of the user comprises a screenshot frequency and a downloading frequency;
performing behavior risk judgment and behavior trust judgment on the operation frequency of the user according to a preset screenshot frequency threshold and a preset downloading frequency threshold;
if the operation frequency of the user is greater than a preset screenshot frequency threshold or a preset downloading frequency threshold, judging the action item to be a risk action, and scoring the risk of the action according to a preset risk action scoring rule;
and if the operation frequency of the user is less than a preset screenshot frequency threshold or a preset downloading frequency threshold, judging the action item to be a trust action, and performing trust scoring of the action according to a preset trust action scoring rule.
7. The user access behavior evaluation method based on the zero-trust security system as claimed in claim 2, wherein the risk judgment and the trust judgment of the behavior are performed on the action items of the relevance of the user download file; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items, wherein the steps comprise:
acquiring and storing data of a file downloaded by a user through behavior information accessed by the user; the behavior information accessed by the user is obtained through an access operation request sent when the user accesses; the data of the user downloaded file comprises a file name of the user downloaded file named according to the classification attribute;
judging the association degree of the user downloaded file according to whether the file name of the user downloaded file belongs to the same category;
performing risk judgment and trust judgment of behaviors on the relevance of the user downloaded files according to the preset relevance threshold;
if the relevance of the file downloaded by the user is smaller than the preset relevance threshold, judging the action item to be a risk action, and performing risk scoring of the action according to a preset risk action scoring rule;
and if the relevance of the file downloaded by the user is greater than the preset relevance threshold, judging the action item as a trust action, and performing trust scoring of the action according to a preset trust action scoring rule.
8. A user access behavior evaluation system based on a zero trust security system, the system comprising:
the access behavior acquisition unit of the user is used for acquiring the access behavior of the user; the access behavior of the user comprises a user login action set and a user access action set;
the action item scoring unit is used for respectively carrying out action risk judgment and action trust judgment on each action item in the user login action set and the user access action set; performing risk assessment and credit assessment on the action items according to the risk assessment and trust assessment results of the actions, and obtaining action scores corresponding to the action items; wherein the behavior score comprises a risk score for the behavior and a credit score for the behavior;
the high-risk behavior screening unit is used for obtaining the total behavior score of the user access behavior by utilizing the behavior score corresponding to each action item in the user login action set and the behavior score corresponding to each action item in the user access action set; screening high-risk behaviors of the user according to the total behavior score, a preset user risk threshold value and a user trust threshold value;
and the user high-risk behavior limiting execution unit is used for executing limiting operation on the user high-risk behavior.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the steps of the method for zero trust security system based user access behavior assessment as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the method for assessing user access behavior based on a zero trust security system as claimed in any one of claims 1 to 7.
CN202111535695.XA 2021-12-15 2021-12-15 User access behavior evaluation method and system based on zero-trust security system Pending CN114238959A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111535695.XA CN114238959A (en) 2021-12-15 2021-12-15 User access behavior evaluation method and system based on zero-trust security system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111535695.XA CN114238959A (en) 2021-12-15 2021-12-15 User access behavior evaluation method and system based on zero-trust security system

Publications (1)

Publication Number Publication Date
CN114238959A true CN114238959A (en) 2022-03-25

Family

ID=80756446

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111535695.XA Pending CN114238959A (en) 2021-12-15 2021-12-15 User access behavior evaluation method and system based on zero-trust security system

Country Status (1)

Country Link
CN (1) CN114238959A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115022094A (en) * 2022-08-08 2022-09-06 广东省信息工程有限公司 Monitoring system for computer service conditions
CN116155617A (en) * 2023-04-04 2023-05-23 天津市职业大学 Webpage operation safety management monitoring system
CN116208429A (en) * 2023-04-27 2023-06-02 中国信息通信研究院 Security capability evaluation method and device of zero trust system architecture
CN116862237A (en) * 2023-07-13 2023-10-10 武汉市驿宝通网络科技有限公司 Risk control method and system for lottery behaviors of user
CN117294529A (en) * 2023-11-24 2023-12-26 成都安美勤信息技术股份有限公司 Abnormal login detection method and system for intelligent medical platform

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115022094A (en) * 2022-08-08 2022-09-06 广东省信息工程有限公司 Monitoring system for computer service conditions
CN115022094B (en) * 2022-08-08 2022-12-20 广东省信息工程有限公司 Monitoring system convenient to know inside computer in unit in service behavior
CN116155617A (en) * 2023-04-04 2023-05-23 天津市职业大学 Webpage operation safety management monitoring system
CN116155617B (en) * 2023-04-04 2023-07-18 天津市职业大学 Webpage operation safety management monitoring system
CN116208429A (en) * 2023-04-27 2023-06-02 中国信息通信研究院 Security capability evaluation method and device of zero trust system architecture
CN116208429B (en) * 2023-04-27 2023-07-21 中国信息通信研究院 Security capability evaluation method and device of zero trust system architecture
CN116862237A (en) * 2023-07-13 2023-10-10 武汉市驿宝通网络科技有限公司 Risk control method and system for lottery behaviors of user
CN117294529A (en) * 2023-11-24 2023-12-26 成都安美勤信息技术股份有限公司 Abnormal login detection method and system for intelligent medical platform
CN117294529B (en) * 2023-11-24 2024-01-30 成都安美勤信息技术股份有限公司 Abnormal login detection method and system for intelligent medical platform

Similar Documents

Publication Publication Date Title
CN114238959A (en) User access behavior evaluation method and system based on zero-trust security system
CN110992169B (en) Risk assessment method, risk assessment device, server and storage medium
US10554736B2 (en) Mobile URL categorization
US9825978B2 (en) Lateral movement detection
CN111786950B (en) Network security monitoring method, device, equipment and medium based on situation awareness
CN107003976A (en) Based on active rule can be permitted determine that activity can be permitted
US20230388327A1 (en) Systems and methods for assessing riskiness of a domain
CN113364753B (en) Anti-crawler method and device, electronic equipment and computer readable storage medium
CN111683047B (en) Unauthorized vulnerability detection method, device, computer equipment and medium
ES2818588T3 (en) Method and device to prevent the server from being attacked
TWI701932B (en) Identity authentication method, server and client equipment
CN102037472A (en) Software reputation establishment and monitoring system and method
CN112015663A (en) Test data recording method, device, equipment and medium
CN113111359A (en) Big data resource sharing method and resource sharing system based on information security
Nygard et al. Trust and Purpose in Computing
CN110572402A (en) internet hosting website detection method and system based on network access behavior analysis and readable storage medium
US20210209702A1 (en) Addressing propagation of inaccurate information in a social networking environment
CN116595554B (en) Method and device for realizing government affair data security analysis based on multiple dimensions
US20210165907A1 (en) Systems and methods for intelligent and quick masking
CN114662095A (en) Safety monitoring method, device and equipment based on operation data and storage medium
CN112597490A (en) Security threat arrangement response method and device, electronic equipment and readable storage medium
US20210209620A1 (en) Assessing Impact of Media Data Upon Brand Worth
CN116094847B (en) Honeypot identification method, honeypot identification device, computer equipment and storage medium
CN115086047B (en) Interface authentication method and device, electronic equipment and storage medium
CN114978766B (en) Privacy security protection method, device, equipment and medium based on big data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination