KR101767454B1 - Method and apparatus of fraud detection for analyzing behavior pattern - Google Patents
Method and apparatus of fraud detection for analyzing behavior pattern Download PDFInfo
- Publication number
- KR101767454B1 KR101767454B1 KR1020150158592A KR20150158592A KR101767454B1 KR 101767454 B1 KR101767454 B1 KR 101767454B1 KR 1020150158592 A KR1020150158592 A KR 1020150158592A KR 20150158592 A KR20150158592 A KR 20150158592A KR 101767454 B1 KR101767454 B1 KR 101767454B1
- Authority
- KR
- South Korea
- Prior art keywords
- abnormal behavior
- user
- information
- abnormal
- action
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H04L67/22—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/306—User profiles
Abstract
The present invention relates to an abnormal behavior detection method, and more particularly, to an abnormal behavior detection method capable of detecting an abnormal behavior through profile-based analysis and machine learning based analysis, adding or deleting an abnormal behavior analysis rule through a user's action parameter value , A method for generating an abnormal behavior analysis model through machine learning to detect abnormal behavior, and a device therefor.
According to another aspect of the present invention, there is provided an abnormal behavior detection method comprising: collecting an action parameter value of a user in real time; A first detection step of detecting an abnormal behavior by comparing the collected behavior parameter values of the user with the abnormal behavior analysis rules of the user; A second detection step of inputting an action parameter value of a user not determined as an abnormal behavior in the first detection step into an abnormal behavior analysis model and detecting an abnormal behavior through calculation of the abnormal behavior analysis model; Determining whether the abnormal operation is performed by combining the detection result of the first detection step and the detection result of the second detection step; .
Description
The present invention relates to an abnormal behavior detection method, and more particularly, to an abnormal behavior detection method capable of detecting an abnormal behavior through profile-based analysis and machine learning based analysis, adding or deleting an abnormal behavior analysis rule through a user's action parameter value , A method for generating an abnormal behavior analysis model through machine learning to detect abnormal behavior, and a device therefor.
The contents described in this section merely provide background information on the present embodiment and do not constitute the prior art.
There is a need for an anomaly detection technology for effectively responding to web hacking and online fraud attempts by using a captured user account, a resident registration number, and credit card information in a social environment in which personal information is easily leaked by various hacking techniques have. As various types of fraud incidents occur in various fields such as insurance, finance, securities, and mobile communication, there is also a need for a technique that can be improved to intelligently judge fraud and be universally applicable to various types of websites.
In order to detect abnormal or fraudulent activity using logical defects or weaknesses of web services, it is necessary to be able to distinguish between logical and abnormal behavior patterns of each service, and to detect abnormal behavior based on normal behavior pattern vector .
However, the conventional detection method of the abnormal behavior pattern is based on the static rule, and there is a problem that it can not cope with the intelligent variant fraud and various hacking attempts appropriately.
The practicality of the anomaly detection technology is pre-blocked before the occurrence of the event. Therefore, the more effective the system is, the less time it takes to analyze, detect and determine the behavior pattern.
As a result, there is a growing need for technological alternatives that can broaden the range of active normative behaviors through artificial intelligence machine learning that can recognize new patterns automatically as well as static rules generated in advance.
In addition, in the field of e-commerce, the abolishment of the policy of mandatory use of public certificate has caused a problem about security vulnerability, and an abnormal behavior detection technology has been attracting attention for solving this problem. Also, .
Accordingly, the present invention provides an abnormal behavior detection method for enhancing the accuracy of abnormal behavior detection by adding or deleting abnormal behavior analysis rules through analysis of a user's behavior pattern in various web service environments and forming an abnormal behavior analysis model through machine learning Thereby providing a device for that.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are not restrictive of the invention, unless further departing from the spirit and scope of the invention as defined by the appended claims. It will be possible.
According to the present invention, there is provided a method for solving the above problems, comprising the steps of: collecting a user's action parameter value in real time; A first detection step of detecting an abnormal behavior by comparing the collected behavior parameter values of the user with the abnormal behavior analysis rules of the user; A second detection step of inputting an action parameter value of a user not determined as an abnormal behavior in the first detection step into an abnormal behavior analysis model and detecting an abnormal behavior through calculation of the abnormal behavior analysis model; Determining whether the abnormal operation is performed by combining the detection result of the first detection step and the detection result of the second detection step; And an abnormal behavior detection method.
