KR102125116B1 - 위험성 있는 활동을 인식하기 위한 방법 및 장치 - Google Patents

위험성 있는 활동을 인식하기 위한 방법 및 장치 Download PDF

Info

Publication number
KR102125116B1
KR102125116B1 KR1020177026844A KR20177026844A KR102125116B1 KR 102125116 B1 KR102125116 B1 KR 102125116B1 KR 1020177026844 A KR1020177026844 A KR 1020177026844A KR 20177026844 A KR20177026844 A KR 20177026844A KR 102125116 B1 KR102125116 B1 KR 102125116B1
Authority
KR
South Korea
Prior art keywords
determining
risk factor
user
event chain
term
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
KR1020177026844A
Other languages
English (en)
Korean (ko)
Other versions
KR20170125864A (ko
Inventor
런신 마오
차오 순
신카이 리
디준 허
Original Assignee
알리바바 그룹 홀딩 리미티드
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 알리바바 그룹 홀딩 리미티드 filed Critical 알리바바 그룹 홀딩 리미티드
Publication of KR20170125864A publication Critical patent/KR20170125864A/ko
Application granted granted Critical
Publication of KR102125116B1 publication Critical patent/KR102125116B1/ko
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Information Transfer Between Computers (AREA)
KR1020177026844A 2015-03-02 2016-02-24 위험성 있는 활동을 인식하기 위한 방법 및 장치 Active KR102125116B1 (ko)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201510093725.4 2015-03-02
CN201510093725.4A CN105989155B (zh) 2015-03-02 2015-03-02 识别风险行为的方法及装置
PCT/CN2016/074424 WO2016138830A1 (zh) 2015-03-02 2016-02-24 识别风险行为的方法及装置

Publications (2)

Publication Number Publication Date
KR20170125864A KR20170125864A (ko) 2017-11-15
KR102125116B1 true KR102125116B1 (ko) 2020-06-22

Family

ID=56848744

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020177026844A Active KR102125116B1 (ko) 2015-03-02 2016-02-24 위험성 있는 활동을 인식하기 위한 방법 및 장치

Country Status (9)

Country Link
US (1) US10601850B2 (enExample)
EP (1) EP3267348B1 (enExample)
JP (1) JP6734293B2 (enExample)
KR (1) KR102125116B1 (enExample)
CN (1) CN105989155B (enExample)
ES (1) ES2801273T3 (enExample)
PL (1) PL3267348T3 (enExample)
SG (1) SG11201707032UA (enExample)
WO (1) WO2016138830A1 (enExample)

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106529288A (zh) * 2016-11-16 2017-03-22 智者四海(北京)技术有限公司 一种帐号风险识别方法及装置
CN108229963B (zh) * 2016-12-12 2021-07-30 创新先进技术有限公司 用户操作行为的风险识别方法及装置
CN108427624B (zh) * 2017-02-13 2021-03-02 创新先进技术有限公司 一种系统稳定性风险的识别方法以及设备
CN108449307B (zh) * 2017-02-16 2020-12-29 上海行邑信息科技有限公司 一种用于识别风险设备的方法
US10999297B2 (en) 2017-05-15 2021-05-04 Forcepoint, LLC Using expected behavior of an entity when prepopulating an adaptive trust profile
US10129269B1 (en) 2017-05-15 2018-11-13 Forcepoint, LLC Managing blockchain access to user profile information
US10623431B2 (en) * 2017-05-15 2020-04-14 Forcepoint Llc Discerning psychological state from correlated user behavior and contextual information
US9882918B1 (en) 2017-05-15 2018-01-30 Forcepoint, LLC User behavior profile in a blockchain
US10447718B2 (en) 2017-05-15 2019-10-15 Forcepoint Llc User profile definition and management
US10917423B2 (en) 2017-05-15 2021-02-09 Forcepoint, LLC Intelligently differentiating between different types of states and attributes when using an adaptive trust profile
US10862927B2 (en) * 2017-05-15 2020-12-08 Forcepoint, LLC Dividing events into sessions during adaptive trust profile operations
US10999296B2 (en) 2017-05-15 2021-05-04 Forcepoint, LLC Generating adaptive trust profiles using information derived from similarly situated organizations
US10915643B2 (en) 2017-05-15 2021-02-09 Forcepoint, LLC Adaptive trust profile endpoint architecture
CN107517203B (zh) * 2017-08-08 2020-07-14 奇安信科技集团股份有限公司 一种用户行为基线建立方法及装置
CN107566163B (zh) * 2017-08-10 2020-11-06 奇安信科技集团股份有限公司 一种用户行为分析关联的告警方法及装置
CN108304308A (zh) * 2018-02-07 2018-07-20 平安普惠企业管理有限公司 用户行为监控方法、装置、计算机设备和存储介质
US10853496B2 (en) 2019-04-26 2020-12-01 Forcepoint, LLC Adaptive trust profile behavioral fingerprint
US11621974B2 (en) * 2019-05-14 2023-04-04 Tenable, Inc. Managing supersedence of solutions for security issues among assets of an enterprise network
CN110457896A (zh) * 2019-07-02 2019-11-15 北京人人云图信息技术有限公司 在线访问的检测方法及检测装置
US12216791B2 (en) 2020-02-24 2025-02-04 Forcepoint Llc Re-identifying pseudonymized or de-identified data utilizing distributed ledger technology
CN111582722B (zh) * 2020-05-09 2022-06-07 拉扎斯网络科技(上海)有限公司 风险识别方法、装置、电子设备及可读存储介质
CN114764418B (zh) * 2020-12-31 2025-02-28 北京达佳互联信息技术有限公司 风险检测方法、装置、电子设备及存储介质
CN112866230B (zh) * 2021-01-13 2023-05-16 深信服科技股份有限公司 一种风险检测方法、装置及存储介质
CN112927068B (zh) * 2021-03-30 2024-08-20 善诊(上海)信息技术有限公司 业务数据风险分类门限确定方法、装置、设备及存储介质
CN113051560B (zh) * 2021-04-13 2024-05-24 北京安天网络安全技术有限公司 终端行为的安全识别方法和装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130117397A1 (en) 2005-02-28 2013-05-09 Mcafee Inc. Stopping and remediating outbound messaging abuse
CN103297267A (zh) 2013-05-10 2013-09-11 河北远东通信系统工程有限公司 一种网络行为的风险评估方法和系统
WO2014088559A1 (en) 2012-12-04 2014-06-12 Hewlett-Packard Development Company, L.P. Determining suspected root causes of anomalous network behavior
CN104011731A (zh) 2011-10-18 2014-08-27 迈克菲公司 用户行为风险评估

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7574382B1 (en) * 2004-08-03 2009-08-11 Amazon Technologies, Inc. Automated detection of anomalous user activity associated with specific items in an electronic catalog
CA2531410A1 (en) * 2005-12-23 2007-06-23 Snipe Network Security Corporation Behavioural-based network anomaly detection based on user and group profiling
US7574832B1 (en) 2007-01-24 2009-08-18 Lieberman Phillip L Portable telescoping tower assembly
JP2010108469A (ja) * 2008-10-01 2010-05-13 Sky Co Ltd 操作監視システム及び操作監視プログラム
US8356001B2 (en) * 2009-05-19 2013-01-15 Xybersecure, Inc. Systems and methods for application-level security
US8566956B2 (en) 2010-06-23 2013-10-22 Salesforce.Com, Inc. Monitoring and reporting of data access behavior of authorized database users
US8850517B2 (en) 2013-01-15 2014-09-30 Taasera, Inc. Runtime risk detection based on user, application, and system action sequence correlation
US20140359777A1 (en) * 2013-05-31 2014-12-04 Fixmo, Inc. Context-aware risk measurement mobile device management system
US20150039513A1 (en) * 2014-02-14 2015-02-05 Brighterion, Inc. User device profiling in transaction authentications
CN104376266B (zh) * 2014-11-21 2017-09-15 工业和信息化部电信研究院 应用软件安全级别的确定方法及装置
US10075474B2 (en) * 2015-02-06 2018-09-11 Honeywell International Inc. Notification subsystem for generating consolidated, filtered, and relevant security risk-based notifications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130117397A1 (en) 2005-02-28 2013-05-09 Mcafee Inc. Stopping and remediating outbound messaging abuse
CN104011731A (zh) 2011-10-18 2014-08-27 迈克菲公司 用户行为风险评估
WO2014088559A1 (en) 2012-12-04 2014-06-12 Hewlett-Packard Development Company, L.P. Determining suspected root causes of anomalous network behavior
CN103297267A (zh) 2013-05-10 2013-09-11 河北远东通信系统工程有限公司 一种网络行为的风险评估方法和系统

