CN115827414A - Network user behavior monitoring and analyzing method based on open source data - Google Patents
Network user behavior monitoring and analyzing method based on open source data Download PDFInfo
- Publication number
- CN115827414A CN115827414A CN202310113299.0A CN202310113299A CN115827414A CN 115827414 A CN115827414 A CN 115827414A CN 202310113299 A CN202310113299 A CN 202310113299A CN 115827414 A CN115827414 A CN 115827414A
- Authority
- CN
- China
- Prior art keywords
- network user
- data
- behavior
- monitored
- historical
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the field of network user behavior monitoring and analysis, in particular to a network user behavior monitoring and analysis method based on open source data, which comprises the following steps: obtaining historical normal behavior data and historical abnormal behavior data of the network user based on the open source data; performing network user behavior matching processing by using the network user historical normal behavior data and the network user historical abnormal behavior data to obtain an initial result to be monitored of the network user behavior; the network user behavior monitoring analysis result is obtained by utilizing the initial result to be monitored of the network user behavior, the applicability of the monitoring analysis method is high based on a large amount of open source data, the monitoring accuracy is improved, errors caused by single data or misoperation are avoided, the combination processing of the network browsing behavior and the network talking behavior is provided on the basis of multi-time verification, the high credibility of the monitoring analysis result is improved, and the control strength on abnormal network behaviors is enhanced.
Description
Technical Field
The invention relates to the field of network user behavior monitoring and analysis, in particular to a network user behavior monitoring and analysis method based on open source data.
Background
The operation of the network user which is difficult to distinguish and easy to generate risks exists in a large number of network behaviors, the operation is in inseparable connection with the harm of a website or an unknown network journal, and the operation of the network user which is large in operation amount and is in question risks is difficult to solve urgently because of the fact that the number of the network users is large, and meanwhile, the prediction and analysis of the risk behaviors of the network user by utilizing open source data is combined with actual situations, and the operation becomes one of the presented difficult problems gradually.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a network user behavior monitoring and analyzing method based on open source data, which forms a set of network user behavior monitoring method with strong pertinence and wide application range through the acquisition and accumulation of the open source data, and greatly improves the monitoring accuracy and the identification efficiency.
In order to achieve the above object, the present invention provides a network user behavior monitoring and analyzing method based on open source data, which includes:
obtaining historical normal behavior data and historical abnormal behavior data of the network user based on the open source data;
performing network user behavior matching processing by using the network user historical normal behavior data and the network user historical abnormal behavior data to obtain an initial result to be monitored of the network user behavior;
and obtaining a network user behavior monitoring analysis result by using the initial result to be monitored of the network user behavior.
Preferably, the obtaining of the historical normal behavior data of the network user and the historical abnormal behavior data of the network user based on the open source data includes:
acquiring historical normal behavior data of network users in open source data;
acquiring historical suspected abnormal behavior data of network users and historical abnormal behavior data determined by the network users in open source data as historical abnormal behavior data of the network users;
the behavior data comprises network user browsing data and network user speech data.
Preferably, the obtaining of the initial result to be monitored of the network user behavior by performing the network user behavior matching processing by using the historical normal behavior data of the network user and the historical abnormal behavior data of the network user comprises:
obtaining relevant data to be monitored of the network user behavior according to the historical normal behavior data of the network user and the historical abnormal behavior data of the network user by using the data to be monitored of the network user behavior;
and obtaining an initial result to be monitored of the network user behavior by using the correlation data to be monitored of the network user behavior.
Further, the obtaining of the correlation data to be monitored of the network user behavior according to the historical normal behavior data of the network user and the historical abnormal behavior data of the network user by using the data to be monitored of the network user behavior includes:
acquiring a correlation threshold to be monitored of the network user behavior by using the network user historical suspected abnormal behavior data of the network user historical normal behavior data and the network user historical abnormal behavior data;
after semantic analysis processing is carried out on network user speech data of the data to be monitored of the network user behaviors, initial data of the correlation to be monitored of the network user behaviors are obtained according to the threshold value of the correlation to be monitored of the network user behaviors;
and judging whether the initial data of the correlation to be monitored of the network user behavior has risks, if so, obtaining the data of the correlation to be monitored of the network user behavior by using the network user browsing data of the data to be monitored of the network user behavior, and if not, using the initial data of the correlation to be monitored of the network user behavior as the data of the correlation to be monitored of the network user behavior.