According to another aspect of the present invention, there is provided an information processing apparatus including an information collecting unit for collecting, in real time, action parameter values generated for each user necessary for identifying an abnormal symptom; And an abnormal behavior analysis detecting unit for detecting whether or not the first abnormal behavior is detected by comparing the collected behavior parameter values of the user with the generated abnormal behavior analysis rule, ; Wherein the abnormal behavior analysis and detection unit determines whether a final abnormal behavior is caused by combining the determination results of the first abnormal behavior and the second abnormal behavior.
According to the present invention, the usage environment information (fingerprint attribute information of PC, mobile, etc.) of the user, the usage pattern of the user (input device usage behavior parameter, web navigation behavior parameter) Based on information such as time-based access page information / classification, and time-based user access method), and the attacking behavior can be quickly judged through machine learning of the artificial intelligence technique (SVDD).
The effects obtained in the present invention are not limited to the effects mentioned above, and other effects not mentioned can be clearly understood by those skilled in the art from the following description .
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of the specification, illustrate embodiments of the invention and, together with the description, serve to explain the technical features of the invention.
1 is a diagram for explaining a configuration of a system for providing an abnormal behavior detection method according to an embodiment of the present invention.
2 is a block diagram illustrating a schematic configuration of an abnormal behavior detection apparatus according to an embodiment of the present invention.
3 is a block diagram for explaining a schematic configuration of an information collecting unit in an abnormal behavior detecting apparatus according to an embodiment of the present invention.
4 is a block diagram for explaining a schematic configuration of a database unit in an abnormal behavior detection apparatus according to an embodiment of the present invention.
5 is a block diagram for explaining a schematic configuration of an abnormal behavior analysis detecting unit in the abnormal behavior detecting apparatus according to the embodiment of the present invention.
6 is a flowchart illustrating a process of forming an abnormal behavior analysis model according to an embodiment of the present invention.
7 is a flowchart illustrating a process of an abnormal behavior detection method according to an embodiment of the present invention.
8 is a flowchart illustrating an abnormal behavior detection process according to another embodiment of the present invention.
Hereinafter, preferred embodiments according to the present invention will be described in detail with reference to the accompanying drawings. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The following detailed description, together with the accompanying drawings, is intended to illustrate exemplary embodiments of the invention and is not intended to represent the only embodiments in which the invention may be practiced. The following detailed description includes specific details in order to provide a thorough understanding of the present invention. However, those skilled in the art will appreciate that the present invention may be practiced without these specific details.
In some instances, well-known structures and devices may be omitted or may be shown in block diagram form, centering on the core functionality of each structure and device, to avoid obscuring the concepts of the present invention.
Throughout the specification, when an element is referred to as "comprising" or " including ", it is meant that the element does not exclude other elements, do. Also, the terms "part," "module," and the like, which are described in the specification, refer to a unit for processing at least one function or operation, and may be implemented by hardware or software or a combination of hardware and software. It will also be understood by those skilled in the art that in the context of describing the invention (particularly in the context of the following claims), the terms " a or an, ""Quot; or " include ", unless the context clearly dictates otherwise.
Also, terms including ordinal numbers such as first, second, etc. are used to describe various elements, and are used only for the purpose of distinguishing one element from another, Not used. For example, without departing from the scope of the present invention, the second component may be referred to as a first component, and similarly, the first component may also be referred to as a second component.
The specific terminology used in the following description is provided to aid understanding of the present invention, and the use of such specific terminology may be changed into other forms without departing from the technical idea of the present invention.
The present invention provides an abnormal behavior detection method by analyzing a behavior pattern of a user in various service environments using a communication network. Hereinafter, a method proposed by the present invention will be described with reference to the drawings.
1 is a diagram for explaining a configuration of a system for providing an abnormal behavior detection method according to an embodiment of the present invention.
Referring to FIG. 1, the abnormal
The
The
However, the present invention is not limited to this, and any device that performs a certain function by allowing a user to connect to the
The
When the information is transmitted or provided to a computer system via a network or other (wired, wireless, or a combination of wired or wireless) communication connection, the connection may be understood as a computer-readable medium. Computer readable instructions include, for example, instructions and data that cause a general purpose computer system or special purpose computer system to perform a particular function or group of functions. The computer executable instructions may be binary, intermediate format instructions, such as, for example, assembly language, or even source code.
The
The abnormal
2 is a block diagram illustrating a schematic configuration of an abnormal behavior detection apparatus according to an embodiment of the present invention.
2, the abnormal
The
3 is a block diagram for explaining a schematic configuration of an information collecting unit in an abnormal behavior detecting apparatus according to an embodiment of the present invention.
3, the
The PC
Each
The
In particular, the parameter values collected in the present invention may include behavior parameter values related to at least one of a device fingerprinting attribute, an input device utilization behavior, and a web navigation.
The fingerprinting technology extracts a fingerprint (physical hardware layer information such as a modem, MAC software layer information such as a beacon header, etc.) that uniquely identifies a device from radio signal characteristics generated in a communication process, and determines whether the transmitting device is a fake clone device . This is largely divided into fingerprint generation and classification steps.
The parameter values related to the device fingerprinting attributes collected in the embodiment of the present invention include unique information (transaction number, transaction number, service registration number, etc.) about the service to be provided by the user, environment information (Software information such as hardware information such as M / B ID, CPU ID, HDD S / N, USB S / N, OS version, patch / plugin version of used browser or peripheral device, browser version / (E.g., a keyboard, a mouse, a USB storage device, a touch pad, a removable storage medium) of the
The parameter values related to the input device use behavior are collected by an input device in the
The parameter types related to the input device use behavior include input pattern information for the input device as described above, information on the variation of the input device itself, information on the main usage behavior, information on the authentication method (pattern touch, fingerprint recognition, Authentication using a mobile device during browsing through a PC, and the like).
The parameter values related to the web navigation action include pattern information (issuance and registration of a public certificate, login action, personal information change act, etc.) related to the transaction advance act, information related to the authentication act (addition or change of the authentication means, (Transaction amount, frequency, date, etc.), prior information related to abnormal behavior (such as exceeding login limit, frequency of error, attempting to change personal information, etc.) Transaction location and time). The parameter values associated with the web navigation behavior can be collected and extracted through web traffic information collection.
The classified parameter values may be stored in a storage unit provided in the information collection unit or in a
The abnormal behavior
4, the abnormal behavior analysis and
The
The real-time processing distributed
The
The first abnormal
In addition, the first abnormal
In addition, the first abnormal
The second abnormal
SVDD is one of the useful techniques for solving One-Class Classification Problems which can perform learning using only data belonging to one class of learning to be classified. SVDD detects singularities and finds boundaries that contain most of the given object data. The interface is composed of phrases containing as many objective data as possible, and assuming singularities as hypothetical. The set of learning data is distributed inside or outside the interface with center a and radius r and expresses the area of the learning class using sphere corresponding to the number of learning data. If the learning data is distributed outside the interface, a penalty is imposed. The singularities and sphere sizes can be represented by functions using various variables and constants, Lagrangean multipliers, and a kernel for expressing a high dimensional feature space.
The second abnormal
The abnormal
5 is a block diagram for explaining a schematic configuration of a
The
5, the
The large-capacity
The abnormal
The feature
The abnormal behavior
The
The
The
Further, rules may be added or deleted through the
The rules may be added or deleted according to the judgment of the administrator, but the
6 is a flowchart illustrating a process of forming an abnormal behavior analysis model according to an embodiment of the present invention.
The second abnormal
7 is a flowchart illustrating a process of an abnormal behavior detection method according to an embodiment of the present invention.
Referring to FIG. 7, first, the
If it is determined that the abnormal behavior is not determined, the second abnormal
If it is determined as a normal action (S710b), the abnormal behavior analysis rule can be added or deleted, and machine learning for changing the abnormal behavior analysis model can be performed if necessary. If it is detected as an abnormal behavior, it can notify the administrator (S710a).
Here, the abnormal behavior analysis rule predetermined as the abnormal behavior may be generated using the behavior parameters collected by the user. In addition, the analysis rule can be added or deleted using the result of the risk calculation.