Also Published As

Publication number Publication date
EP3267348A4 (en) 2018-10-31
US10601850B2 (en) 2020-03-24
EP3267348B1 (en) 2020-04-08
JP2018510422A (ja) 2018-04-12
EP3267348A1 (en) 2018-01-10
SG11201707032UA (en) 2017-09-28
KR20170125864A (ko) 2017-11-15
US20180013780A1 (en) 2018-01-11
CN105989155B (zh) 2019-10-25
ES2801273T3 (es) 2021-01-08
JP6734293B2 (ja) 2020-08-05
PL3267348T3 (pl) 2020-11-16
WO2016138830A1 (zh) 2016-09-09
CN105989155A (zh) 2016-10-05

Similar Documents

Publication Publication Date Title
KR102125116B1 (ko) 위험성 있는 활동을 인식하기 위한 방법 및 장치
US20150135262A1 (en) Detection and prevention for malicious threats
AU2020203735B2 (en) Automated generation and dynamic update of rules
CA2996966A1 (en) Process launch, monitoring and execution control
CN107977575A (zh) 一种基于私有云平台的代码组成分析系统和方法
EP3465509A1 (en) Classification of log data
WO2017221711A1 (ja) ログ分析装置、ログ分析方法およびログ分析プログラム
Freitas et al. AI-driven guided response for security operation centers with Microsoft Copilot for Security
Khomh et al. Adapting Linux for mobile platforms: An empirical study of Android
Mohasseb et al. Predicting cybersecurity incidents using machine learning algorithms: a case study of Korean SMEs
Samuel et al. Intelligent malware detection system based on behavior analysis in cloud computing environment
CN118133290A (zh) 信息技术系统的安全评估方法、装置和电子设备
CN107579944B (zh) 基于人工智能和MapReduce安全攻击预测方法
Munteanu et al. Cloud incident management, challenges, research directions, and architectural approach
Khansa et al. Quantifying the benefits of investing in information security
Rattan et al. Systematic mapping study of metrics based clone detection techniques
CN118138270A (zh) 一种针对服务器日志进程安全检测的方法和系统
Mishra et al. Multi release cost model—a new perspective
WO2024074875A1 (en) Smart contract behavior classification
US20200351284A1 (en) Generating summaries of messages associated with assets in an enterprise system
Shen et al. A Method based on Modified PageRank-Algorithm for Measuring and Rating Android Malwares
CN117131445B (zh) 一种异常交易检测方法及系统
Ferla Enhancing Cloud Based Web Application Firewall with Machine Learning models for Bot Detection and HTTP Traffic Classification
Salman Modeling Study of Priority Intrusion Response Selected on Intrusion Detection System Alert
Kim Research on Life Cycle Model of Data for Handling Big Data-Based Security Incident

Legal Events

Date Code Title Description
PA0105 International application

Patent event date: 20170922

Patent event code: PA01051R01D

Comment text: International Patent Application

PG1501 Laying open of application
A201 Request for examination
A302 Request for accelerated examination
PA0201 Request for examination

Patent event code: PA02012R01D

Patent event date: 20190923

Comment text: Request for Examination of Application

PA0302 Request for accelerated examination

Patent event date: 20190923

Patent event code: PA03022R01D

Comment text: Request for Accelerated Examination

E902 Notification of reason for refusal
PE0902 Notice of grounds for rejection

Comment text: Notification of reason for refusal

Patent event date: 20200106

Patent event code: PE09021S01D

E701 Decision to grant or registration of patent right
PE0701 Decision of registration

Patent event code: PE07011S01D

Comment text: Decision to Grant Registration

Patent event date: 20200330

GRNT Written decision to grant
PR0701 Registration of establishment

Comment text: Registration of Establishment

Patent event date: 20200615

Patent event code: PR07011E01D

PR1002 Payment of registration fee

Payment date: 20200615

End annual number: 3

Start annual number: 1

PG1601 Publication of registration
PR1001 Payment of annual fee

Payment date: 20240520

Start annual number: 5

End annual number: 5