Further, the obtaining of the correlation threshold to be monitored of the network user behavior by using the network user historical suspected abnormal behavior data of the network user historical normal behavior data and the network user historical abnormal behavior data includes:
acquiring historical suspected abnormal characteristic data of the network user by utilizing the historical suspected abnormal behavior data of the network user of the historical abnormal behavior data of the network user;
and obtaining a correlation threshold value to be monitored of the network user behavior by using the historical suspected abnormal feature data of the network user and the historical normal behavior data of the network user.
Further, the obtaining of the historical suspected abnormal feature data of the network user by using the historical suspected abnormal behavior data of the network user of the historical abnormal behavior data of the network user comprises:
obtaining network user speech vocabulary characteristic data by using the network user speech data of the network user historical suspected abnormal behavior data based on a semantic analysis algorithm;
obtaining characteristic data of network user browsing websites based on a malicious website list by using the network user browsing data of the network user historical suspected abnormal behavior data;
and using the characteristic data of the words spoken by the network user and the characteristic data of the website browsed by the network user as historical suspected abnormal characteristic data of the network user.
Further, the obtaining of the correlation threshold to be monitored of the network user behavior by using the suspected abnormal characteristic data of the network user history and the normal behavior data of the network user history comprises:
the calculation formula for calculating the similarity value of the network user speech data by using the network user speech vocabulary characteristic data of the network user historical suspected abnormal characteristic data and the network user speech data of the network user historical normal behavior data is as follows:
wherein d is 1 Speaking data similarity value, x, for network user p Spoken vocabulary feature data, y, for network user historical suspected abnormal feature data p The network user speech data of the historical normal behavior data of the network user;
network user utilizing network user historical suspected abnormal feature dataThe calculation formula for calculating the similarity value of the browsing data of the network user according to the browsing data of the network user who browses the website characteristic data and the historical normal behavior data of the network user is as follows:
wherein d is 2 Browsing data similarity values, m, for network users p Browsing website characteristic data, n, for a network user of historical suspected abnormal characteristic data of the network user p Browsing data for the network user of the historical normal behavior data of the network user;
when network user speech vocabulary characteristic data of the network user historical suspected abnormal characteristic data exist, using the similarity value of the network user browsing data as a correlation threshold value to be monitored of the network user behavior;
when a network user who has historical suspected abnormal feature data browses website feature data, the speech data similarity value of the network user is used as a correlation threshold value to be monitored of the network user behavior.
Further, obtaining initial data of the correlation to be monitored of the network user behavior according to the threshold of the correlation to be monitored of the network user behavior comprises:
when the initial data of the correlation to be monitored of the network user behavior is larger than the threshold value of the correlation to be monitored of the network user behavior, the initial data of the correlation to be monitored of the network user behavior is high risk;
when any one of the initial data of the correlation to be monitored of the network user behavior is greater than the threshold value of the correlation to be monitored of the network user behavior, the initial data of the correlation to be monitored of the network user behavior is low risk;
when the initial data of the correlation to be monitored of the network user behavior is smaller than the threshold value of the correlation to be monitored of the network user behavior, the initial data of the correlation to be monitored of the network user behavior is risk-free;
the initial data types of the correlation to be monitored of the network user behavior are network user browsing data and network user speech data.
Further, obtaining the initial result of the network user behavior to be monitored by using the correlation data of the network user behavior to be monitored includes:
when the network user behavior to-be-monitored correlation data is network user browsing data of the network user behavior to-be-monitored data, judging whether the browsing quantity of malicious websites in the network user browsing data of the network user behavior to-be-monitored data exceeds 50%, if so, judging that an initial result of the network user behavior to-be-monitored is a risk, otherwise, judging that the initial result of the network user behavior to-be-monitored is a predicted risk;
when the correlation data to be monitored of the network user behavior is the initial correlation data to be monitored of the network user behavior, judging whether the risk change trend of the initial correlation data to be monitored of the network user behavior is rising, if so, judging that the initial result to be monitored of the network user behavior is a risk, otherwise, judging that the initial result to be monitored of the network user behavior is temporary risk-free.
Preferably, the obtaining of the network user behavior monitoring analysis result by using the initial result to be monitored of the network user behavior comprises:
when the initial result of the network user behavior to be monitored has a risk, judging whether the initial result of the network user behavior to be monitored is lower than the initial result of the network user behavior to be monitored at the previous adjacent moment, if so, judging that the result of the network user behavior monitoring analysis is a predicted risk, otherwise, judging that the result of the network user behavior monitoring analysis is a risk;
and when the initial result of the network user behavior to be monitored has no risk, the result of the network user behavior monitoring analysis is risk-free.
Compared with the closest prior art, the invention has the following beneficial effects:
the monitoring analysis method is high in applicability and free from practical application conditions on the basis of a large amount of open source data, multi-time verification is conducted on risk behavior operation, monitoring accuracy is improved, errors caused by single data or misoperation are avoided, combination processing of network browsing behaviors and network talking behaviors is provided on the basis of multi-time verification, high credibility of monitoring analysis results is improved, and control strength of abnormal network behaviors is enhanced.
Drawings
Fig. 1 is a flowchart of a network user behavior monitoring and analyzing method based on open source data according to the present invention.
Detailed Description
The following describes embodiments of the present invention in further detail with reference to the accompanying drawings.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
Example 1: the invention provides a network user behavior monitoring and analyzing method based on open source data, as shown in figure 1, comprising the following steps:
s1, obtaining historical normal behavior data and historical abnormal behavior data of a network user based on open source data;
s2, performing network user behavior matching processing by using the network user historical normal behavior data and the network user historical abnormal behavior data to obtain an initial result to be monitored of the network user behavior;
and S3, obtaining a network user behavior monitoring analysis result by using the initial result to be monitored of the network user behavior.
S1 specifically comprises the following steps:
s1-1, acquiring historical normal behavior data of a network user in open source data;
s1-2, acquiring historical suspected abnormal behavior data of network users in open source data and historical abnormal behavior data determined by the network users as historical abnormal behavior data of the network users;
the behavior data comprises network user browsing data and network user speech data.
S2 specifically comprises the following steps:
s2-1, obtaining correlation data to be monitored of network user behaviors according to the historical normal behavior data of the network users and the historical abnormal behavior data of the network users by using the data to be monitored of the network user behaviors;
and S2-2, obtaining an initial result to be monitored of the network user behavior by using the correlation data to be monitored of the network user behavior.
S2-1 specifically comprises:
s2-1-1, obtaining a correlation threshold value to be monitored of the network user behavior by using the network user historical suspected abnormal behavior data of the network user historical normal behavior data and the network user historical abnormal behavior data;
s2-1-2, performing semantic analysis processing on network user speech data of the data to be monitored of the network user behaviors, and obtaining initial data of the correlation to be monitored of the network user behaviors according to the threshold value of the correlation to be monitored of the network user behaviors;
s2-1-3, judging whether the initial data of the correlation to be monitored of the network user behavior has risks, if so, obtaining the correlation data to be monitored of the network user behavior by using the network user browsing data of the data to be monitored of the network user behavior, otherwise, using the initial data of the correlation to be monitored of the network user behavior as the correlation data to be monitored of the network user behavior.
S2-1-1 specifically comprises:
s2-1-1-1, obtaining historical suspected abnormal characteristic data of the network user by utilizing the historical suspected abnormal behavior data of the network user of the historical abnormal behavior data of the network user;
s2-1-1-2, obtaining a correlation threshold value to be monitored of the network user behavior by using the historical suspected abnormal feature data of the network user and the historical normal behavior data of the network user.
S2-1-1-1 specifically comprises:
s2-1-1-1-1, obtaining network user speech vocabulary characteristic data by using the network user speech data of the network user historical suspected abnormal behavior data based on a semantic analysis algorithm;
s2-1-1-1-2, obtaining characteristic data of a website browsed by the network user based on a malicious website list by using the network user browsing data of the historical suspected abnormal behavior data of the network user;
s2-1-1-1-3, using the characteristic data of words spoken by the network user and the characteristic data of websites browsed by the network user as the historical suspected abnormal characteristic data of the network user.
In this embodiment, the malicious website list, the historical abnormal behavior data of the network user, and the historical suspected abnormal behavior data of the network user are obtained based on open source data and serve as basic data criteria of the method.
S2-1-1-2 specifically comprises:
s2-1-1-2-1, calculating the similarity value of the network user speech data by using the network user speech vocabulary characteristic data of the network user historical suspected abnormal characteristic data and the network user speech data of the network user historical normal behavior data according to the following calculation formula:
wherein d is 1 Speaking data similarity value, x, for network user p The vocabulary characteristic data, y, spoken by the network user for the historical suspected abnormal characteristic data of the network user p The network user speech data of the historical normal behavior data of the network user;
s2-1-1-2-2, calculating the similarity value of the browsing data of the network user by using the browsing website characteristic data of the network user with the historical suspected abnormal characteristic data of the network user and the browsing data of the network user with the historical normal behavior data of the network user according to the following calculation formula:
wherein d is 2 Browsing data similarity values, m, for network users p Browsing website characteristic data, n, for a network user of historical suspected abnormal characteristic data of the network user p Browsing data for the network user of the historical normal behavior data of the network user;
s2-1-1-2-3, when network user speech vocabulary characteristic data of the historical suspected abnormal characteristic data of the network user exist, using the similarity value of the browsing data of the network user as a correlation threshold value to be monitored of the network user behavior;
s2-1-1-2-4, when the website characteristic data browsed by the network user with the historical suspected abnormal characteristic data of the network user, using the speech data similarity value of the network user as the correlation threshold value to be monitored of the network user behavior.
S2-1-2 specifically comprises:
s2-1-2-1, when the initial data of the correlation to be monitored of the network user behavior is larger than the threshold value of the correlation to be monitored of the network user behavior, the initial data of the correlation to be monitored of the network user behavior is high risk;
s2-1-2-2, when any one of the initial data of the correlation to be monitored of the network user behavior is greater than the threshold value of the correlation to be monitored of the network user behavior, the initial data of the correlation to be monitored of the network user behavior is low risk;
s2-1-2-3, when the initial data of the correlation to be monitored of the network user behavior is smaller than the threshold value of the correlation to be monitored of the network user behavior, the initial data of the correlation to be monitored of the network user behavior is risk-free;
the initial data types of the correlation to be monitored of the network user behavior are network user browsing data and network user speech data.
S2-2 specifically comprises:
s2-2-1, when the network user behavior to-be-monitored correlation data is network user browsing data of the network user behavior to-be-monitored data, judging whether the browsing quantity of malicious websites in the network user browsing data of the network user behavior to-be-monitored data exceeds 50%, if so, judging that an initial result of the network user behavior to-be-monitored is a risk, otherwise, judging that the initial result of the network user behavior to-be-monitored is a predicted risk;
s2-2-2, when the correlation data to be monitored of the network user behaviors are the initial correlation data to be monitored of the network user behaviors, judging whether the risk change trend of the initial correlation data to be monitored of the network user behaviors is rising, if yes, the initial results to be monitored of the network user behaviors are in risk, and if not, the initial results to be monitored of the network user behaviors are in no risk temporarily.
S3 specifically comprises the following steps:
s3-1, when the initial result of the network user behavior to be monitored has a risk, judging whether the initial result of the network user behavior to be monitored is lower than the initial result of the network user behavior to be monitored at the previous adjacent moment, if so, judging that the result of the network user behavior monitoring analysis is a predicted risk, otherwise, judging that the result of the network user behavior monitoring analysis is a risk;
and S3-2, when the initial result of the network user behavior to be monitored has no risk, the result of the network user behavior monitoring analysis is risk-free.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.
Claims (10)
1. A network user behavior monitoring and analyzing method based on open source data is characterized by comprising the following steps:
obtaining historical normal behavior data and historical abnormal behavior data of the network user based on the open source data;
performing network user behavior matching processing by using the network user historical normal behavior data and the network user historical abnormal behavior data to obtain an initial result to be monitored of the network user behavior;
and obtaining a network user behavior monitoring analysis result by using the initial result to be monitored of the network user behavior.
2. The method for monitoring and analyzing the behavior of the network user based on the open-source data as claimed in claim 1, wherein obtaining the historical normal behavior data and the historical abnormal behavior data of the network user based on the open-source data comprises:
acquiring historical normal behavior data of network users in open source data;
acquiring historical suspected abnormal behavior data of network users and historical abnormal behavior data determined by the network users in open source data as historical abnormal behavior data of the network users;
the behavior data comprises network user browsing data and network user speech data.
3. The method for monitoring and analyzing network user behavior based on open source data according to claim 1, wherein the step of performing network user behavior matching processing by using the historical normal behavior data of the network user and the historical abnormal behavior data of the network user to obtain the initial result to be monitored of the network user behavior comprises the following steps:
obtaining relevant data to be monitored of the network user behavior according to the historical normal behavior data of the network user and the historical abnormal behavior data of the network user by using the data to be monitored of the network user behavior;
and obtaining an initial result to be monitored of the network user behavior by using the correlation data to be monitored of the network user behavior.
4. The method for monitoring and analyzing network user behavior based on open source data according to claim 3, wherein the obtaining the correlation data to be monitored of the network user behavior according to the historical normal behavior data of the network user and the historical abnormal behavior data of the network user by using the data to be monitored of the network user behavior comprises:
acquiring a correlation threshold to be monitored of the network user behavior by using the network user historical suspected abnormal behavior data of the network user historical normal behavior data and the network user historical abnormal behavior data;
after semantic analysis processing is carried out on network user speech data of the data to be monitored of the network user behaviors, initial data of the correlation to be monitored of the network user behaviors are obtained according to the threshold value of the correlation to be monitored of the network user behaviors;
and judging whether the initial data of the correlation to be monitored of the network user behavior has risks, if so, obtaining the correlation data to be monitored of the network user behavior by using the network user browsing data of the data to be monitored of the network user behavior, otherwise, using the initial data of the correlation to be monitored of the network user behavior as the correlation data to be monitored of the network user behavior.
5. The method for monitoring and analyzing the network user behavior based on the open-source data as claimed in claim 4, wherein the step of obtaining the threshold of the correlation to be monitored of the network user behavior by using the historical suspected abnormal behavior data of the network user, which is obtained from the historical normal behavior data of the network user and the historical abnormal behavior data of the network user, comprises:
acquiring historical suspected abnormal characteristic data of the network user by utilizing the historical suspected abnormal behavior data of the network user of the historical abnormal behavior data of the network user;
and acquiring a correlation threshold to be monitored of the network user behavior by using the historical suspected abnormal feature data of the network user and the historical normal behavior data of the network user.
6. The method for monitoring and analyzing the network user behavior based on the open-source data as claimed in claim 5, wherein the step of obtaining the historical suspected abnormal feature data of the network user by using the historical suspected abnormal behavior data of the network user based on the historical abnormal behavior data of the network user comprises:
obtaining network user speech word characteristic data by utilizing the network user speech data of the network user historical suspected abnormal behavior data based on a semantic analysis algorithm;
obtaining characteristic data of network user browsing websites based on a malicious website list by using the network user browsing data of the network user historical suspected abnormal behavior data;
and using the characteristic data of the words spoken by the network user and the characteristic data of the website browsed by the network user as historical suspected abnormal characteristic data of the network user.
7. The method as claimed in claim 5, wherein the step of obtaining the correlation threshold to be monitored of the network user behavior by using the historical suspected abnormal feature data of the network user and the historical normal behavior data of the network user comprises:
the calculation formula for calculating the similarity value of the network user speech data by using the network user speech vocabulary characteristic data of the network user historical suspected abnormal characteristic data and the network user speech data of the network user historical normal behavior data is as follows:
wherein d is 1 Speaking data similarity value, x, for network user p The vocabulary characteristic data, y, spoken by the network user for the historical suspected abnormal characteristic data of the network user p The network user speech data of the historical normal behavior data of the network user;
the calculation formula for calculating the similarity value of the browsing data of the network user by using the browsing website feature data of the network user with historical suspected abnormal feature data and the browsing data of the network user with historical normal behavior data of the network user is as follows:
wherein d is 2 Browsing data similarity values, m, for network users p Browsing website characteristic data, n, for a network user of historical suspected abnormal characteristic data of the network user p Browsing data for the network user of the historical normal behavior data of the network user;
when network user speech vocabulary characteristic data of the network user historical suspected abnormal characteristic data exist, using the similarity value of the network user browsing data as a correlation threshold value to be monitored of the network user behavior;
when a network user who has historical suspected abnormal feature data browses website feature data, the speech data similarity value of the network user is used as a correlation threshold value to be monitored of the network user behavior.
8. The method for monitoring and analyzing network user behavior based on open source data according to claim 4, wherein obtaining initial data of the correlation to be monitored of the network user behavior according to the threshold of the correlation to be monitored of the network user behavior comprises:
when the initial data of the correlation to be monitored of the network user behavior is larger than the threshold value of the correlation to be monitored of the network user behavior, the initial data of the correlation to be monitored of the network user behavior is high risk;
when any one of the initial data of the correlation to be monitored of the network user behavior is greater than the threshold value of the correlation to be monitored of the network user behavior, the initial data of the correlation to be monitored of the network user behavior is low risk;
when the initial data of the correlation to be monitored of the network user behavior is smaller than the threshold value of the correlation to be monitored of the network user behavior, the initial data of the correlation to be monitored of the network user behavior is risk-free;
the initial data types of the correlation to be monitored of the network user behavior are network user browsing data and network user speech data.
9. The method as claimed in claim 3, wherein the obtaining of the initial result of the network user behavior to be monitored by using the correlation data of the network user behavior to be monitored comprises:
when the network user behavior to-be-monitored correlation data is network user browsing data of the network user behavior to-be-monitored data, judging whether the browsing quantity of malicious websites in the network user browsing data of the network user behavior to-be-monitored data exceeds 50%, if so, judging that an initial result of the network user behavior to-be-monitored is a risk, otherwise, judging that the initial result of the network user behavior to-be-monitored is a predicted risk;
when the correlation data to be monitored of the network user behavior is the initial correlation data to be monitored of the network user behavior, judging whether the risk change trend of the initial correlation data to be monitored of the network user behavior is rising, if so, judging that the initial result to be monitored of the network user behavior is a risk, otherwise, judging that the initial result to be monitored of the network user behavior is temporary risk-free.
10. The method as claimed in claim 1, wherein the step of obtaining the network user behavior monitoring analysis result by using the initial result to be monitored of the network user behavior comprises:
when the initial result of the network user behavior to be monitored has a risk, judging whether the initial result of the network user behavior to be monitored is lower than the initial result of the network user behavior to be monitored at the previous adjacent moment, if so, judging that the result of the network user behavior monitoring analysis is a predicted risk, otherwise, judging that the result of the network user behavior monitoring analysis is a risk;
and when the initial result of the network user behavior to be monitored has no risk, the result of the network user behavior monitoring analysis is risk-free.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310113299.0A CN115827414B (en) | 2023-02-15 | 2023-02-15 | Network user behavior monitoring and analyzing method based on open source data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310113299.0A CN115827414B (en) | 2023-02-15 | 2023-02-15 | Network user behavior monitoring and analyzing method based on open source data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115827414A true CN115827414A (en) | 2023-03-21 |
| CN115827414B CN115827414B (en) | 2023-05-02 |
Family
ID=85521373
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310113299.0A Active CN115827414B (en) | 2023-02-15 | 2023-02-15 | Network user behavior monitoring and analyzing method based on open source data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115827414B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110516156A (en) * | 2019-08-29 | 2019-11-29 | 深信服科技股份有限公司 | A kind of network behavior monitoring device, method, equipment and storage medium |
| CN111507878A (en) * | 2020-04-08 | 2020-08-07 | 北京信息科技大学 | Method and system for detecting cyber crime suspects based on user portrait |
| CN111754241A (en) * | 2019-05-27 | 2020-10-09 | 北京京东尚科信息技术有限公司 | User behavior perception method, device, equipment and medium |
| CN112395608A (en) * | 2020-12-14 | 2021-02-23 | 深圳中兴网信科技有限公司 | Network security threat monitoring method, device and readable storage medium |