8 is a flowchart illustrating a process of an abnormal behavior detection method according to another embodiment of the present invention.
Referring to FIG. 8, the
The collected parameter values are subjected to a profile-based check (S802) and a machine learning based check (S806), and it is determined whether an abnormal operation is performed (S804, S808).
Thereafter, the detection result of the machine learning-based abnormal behavior detection step (first detection step) and the detection result of the profile-based abnormal behavior detection step (second detection step) are combined to finally determine whether the abnormal behavior is abnormal (S810) And notifies the manager of the determination result (S818).
If the determination of the abnormal behavior is not certain, or if the determination result is normal, the degree of risk may be calculated by analyzing the degree of correlation (S812). Correlation analysis can use Pearson correlation coefficient. The Pearson correlation coefficient is expressed as the degree of variation of r = x and y / x and y, respectively, when each variable is called x, y,
. r is a positive linear relationship if r is positive, 0 is a negative linear relationship if r is negative, 0 otherwise.
Through this correlation, it is possible to calculate the risk by analyzing the correlation between the actions occurring consecutively before the abnormal behavior and the abnormal behavior (S812), add it to the abnormal behavior analysis rule, and detect the abnormal behavior based on this ).
The detection result and the risk calculation result may be stored in the abnormal behavior analysis rule database 540 (S816), and the result is notified to the administrator and may be reflected in the abnormal behavior analysis rule (S818).
Although the present specification and drawings illustrate exemplary device configurations, implementations of the functional operations and the subject matter described herein may be embodied in other types of digital electronic circuitry or include structures and their structural equivalents disclosed herein Firmware, or hardware, or a combination of one or more of the foregoing. Implementations of the subject matter described herein may be embodied in one or more computer program products, that is, a computer program product encoded on a type of program storage medium for execution by, And can be implemented as a module as described above. The computer-readable medium can be a machine-readable storage device, a machine-readable storage substrate, a memory device, a composition of matter that affects the machine readable propagation type signal, or a combination of one or more of the foregoing.
While the specification contains a number of specific implementation details, it should be understood that they are not to be construed as limitations on the scope of any invention or claim, but rather on the description of features that may be specific to a particular embodiment of a particular invention Should be understood. Certain features described herein in the context of separate embodiments may be implemented in combination in a single embodiment. Conversely, various features described in the context of a single embodiment may also be implemented in multiple embodiments, either individually or in any suitable subcombination. Further, although the features may operate in a particular combination and may be initially described as so claimed, one or more features from the claimed combination may in some cases be excluded from the combination, Or a variant of a subcombination.
Likewise, although the operations are depicted in the drawings in a particular order, it should be understood that such operations must be performed in that particular order or sequential order shown to achieve the desired result, or that all illustrated operations should be performed. In certain cases, multitasking and parallel processing may be advantageous. Also, the separation of the various system components of the above-described embodiments should not be understood as requiring such separation in all embodiments, and the described program components and systems will generally be integrated together into a single software product or packaged into multiple software products It should be understood.
The present invention relates to an abnormal behavior detection method, and can provide a real-time abnormal behavior detection technique by analyzing an environment of a user terminal and a behavior pattern of a user.
In particular, according to the present invention, an anomaly detection analysis is performed on parameter values through extraction collection of anonymity assurance parameter values. Specifically, a plurality of abnormal behavior analysis and detection rules can be applied and machine learning can be performed to ensure a high detection rate of abnormal behavior.
100: User terminal device
110: Web service server
120: abnormal behavior detection device
210: Information collecting section
220: abnormal behavior analysis detection unit
230:
240:
250:
Claims (14)
Collecting an action parameter value of the user in real time;
A first detection step of detecting an abnormal behavior by comparing the collected behavior parameter values of the user with the abnormal behavior analysis rules of the user;
A second detection step of inputting an action parameter value of a user not determined as an abnormal behavior in the first detection step into an abnormal behavior analysis model and detecting an abnormal behavior through calculation of the abnormal behavior analysis model;
And a step of determining whether an abnormal operation is performed by combining the detection result of the first detection step and the detection result of the second detection step,
The behavior parameter value of the user is information capable of extracting or patterning attributes of a user terminal device used by a user, a use behavior of a user terminal device, and an access behavior of a Web service server,
An action parameter value associated with a device fingerprinting attribute including at least one of unique information about a service to be provided by the user, environment information about the user terminal device, peripheral hardware information of the user terminal device, and software information of the user terminal device,
An action parameter value related to an input device using action including at least one of input pattern information on an input device used by a user, information on a change in the input device itself, information on a use behavior for the input device, And
A parameter value related to a web navigation action including at least one of pattern information related to a transaction with a web service server used by a user, information related to an authentication action, transaction behavior pattern information, transaction pattern information, and dictionary information related to an abnormal behavior And detecting the abnormal behavior.
Calculating a risk by analyzing a correlation between an action occurring consecutively and an abnormal action before the abnormal action if the result of the determining step is a normal action;
Re-determining whether the abnormal behavior is based on the risk;
Further comprising the steps of:
Wherein the first detection step comprises:
Generates profile information for the user based on the action parameter values collected in real time,
Extracts characteristics of the profile information,
And comparing the extracted profile characteristic with the abnormal behavior analysis rule to detect an abnormal behavior.
Wherein the first detection step comprises:
And detecting an abnormal behavior by comparing the behavior parameter values with predetermined black list and white list.
The step of generating the abnormal behavior analysis rule for each user includes:
Wherein an abnormal behavior analysis rule of the user is added or deleted based on an action parameter value determined as a normal action or an abnormal behavior through comparison with the abnormal behavior analysis rule.
Further comprising extracting an action parameter value determined as a normal action among the action parameter values of the user as learning data and performing machine learning on the abnormal behavior analysis model based on the learning data, Detection method.
The abnormal behavior analysis model includes:
And an SVDD (Support Vector Data Description) technique.
The step of generating the per-user abnormal behavior analysis rule
And adding or deleting the abnormal behavior analysis rule based on the result of the risk calculation.
The collected behavior parameter values of the user are compared with the previously generated abnormal behavior analysis rules to first detect whether the abnormal behavior is abnormal and to calculate the abnormal behavior or not by the abnormal behavior analysis model, And an abnormal behavior analysis detecting unit for determining whether a final abnormal behavior has occurred by combining the secondary detection determination results,
The behavior parameter value of the user is information capable of extracting or patterning attributes of a user terminal device used by a user, a use behavior of a user terminal device, and an access behavior of a Web service server,
An action parameter value associated with a device fingerprinting attribute including at least one of unique information about a service to be provided by the user, environment information about the user terminal device, peripheral hardware information of the user terminal device, and software information of the user terminal device,
An action parameter value related to an input device using action including at least one of input pattern information on an input device used by a user, information on a change in the input device itself, information on a use behavior for the input device, And
A parameter value related to a web navigation action including at least one of pattern information related to a transaction with a web service server used by a user, information related to an authentication action, transaction behavior pattern information, transaction pattern information, and dictionary information related to an abnormal behavior Wherein the abnormal behavior detection device comprises:
A PC information collecting unit for collecting a user's action parameter value from the user's PC, a mobile information collecting unit for collecting the action parameter value of the user from the user's mobile terminal device, and a user's action parameter value collecting unit from the web server used by the user And a web server information collecting unit.
A rule management unit for adding and deleting the abnormal behavior analysis rule for each user based on an action parameter value determined as a normal action among the action parameter values collected based on the detection result of the abnormal behavior analysis detection unit;
Wherein the abnormal behavior detection device further comprises:
A monitoring unit for outputting a detection result of the abnormal behavior analysis detection unit and notifying an administrator of abnormal behavior detection;
Wherein the abnormal behavior detection device further comprises:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150158592A KR101767454B1 (en) | 2015-11-12 | 2015-11-12 | Method and apparatus of fraud detection for analyzing behavior pattern |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150158592A KR101767454B1 (en) | 2015-11-12 | 2015-11-12 | Method and apparatus of fraud detection for analyzing behavior pattern |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170056045A KR20170056045A (en) | 2017-05-23 |
KR101767454B1 true KR101767454B1 (en) | 2017-08-14 |
Family
ID=59050378
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150158592A KR101767454B1 (en) | 2015-11-12 | 2015-11-12 | Method and apparatus of fraud detection for analyzing behavior pattern |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101767454B1 (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101880705B1 (en) | 2017-11-08 | 2018-07-20 | 주식회사 모비젠 | System for collecting device information using internet and method thereof |
KR20190083764A (en) * | 2018-01-05 | 2019-07-15 | 다운정보통신(주) | Method for Generating Whitelist and Detecting Abnormal Behavior Based on Matrix |
KR20200004207A (en) * | 2018-07-03 | 2020-01-13 | 네이버 주식회사 | Apparatus for analysing user behavier and method for the same |
KR102143593B1 (en) | 2019-10-18 | 2020-08-11 | 주식회사 모비젠 | Method for detecting anomaly of Internet of Things device based on autoencoder and system thereof |
US11003765B2 (en) | 2018-06-11 | 2021-05-11 | Tmax A&C Co., Ltd | Container-based integrated management system |
KR102307632B1 (en) * | 2021-05-31 | 2021-10-05 | 주식회사 아미크 | Unusual Insider Behavior Detection Framework on Enterprise Resource Planning Systems using Adversarial Recurrent Auto-encoder |
US11245543B2 (en) * | 2018-06-15 | 2022-02-08 | Microsoft Technology Licensing, Llc | Identifying abnormal usage of electronic device |
KR102370661B1 (en) | 2021-07-02 | 2022-03-07 | 주식회사 모비젠 | Method of detecting abnormal traffic of IoT devices deployed in each household and system thereof |
KR20220095539A (en) | 2020-12-30 | 2022-07-07 | 숭실대학교산학협력단 | Method for providing weighting using device fingerprint, recording medium and device for performing the method |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102408348B1 (en) | 2017-12-21 | 2022-06-14 | 삼성전자주식회사 | Terminal apparatus and controlling method of the terminal apparatus |
CN108306864B (en) * | 2018-01-12 | 2021-02-26 | 深圳壹账通智能科技有限公司 | Network data detection method and device, computer equipment and storage medium |
EP3776396B1 (en) * | 2018-04-09 | 2023-08-02 | Carrier Corporation | Detecting abnormal behavior in smart buildings |
KR102157031B1 (en) | 2018-12-27 | 2020-09-18 | 동서대학교 산학협력단 | Device and method for detecting abnormal behavior using server motor electric power consumption |
TR201908288A2 (en) * | 2019-05-30 | 2019-06-21 | Turkcell Teknoloji Arastirma Ve Gelistirme Anonim Sirketi | A SYSTEM THAT ENABLES A CORRECTION GRADE FOR SITUATIONS INCLUDING ANOMALIA |
KR102311997B1 (en) * | 2019-08-27 | 2021-10-14 | (주)하몬소프트 | Apparatus and method for endpoint detection and response terminal based on artificial intelligence behavior analysis |
US10992696B2 (en) | 2019-09-04 | 2021-04-27 | Morgan Stanley Services Group Inc. | Enterprise-level security method and system |
KR102125848B1 (en) * | 2020-03-31 | 2020-06-23 | 주식회사 이글루시큐리티 | Method for controling physical security using mac address and system thereof |
KR102184855B1 (en) * | 2020-04-17 | 2020-12-01 | 주식회사 에스랩 | Illegal login detectoin system and method thereof |
CN111639681A (en) * | 2020-05-09 | 2020-09-08 | 同济大学 | Early warning method, system, medium and device based on education drive type fraud |
CN117201090A (en) * | 2023-08-28 | 2023-12-08 | 山东亚泽信息技术有限公司 | Abnormal behavior detection processing method and system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004220373A (en) * | 2003-01-15 | 2004-08-05 | Mitsubishi Electric Corp | Unauthorized access detection log information analysis support system, unauthorized access detection log information analysis support method, and computer program thereof |
US20150106926A1 (en) * | 2011-10-18 | 2015-04-16 | Mcafee, Inc. | User behavioral risk assessment |
-
2015
- 2015-11-12 KR KR1020150158592A patent/KR101767454B1/en active IP Right Grant
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004220373A (en) * | 2003-01-15 | 2004-08-05 | Mitsubishi Electric Corp | Unauthorized access detection log information analysis support system, unauthorized access detection log information analysis support method, and computer program thereof |
US20150106926A1 (en) * | 2011-10-18 | 2015-04-16 | Mcafee, Inc. | User behavioral risk assessment |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101880705B1 (en) | 2017-11-08 | 2018-07-20 | 주식회사 모비젠 | System for collecting device information using internet and method thereof |
KR20190083764A (en) * | 2018-01-05 | 2019-07-15 | 다운정보통신(주) | Method for Generating Whitelist and Detecting Abnormal Behavior Based on Matrix |
KR102032222B1 (en) * | 2018-01-05 | 2019-10-15 | 다운정보통신(주) | Method for Generating Whitelist and Detecting Abnormal Behavior Based on Matrix |
US11003765B2 (en) | 2018-06-11 | 2021-05-11 | Tmax A&C Co., Ltd | Container-based integrated management system |
US11245543B2 (en) * | 2018-06-15 | 2022-02-08 | Microsoft Technology Licensing, Llc | Identifying abnormal usage of electronic device |
KR20200004207A (en) * | 2018-07-03 | 2020-01-13 | 네이버 주식회사 | Apparatus for analysing user behavier and method for the same |
KR102291557B1 (en) * | 2018-07-03 | 2021-08-19 | 네이버 주식회사 | Apparatus for analysing user behavier and method for the same |
US11729283B2 (en) | 2018-07-03 | 2023-08-15 | Naver Corporation | Apparatus for analysing online user behavior and method for the same |
KR102143593B1 (en) | 2019-10-18 | 2020-08-11 | 주식회사 모비젠 | Method for detecting anomaly of Internet of Things device based on autoencoder and system thereof |
KR20220095539A (en) | 2020-12-30 | 2022-07-07 | 숭실대학교산학협력단 | Method for providing weighting using device fingerprint, recording medium and device for performing the method |
KR102307632B1 (en) * | 2021-05-31 | 2021-10-05 | 주식회사 아미크 | Unusual Insider Behavior Detection Framework on Enterprise Resource Planning Systems using Adversarial Recurrent Auto-encoder |
KR102370661B1 (en) | 2021-07-02 | 2022-03-07 | 주식회사 모비젠 | Method of detecting abnormal traffic of IoT devices deployed in each household and system thereof |
Also Published As
Publication number | Publication date |
---|---|
KR20170056045A (en) | 2017-05-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101767454B1 (en) | Method and apparatus of fraud detection for analyzing behavior pattern | |
KR101743269B1 (en) | Method and apparatus of fraud detection by analysis of PC information and modeling of behavior pattern | |
CN111401416B (en) | Abnormal website identification method and device and abnormal countermeasure identification method | |
CN109753800B (en) | Android malicious application detection method and system fusing frequent item set and random forest algorithm | |
CN104205111A (en) | Computing device to detect malware | |
CN104966053A (en) | Face recognition method and recognition system | |
CN103500307A (en) | Mobile internet malignant application software detection method based on behavior model | |
WO2017071148A1 (en) | Cloud computing platform-based intelligent defense system | |
CN109922065B (en) | Quick identification method for malicious website | |
CN105678125A (en) | User authentication method and device | |
CN103617393A (en) | Method for mobile internet malicious application software detection based on support vector machines | |
CN110784462B (en) | Three-layer phishing website detection system based on hybrid method | |
CN104573456A (en) | Terminal interface control method | |
CN107256357A (en) | The detection of Android malicious application based on deep learning and analysis method | |
Shezan et al. | Read between the lines: An empirical measurement of sensitive applications of voice personal assistant systems | |
CN104598792A (en) | Terminal | |
Patil et al. | Network traffic anomaly detection using PCA and BiGAN | |
CN103297267A (en) | Method and system for network behavior risk assessment | |
CN113221032A (en) | Link risk detection method, device and storage medium | |
CN113037709B (en) | Webpage fingerprint monitoring method for multi-label browsing of anonymous network | |
US9332031B1 (en) | Categorizing accounts based on associated images | |
KR101602480B1 (en) | Illegal internet site filtering system and control method thereof, recording medium for performing the method | |
CN116049808A (en) | Equipment fingerprint acquisition system and method based on big data | |
Izergin et al. | Risk assessment model of compromising personal data on mobile devices | |
CN106897619B (en) | Mobile terminal from malicious software cognitive method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |