KR102125116B1 - 위험성 있는 활동을 인식하기 위한 방법 및 장치 - Google Patents

위험성 있는 활동을 인식하기 위한 방법 및 장치 Download PDF

Info

Publication number
KR102125116B1
KR102125116B1 KR1020177026844A KR20177026844A KR102125116B1 KR 102125116 B1 KR102125116 B1 KR 102125116B1 KR 1020177026844 A KR1020177026844 A KR 1020177026844A KR 20177026844 A KR20177026844 A KR 20177026844A KR 102125116 B1 KR102125116 B1 KR 102125116B1
Authority
KR
South Korea
Prior art keywords
determining
risk factor
user
event chain
term
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
KR1020177026844A
Other languages
English (en)
Korean (ko)
Other versions
KR20170125864A (ko
Inventor
런신 마오
차오 순
신카이 리
디준 허
Original Assignee
알리바바 그룹 홀딩 리미티드
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 알리바바 그룹 홀딩 리미티드 filed Critical 알리바바 그룹 홀딩 리미티드
Publication of KR20170125864A publication Critical patent/KR20170125864A/ko
Application granted granted Critical
Publication of KR102125116B1 publication Critical patent/KR102125116B1/ko
Assigned to 어드밴스드 뉴 테크놀로지스 씨오., 엘티디. reassignment 어드밴스드 뉴 테크놀로지스 씨오., 엘티디. 권리의 전부이전등록 Assignors: 어드밴티지어스 뉴 테크놀로지스 씨오., 엘티디.
Assigned to 어드밴티지어스 뉴 테크놀로지스 씨오., 엘티디. reassignment 어드밴티지어스 뉴 테크놀로지스 씨오., 엘티디. 권리의 전부이전등록 Assignors: 알리바바 그룹 홀딩 리미티드
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Information Transfer Between Computers (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
KR1020177026844A 2015-03-02 2016-02-24 위험성 있는 활동을 인식하기 위한 방법 및 장치 Active KR102125116B1 (ko)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201510093725.4A CN105989155B (zh) 2015-03-02 2015-03-02 识别风险行为的方法及装置
CN201510093725.4 2015-03-02
PCT/CN2016/074424 WO2016138830A1 (zh) 2015-03-02 2016-02-24 识别风险行为的方法及装置

Publications (2)

Publication Number Publication Date
KR20170125864A KR20170125864A (ko) 2017-11-15
KR102125116B1 true KR102125116B1 (ko) 2020-06-22

Family

ID=56848744

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020177026844A Active KR102125116B1 (ko) 2015-03-02 2016-02-24 위험성 있는 활동을 인식하기 위한 방법 및 장치

Country Status (9)

Country Link
US (1) US10601850B2 (https=)
EP (1) EP3267348B1 (https=)
JP (1) JP6734293B2 (https=)
KR (1) KR102125116B1 (https=)
CN (1) CN105989155B (https=)
ES (1) ES2801273T3 (https=)
PL (1) PL3267348T3 (https=)
SG (1) SG11201707032UA (https=)
WO (1) WO2016138830A1 (https=)

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106529288A (zh) * 2016-11-16 2017-03-22 智者四海(北京)技术有限公司 一种帐号风险识别方法及装置
CN108229963B (zh) * 2016-12-12 2021-07-30 创新先进技术有限公司 用户操作行为的风险识别方法及装置
CN108427624B (zh) * 2017-02-13 2021-03-02 创新先进技术有限公司 一种系统稳定性风险的识别方法以及设备
CN108449307B (zh) * 2017-02-16 2020-12-29 上海行邑信息科技有限公司 一种用于识别风险设备的方法
US10917423B2 (en) 2017-05-15 2021-02-09 Forcepoint, LLC Intelligently differentiating between different types of states and attributes when using an adaptive trust profile
US10623431B2 (en) * 2017-05-15 2020-04-14 Forcepoint Llc Discerning psychological state from correlated user behavior and contextual information
US10999296B2 (en) 2017-05-15 2021-05-04 Forcepoint, LLC Generating adaptive trust profiles using information derived from similarly situated organizations
US9882918B1 (en) 2017-05-15 2018-01-30 Forcepoint, LLC User behavior profile in a blockchain
US10129269B1 (en) 2017-05-15 2018-11-13 Forcepoint, LLC Managing blockchain access to user profile information
US10447718B2 (en) 2017-05-15 2019-10-15 Forcepoint Llc User profile definition and management
US10999297B2 (en) 2017-05-15 2021-05-04 Forcepoint, LLC Using expected behavior of an entity when prepopulating an adaptive trust profile
US10943019B2 (en) 2017-05-15 2021-03-09 Forcepoint, LLC Adaptive trust profile endpoint
US10862927B2 (en) * 2017-05-15 2020-12-08 Forcepoint, LLC Dividing events into sessions during adaptive trust profile operations
CN107517203B (zh) * 2017-08-08 2020-07-14 奇安信科技集团股份有限公司 一种用户行为基线建立方法及装置
CN107566163B (zh) * 2017-08-10 2020-11-06 奇安信科技集团股份有限公司 一种用户行为分析关联的告警方法及装置
CN108304308A (zh) * 2018-02-07 2018-07-20 平安普惠企业管理有限公司 用户行为监控方法、装置、计算机设备和存储介质
US10997295B2 (en) 2019-04-26 2021-05-04 Forcepoint, LLC Adaptive trust profile reference architecture
US11621974B2 (en) * 2019-05-14 2023-04-04 Tenable, Inc. Managing supersedence of solutions for security issues among assets of an enterprise network
CN110457896A (zh) * 2019-07-02 2019-11-15 北京人人云图信息技术有限公司 在线访问的检测方法及检测装置
US12216791B2 (en) 2020-02-24 2025-02-04 Forcepoint Llc Re-identifying pseudonymized or de-identified data utilizing distributed ledger technology
CN111582722B (zh) * 2020-05-09 2022-06-07 拉扎斯网络科技(上海)有限公司 风险识别方法、装置、电子设备及可读存储介质
CN114764418B (zh) * 2020-12-31 2025-02-28 北京达佳互联信息技术有限公司 风险检测方法、装置、电子设备及存储介质
CN112866230B (zh) * 2021-01-13 2023-05-16 深信服科技股份有限公司 一种风险检测方法、装置及存储介质
CN112927068B (zh) * 2021-03-30 2024-08-20 善诊(上海)信息技术有限公司 业务数据风险分类门限确定方法、装置、设备及存储介质
CN113051560B (zh) * 2021-04-13 2024-05-24 北京安天网络安全技术有限公司 终端行为的安全识别方法和装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130117397A1 (en) 2005-02-28 2013-05-09 Mcafee Inc. Stopping and remediating outbound messaging abuse
CN103297267A (zh) 2013-05-10 2013-09-11 河北远东通信系统工程有限公司 一种网络行为的风险评估方法和系统
WO2014088559A1 (en) 2012-12-04 2014-06-12 Hewlett-Packard Development Company, L.P. Determining suspected root causes of anomalous network behavior
CN104011731A (zh) 2011-10-18 2014-08-27 迈克菲公司 用户行为风险评估

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7574382B1 (en) * 2004-08-03 2009-08-11 Amazon Technologies, Inc. Automated detection of anomalous user activity associated with specific items in an electronic catalog
CA2531410A1 (en) * 2005-12-23 2007-06-23 Snipe Network Security Corporation Behavioural-based network anomaly detection based on user and group profiling
US7574832B1 (en) 2007-01-24 2009-08-18 Lieberman Phillip L Portable telescoping tower assembly
JP2010108469A (ja) * 2008-10-01 2010-05-13 Sky Co Ltd 操作監視システム及び操作監視プログラム
US8356001B2 (en) * 2009-05-19 2013-01-15 Xybersecure, Inc. Systems and methods for application-level security
US8566956B2 (en) 2010-06-23 2013-10-22 Salesforce.Com, Inc. Monitoring and reporting of data access behavior of authorized database users
US8850517B2 (en) 2013-01-15 2014-09-30 Taasera, Inc. Runtime risk detection based on user, application, and system action sequence correlation
US20140359777A1 (en) * 2013-05-31 2014-12-04 Fixmo, Inc. Context-aware risk measurement mobile device management system
US20150039513A1 (en) * 2014-02-14 2015-02-05 Brighterion, Inc. User device profiling in transaction authentications
CN104376266B (zh) * 2014-11-21 2017-09-15 工业和信息化部电信研究院 应用软件安全级别的确定方法及装置
US10075474B2 (en) * 2015-02-06 2018-09-11 Honeywell International Inc. Notification subsystem for generating consolidated, filtered, and relevant security risk-based notifications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130117397A1 (en) 2005-02-28 2013-05-09 Mcafee Inc. Stopping and remediating outbound messaging abuse
CN104011731A (zh) 2011-10-18 2014-08-27 迈克菲公司 用户行为风险评估
WO2014088559A1 (en) 2012-12-04 2014-06-12 Hewlett-Packard Development Company, L.P. Determining suspected root causes of anomalous network behavior
CN103297267A (zh) 2013-05-10 2013-09-11 河北远东通信系统工程有限公司 一种网络行为的风险评估方法和系统

Also Published As

Publication number Publication date
EP3267348A1 (en) 2018-01-10
ES2801273T3 (es) 2021-01-08
CN105989155A (zh) 2016-10-05
JP2018510422A (ja) 2018-04-12
PL3267348T3 (pl) 2020-11-16
WO2016138830A1 (zh) 2016-09-09
KR20170125864A (ko) 2017-11-15
CN105989155B (zh) 2019-10-25
EP3267348A4 (en) 2018-10-31
SG11201707032UA (en) 2017-09-28
US20180013780A1 (en) 2018-01-11
JP6734293B2 (ja) 2020-08-05
US10601850B2 (en) 2020-03-24
EP3267348B1 (en) 2020-04-08

Similar Documents

Publication Publication Date Title
KR102125116B1 (ko) 위험성 있는 활동을 인식하기 위한 방법 및 장치
US20210089917A1 (en) Heuristic Inference of Topological Representation of Metric Relationships
US11487882B2 (en) Vulnerability influence evaluation system
CN101923617B (zh) 一种基于云的样本数据库动态维护方法
JP6401424B2 (ja) ログ分析装置、ログ分析方法およびログ分析プログラム
US20170061126A1 (en) Process Launch, Monitoring and Execution Control
CN107977575A (zh) 一种基于私有云平台的代码组成分析系统和方法
CN110401660B (zh) 虚假流量的识别方法、装置、处理设备及存储介质
Zhang et al. Dynamic risk-aware patch scheduling
Khomh et al. Adapting Linux for mobile platforms: An empirical study of Android
US20150120912A1 (en) Automated generation and dynamic update of rules
Mohasseb et al. Predicting CyberSecurity Incidents using Machine Learning Algorithms: A Case Study of Korean SMEs.
CN118133290A (zh) 信息技术系统的安全评估方法、装置和电子设备
Khansa et al. Quantifying the benefits of investing in information security
Rattan et al. Systematic mapping study of metrics based clone detection techniques
CN118138270A (zh) 一种针对服务器日志进程安全检测的方法和系统
WO2024074875A1 (en) Smart contract behavior classification
Sackmann Assessing the effects of IT changes on IT risk-A business process-oriented view.
US20250371163A1 (en) Systems and methods for performing in-memory security analytics
Davie et al. Using hospital discharge data for injury research or surveillance? An observational study illustrating the impact of administrative change
Salman Modeling study of priority intrusion response selected on intrusion detection system alert
US20240346141A1 (en) Cyber threat information processing apparatus, cyber threat information processing method, and storage medium storing cyber threat information processing program
Ferla Enhancing Cloud Based Web Application Firewall with Machine Learning models for Bot Detection and HTTP Traffic Classification
Ghiasvand et al. Anonymization of system logs for privacy and storage benefits
AU2022432100A1 (en) Organization segmentation for anomaly detection

Legal Events

Date Code Title Description
PA0105 International application

St.27 status event code: A-0-1-A10-A15-nap-PA0105

PG1501 Laying open of application

St.27 status event code: A-1-1-Q10-Q12-nap-PG1501

A201 Request for examination
A302 Request for accelerated examination
P11-X000 Amendment of application requested

St.27 status event code: A-2-2-P10-P11-nap-X000

P13-X000 Application amended

St.27 status event code: A-2-2-P10-P13-nap-X000

PA0201 Request for examination

St.27 status event code: A-1-2-D10-D11-exm-PA0201

PA0302 Request for accelerated examination

St.27 status event code: A-1-2-D10-D17-exm-PA0302

St.27 status event code: A-1-2-D10-D16-exm-PA0302

E902 Notification of reason for refusal
PE0902 Notice of grounds for rejection

St.27 status event code: A-1-2-D10-D21-exm-PE0902

P11-X000 Amendment of application requested

St.27 status event code: A-2-2-P10-P11-nap-X000

P13-X000 Application amended

St.27 status event code: A-2-2-P10-P13-nap-X000

E701 Decision to grant or registration of patent right
PE0701 Decision of registration

St.27 status event code: A-1-2-D10-D22-exm-PE0701

GRNT Written decision to grant
PR0701 Registration of establishment

St.27 status event code: A-2-4-F10-F11-exm-PR0701

PR1002 Payment of registration fee

St.27 status event code: A-2-2-U10-U12-oth-PR1002

Fee payment year number: 1

PG1601 Publication of registration

St.27 status event code: A-4-4-Q10-Q13-nap-PG1601

PN2301 Change of applicant

St.27 status event code: A-5-5-R10-R11-asn-PN2301

PN2301 Change of applicant

St.27 status event code: A-5-5-R10-R14-asn-PN2301

PN2301 Change of applicant

St.27 status event code: A-5-5-R10-R14-asn-PN2301

R18-X000 Changes to party contact information recorded

St.27 status event code: A-5-5-R10-R18-oth-X000

PR1001 Payment of annual fee

St.27 status event code: A-4-4-U10-U11-oth-PR1001

Fee payment year number: 4

PR1001 Payment of annual fee

St.27 status event code: A-4-4-U10-U11-oth-PR1001

Fee payment year number: 5

PR1001 Payment of annual fee

St.27 status event code: A-4-4-U10-U11-oth-PR1001

Fee payment year number: 6

U11 Full renewal or maintenance fee paid

Free format text: ST27 STATUS EVENT CODE: A-4-4-U10-U11-OTH-PR1001 (AS PROVIDED BY THE NATIONAL OFFICE)

Year of fee payment: 6