| CN112685621A (en) * | 2021-01-06 | 2021-04-20 | 深圳市网联安瑞网络科技有限公司 | Network public opinion detection system and method integrating public opinion wind direction tracking and civil opinion prediction |
| US20210392146A1 (en) * | 2020-06-16 | 2021-12-16 | Zscaler, Inc. | Machine Learning-based user and entity behavior analysis for network security |
| WO2021258992A1 (en) * | 2020-06-24 | 2021-12-30 | 平安科技(深圳)有限公司 | User behavior monitoring method and apparatus based on big data, device, and medium |
| CN114500122A (en) * | 2022-04-18 | 2022-05-13 | 国家计算机网络与信息安全管理中心江苏分中心 | Specific network behavior analysis method and system based on multi-source data fusion |
-
2023
- 2023-02-15 CN CN202310113299.0A patent/CN115827414B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111754241A (en) * | 2019-05-27 | 2020-10-09 | 北京京东尚科信息技术有限公司 | User behavior perception method, device, equipment and medium |
| CN110516156A (en) * | 2019-08-29 | 2019-11-29 | 深信服科技股份有限公司 | A kind of network behavior monitoring device, method, equipment and storage medium |
| CN111507878A (en) * | 2020-04-08 | 2020-08-07 | 北京信息科技大学 | Method and system for detecting cyber crime suspects based on user portrait |
| US20210392146A1 (en) * | 2020-06-16 | 2021-12-16 | Zscaler, Inc. | Machine Learning-based user and entity behavior analysis for network security |
| WO2021258992A1 (en) * | 2020-06-24 | 2021-12-30 | 平安科技(深圳)有限公司 | User behavior monitoring method and apparatus based on big data, device, and medium |
| CN112395608A (en) * | 2020-12-14 | 2021-02-23 | 深圳中兴网信科技有限公司 | Network security threat monitoring method, device and readable storage medium |
| CN112685621A (en) * | 2021-01-06 | 2021-04-20 | 深圳市网联安瑞网络科技有限公司 | Network public opinion detection system and method integrating public opinion wind direction tracking and civil opinion prediction |
| CN114500122A (en) * | 2022-04-18 | 2022-05-13 | 国家计算机网络与信息安全管理中心江苏分中心 | Specific network behavior analysis method and system based on multi-source data fusion |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115827414B (en) | 2023-05-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108989150B (en) | Login abnormity detection method and device | |
| CN111669375B (en) | Online safety situation assessment method and system for power industrial control terminal | |
| CN110928718A (en) | Exception handling method, system, terminal and medium based on correlation analysis | |
| WO2021217855A1 (en) | Abnormal root cause positioning method and apparatus, and electronic device and storage medium | |
| CN110750429A (en) | Abnormity detection method, device, equipment and storage medium of operation and maintenance management system | |
| CN110460458B (en) | Flow anomaly detection method based on multi-order Markov chain | |
| CN110570544A (en) | method, device, equipment and storage medium for identifying faults of aircraft fuel system | |
| CN110083507B (en) | Key performance index classification method and device | |
| CN113127305A (en) | Abnormality detection method and apparatus | |
| CN113889118A (en) | Fraud telephone identification method and device, computer equipment and storage medium | |
| CN115858794B (en) | Abnormal log data identification method for network operation safety monitoring | |
| CN110086829B (en) | Method for detecting abnormal behaviors of Internet of things based on machine learning technology | |
| CN115827414A (en) | Network user behavior monitoring and analyzing method based on open source data | |
| CN116956076B (en) | Prompting system for abnormal state of user quantity | |
| CN113123955B (en) | Plunger pump abnormity detection method and device, storage medium and electronic equipment | |
| CN113065234B (en) | Batch reliability risk level assessment method and system for intelligent electric meters | |
| CN115688961A (en) | Power equipment fault prediction method and system based on deep learning | |
| CN109409127B (en) | Method and device for generating network data security policy and storage medium | |
| Deng et al. | Self-adaptive Threshold Traffic Anomaly Detection Based on $\varphi $-Entropy and the Improved EWMA Model | |
| CN110929800A (en) | Business body abnormal electricity utilization detection method based on sax algorithm | |
| CN116915506B (en) | Abnormal flow detection method and device, electronic equipment and storage medium | |
| CN115858986B (en) | Method, apparatus and storage medium for determining association status between news and stock | |
| CN113553545B (en) | Event detection method and system for small-current electrical appliance, equipment and storage medium | |
| CN111400168B (en) | Intelligent software wind control method, electronic device and computer readable storage medium | |
| CN117811796A (en) | Industrial control network access control method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |