[go: up one dir, main page]

CN110881032B - Identification method and device for unauthorized account operation - Google Patents

Identification method and device for unauthorized account operation Download PDF

Info

Publication number
CN110881032B
CN110881032B CN201911075032.7A CN201911075032A CN110881032B CN 110881032 B CN110881032 B CN 110881032B CN 201911075032 A CN201911075032 A CN 201911075032A CN 110881032 B CN110881032 B CN 110881032B
Authority
CN
China
Prior art keywords
account
risk value
equipment
information
unauthorized
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911075032.7A
Other languages
Chinese (zh)
Other versions
CN110881032A (en
Inventor
何湘威
蒋红亮
方小方
王申华
金张果
吕齐
陈澄
朱世鹏
严冬
郑樟磊
刘吉权
寿博仁
吴辉
曹保良
王挺
杨雪莹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinhua Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Wuyi Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
Jinhua Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Wuyi Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinhua Power Supply Co of State Grid Zhejiang Electric Power Co Ltd, Wuyi Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical Jinhua Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority to CN201911075032.7A priority Critical patent/CN110881032B/en
Publication of CN110881032A publication Critical patent/CN110881032A/en
Application granted granted Critical
Publication of CN110881032B publication Critical patent/CN110881032B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明公开了一种账号越权操作的识别方法,应用于运维权限管理平台,所述运维权限管理平台包括多个业务域子系统,包括以下步骤:当检测到有账号登录系统时,获取该账号的账号信息及该账号登录设备的设备信息;对该账号是否是公用账号进行识别;若该账号不是公用账号,计算该账号操作的风险值;若所得风险值超过阈值,则将该账号注销或修改权限;并公开了相应的装置。本发明可较为简单的,不占用资源的寻找出可能出现的共有性账号,确保降低越权账号的出现率;求和的计算方式可以排除大量偶然性的数据登陆状况。

Figure 201911075032

The invention discloses a method for identifying an account unauthorized operation, which is applied to an operation and maintenance authority management platform. The operation and maintenance authority management platform includes a plurality of business domain subsystems, and includes the following steps: when an account is detected to log in to the system, obtaining The account information of the account and the device information of the login device of the account; identify whether the account is a public account; if the account is not a public account, calculate the risk value of the account operation; if the obtained risk value exceeds the threshold, then the account Log out or modify permissions; and disclose the corresponding device. The present invention can be relatively simple, find possible common accounts without occupying resources, and ensure that the occurrence rate of unauthorized accounts is reduced; the summation calculation method can eliminate a large number of accidental data log-in situations.

Figure 201911075032

Description

账号越权操作的识别方法及装置Identification method and device for account unauthorized operation

技术领域technical field

本发明涉及互联网技术领域,尤其是指一种账号越权操作的识别方法及装置。The invention relates to the field of Internet technology, and in particular, to a method and device for identifying an account unauthorized operation.

背景技术Background technique

信通专业部门运维中,由于长期缺员可能导致班组重运维轻管理,设备台账更新滞后、遗漏时常发生,缺乏相应管控手段。In the operation and maintenance of the ICT professional department, due to the long-term absence of personnel, the team may focus on operation and maintenance and less on management, and the equipment ledger update lags and omissions often occur, and there is a lack of corresponding management and control methods.

在信通专业部门的日常运维中,账号越权使用的主要安全管理风险点:基层单位信通运维工作落地到班组级别,岗位调整后,无法第一时间获得调整信息,导致权限调整滞后;对高权限账号的交叉使用缺乏有效的管控措施,高权限账号的混用、代审批普遍存在;账号的异地登录因计算机系统的不同安全性和使用状况而产生的风险。In the daily operation and maintenance of the ICT professional department, the main security management risk points of unauthorized use of accounts: the ICT operation and maintenance work of the grass-roots unit has landed at the team level. After the position is adjusted, the adjustment information cannot be obtained immediately, resulting in a lag in the adjustment of permissions; There is a lack of effective management and control measures for the cross-use of high-privilege accounts, and the mixed use of high-privilege accounts and proxy approval are common; the remote login of accounts is a risk caused by different security and usage conditions of computer systems.

根据国网(信息/3)782-2015文件,为确保应用系统账户安全,信息运维部门应做好以下管控:According to the State Grid (Information/3) 782-2015 document, in order to ensure the security of application system accounts, the information operation and maintenance department should do the following control:

1).根据人员岗位调整及时变更应用系统账户权限,确保权责相符。1). Change the account permissions of the application system in a timely manner according to the adjustment of personnel positions to ensure that the rights and responsibilities are consistent.

2).严控高权限账号(业务审批、核心数据查看)的异常使用。2). Strictly control the abnormal use of high-privilege accounts (business approval, core data viewing).

3).账号的异地登录(考虑计算机应用环境安全性差异化)监管。3). Remote login of accounts (considering the differentiation of computer application environment security) supervision.

发明内容SUMMARY OF THE INVENTION

本发明提出一种账号越权操作的识别方法及装置以解决上述技术问题。The present invention provides a method and device for identifying an account unauthorized operation to solve the above technical problems.

为了达到上述目的,本发明所采用的技术方案为:In order to achieve the above object, the technical scheme adopted in the present invention is:

账号越权操作的识别方法,应用于运维权限管理平台,所述运维权限管理平台包括多个业务域子系统,其特征在于,包括以下步骤:The identification method for account unauthorized operation is applied to an operation and maintenance authority management platform, wherein the operation and maintenance authority management platform includes a plurality of business domain subsystems, and is characterized in that it includes the following steps:

步骤101,当检测到有账号登录系统时,获取该账号的账号信息及该账号登录设备的设备信息;Step 101, when it is detected that an account is logged into the system, the account information of the account and the device information of the login device of the account are obtained;

步骤102,对该账号是否是公用账号进行识别;Step 102, identifying whether the account is a public account;

步骤103,若该账号不是公用账号,计算该账号操作的风险值;Step 103, if the account is not a public account, calculate the risk value of the account operation;

步骤104,若所得风险值超过阈值,则将该账号注销或修改权限;Step 104, if the obtained risk value exceeds the threshold, cancel the account or modify the authority;

所述计算该账号操作的风险值P1为物理风险值或越权风险值,The calculated risk value P1 of the account operation is a physical risk value or an unauthorized risk value,

所述计算该账号操作的风险值P1为物理风险值时,该账号对应设备的设备信息为ID1(d1,f1,r2)该账号所登录设备的设备信息为ID2(d2,f2,r2),则物理风险值P1When the calculated risk value P1 of the account operation is a physical risk value, the device information of the device corresponding to the account is ID 1 (d 1 , f 1 , r 2 ). The device information of the device logged in the account is ID 2 (d 2 , f 2 , r 2 ), then the physical risk value P 1 :

P1=|(d1-d2)*1000|+|(f1-f2)*100|+|(r1-r2)|P 1 =|(d 1 -d 2 )*1000|+|(f 1 -f 2 )*100|+|(r 1 -r 2 )|

其中,d1为该账号对应设备的设备号,d2为该账号所登录设备的二级节点层级位置,f1为该账号对应设备的二级节点层级位置,f2为该账号所登录设备的二级节点下方层级位置,r1为该账号对应设备的实际地理位置,r2为该账号所登录设备的实际地理位置;Wherein, d 1 is the device number of the device corresponding to the account, d 2 is the secondary node level position of the device logged in by the account, f 1 is the secondary node level position of the device corresponding to the account, and f 2 is the device logged in by the account. The hierarchical location below the secondary node of , r 1 is the actual geographic location of the device corresponding to the account, and r 2 is the actual geographic location of the device logged in by the account;

所述计算该账号操作的风险值P1为越权风险值时,每个账号所有人超出原有权限的风险系数设定为b1,账号所有人登录设备该风险为b2When the calculated risk value P 1 of the account operation is the unauthorized risk value, the risk coefficient of each account owner exceeding the original authority is set as b 1 , and the risk of the account owner logging in to the device is b 2 :

Figure GDA0003256242890000021
Figure GDA0003256242890000021

作为优选,所述账号信息包括:账号的权限,账号所有人的职责,账号对应设备的设备信息。Preferably, the account information includes: the authority of the account, the responsibilities of the account owner, and the device information of the device corresponding to the account.

作为优选,账号显示有多次登陆时,风险值进行累加:As a preference, when the account shows that there are multiple logins, the risk value is accumulated:

Figure GDA0003256242890000031
Figure GDA0003256242890000031

其中,i、n均为整数且1≤i≤n。Wherein, i and n are both integers and 1≤i≤n.

根据本发明实施例的第二方面,提供了一种账号越权操作的识别装置,账号越权操作的识别装置,应用于运维权限管理平台,所述运维权限管理平台包括多个业务域子系统,其特征在于,包括:According to a second aspect of the embodiments of the present invention, an identification device for account unauthorized operation is provided, and the identification device for account unauthorized operation is applied to an operation and maintenance authority management platform, and the operation and maintenance authority management platform includes a plurality of business domain subsystems , which is characterized in that it includes:

账号检测模块,用于当检测到有账号登录系统时,获取该账号的账号信息及该账号登录设备的设备信息;The account detection module is used to obtain the account information of the account and the device information of the login device of the account when it is detected that an account is logged into the system;

账号识别模块,用于对该账号是否是公用账号进行识别;The account identification module is used to identify whether the account is a public account;

风险值计算模块,用于若该账号不是公用账号,计算该账号操作的风险值;The risk value calculation module is used to calculate the risk value of the account operation if the account is not a public account;

权限修改模块,用于若所得风险值超过阈值,则将该账号注销或修改权限。The authority modification module is used to cancel the account or modify the authority if the obtained risk value exceeds the threshold.

作为优选,所述账号信息包括:账号的权限,账号所有人的职责,账号对应设备的设备信息。Preferably, the account information includes: the authority of the account, the responsibilities of the account owner, and the device information of the device corresponding to the account.

与现有技术相比较,本发明可较为简单的,不占用资源的寻找出可能出现的共有性账号,确保降低越权账号的出现率;求和的计算方式可以排除大量偶然性的数据登陆状况。Compared with the prior art, the present invention can be relatively simple, find possible common accounts without occupying resources, and ensure that the occurrence rate of unauthorized accounts is reduced; the calculation method of summation can eliminate a large number of accidental data log-in situations.

附图说明Description of drawings

图1为本发明账号越权操作的识别方法的一种流程图;Fig. 1 is a kind of flow chart of the identification method of account unauthorized operation of the present invention;

图2为本发明账号越权操作的识别装置的一种结构框图。FIG. 2 is a structural block diagram of an identification device for account unauthorized operation according to the present invention.

图中,201-账号检测模块,202-账号识别模块,203-风险值计算模块,204-权限修改模块。In the figure, 201-account detection module, 202-account identification module, 203-risk value calculation module, 204-authority modification module.

具体实施方式Detailed ways

以下将结合附图所示的具体实施方式对本发明进行详细描述。但这些实施方式并不限制本发明,本领域的普通技术人员根据这些实施方式所做出的结构、方法、或功能上的变换均包含在本发明的保护范围内。The present invention will be described in detail below with reference to the specific embodiments shown in the accompanying drawings. However, these embodiments do not limit the present invention, and structural, method, or functional changes made by those skilled in the art according to these embodiments are all included in the protection scope of the present invention.

在本发明使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本发明。在本发明和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。The terminology used in the present invention is for the purpose of describing particular embodiments only and is not intended to limit the present invention. As used in this specification and the appended claims, the singular forms "a," "the," and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It will also be understood that the term "and/or" as used herein refers to and includes any and all possible combinations of one or more of the associated listed items.

如图1所示,一种账号越权操作的识别方法,应用于运维权限管理平台,所述运维权限管理平台包括多个业务域子系统,包括以下步骤:As shown in FIG. 1, a method for identifying account unauthorized operation is applied to an operation and maintenance authority management platform. The operation and maintenance authority management platform includes multiple business domain subsystems, including the following steps:

步骤101,当检测到有账号登录系统时,获取该账号的账号信息及该账号登录设备的设备信息;Step 101, when it is detected that an account is logged into the system, the account information of the account and the device information of the login device of the account are obtained;

步骤102,对该账号是否是公用账号进行识别;Step 102, identifying whether the account is a public account;

步骤103,若该账号不是公用账号,计算该账号操作的风险值;Step 103, if the account is not a public account, calculate the risk value of the account operation;

步骤104,若所得风险值超过阈值,则将该账号注销或修改权限。Step 104, if the obtained risk value exceeds the threshold, cancel the account or modify the authority.

这里,所述账号信息可以包括:账号的权限,账号所有人的职责,账号对应设备的设备信息。具体的,通过账号信息和设备信息的采集,了解当前登陆的账号信息、所登陆设备的计算机连接端口、账号使用人及账号权限、所在物理位置等等,人员信息可以包括账号使用人的部门、职位、职责等。Here, the account information may include: the authority of the account, the responsibilities of the account owner, and the device information of the device corresponding to the account. Specifically, through the collection of account information and device information, we can learn about the currently logged-in account information, the computer connection port of the logged-in device, the account user, account authority, physical location, etc. The personnel information may include the account user's department, position, responsibilities, etc.

本发明的一种实现方式,所述计算该账号操作的风险值P1可以为物理风险值,该账号对应设备的设备信息为ID1(d1,f1,r2),该账号所登录设备的设备信息为ID2(d2,f2,r2),则物理风险值P1In an implementation manner of the present invention, the calculated risk value P 1 of the account operation may be a physical risk value, and the device information of the device corresponding to the account is ID 1 (d 1 , f 1 , r 2 ), and the account is logged in The device information of the device is ID 2 (d 2 , f 2 , r 2 ), then the physical risk value P 1 is:

P1=|(d1-d2)*1000|+|(f1-f2)*100|+|(r1-r2)|。P 1 =|(d 1 -d 2 )*1000|+|(f 1 -f 2 )*100|+|(r 1 -r 2 )|.

其中,ID1、d1、f1、r1分别代表该账号对应设备的设备号、二级节点层级位置、二级节点下方层级位置和实际地理位置,ID2、d2、f2、r2分别代表该账号所登录设备的设备号、二级节点层级位置、二级节点下方层级位置和实际地理位置。Among them, ID 1 , d 1 , f 1 , and r 1 respectively represent the device number of the device corresponding to the account, the level position of the secondary node, the level position below the secondary node, and the actual geographical location, ID 2 , d 2 , f 2 , r 2 represents the device number of the device logged in by the account, the level position of the secondary node, the level position below the secondary node, and the actual geographical location.

实际地理位置距离值可用实际数值计算,二级节点层级位置、二级节点下方层级位置的距离计算值通过设定值换算得到,1000是账号数据来源在二级节点层级上发生的改变时赋予风险值,100是在二级节点下发生赋予的风险值。P1的值越大,账号未注销,共有化风险越大。The actual geographic location distance value can be calculated by the actual value. The distance calculation value of the level position of the secondary node and the level position below the secondary node is obtained by converting the set value. 1000 is the risk given when the source of the account data changes at the level of the secondary node. value, 100 is the risk value assigned to occur under the secondary node. The larger the value of P1, the greater the risk of co-ownership if the account is not cancelled.

本发明的一种实现方式,所述计算该账号操作的风险值P1可以为越权风险值,风险值越权,越级越多,部门相差越大,风险值会爆炸性增长。每个账号所有人超出原有权限的风险系数设定为b1,账号所有人登录设备该风险为b2:In an implementation manner of the present invention, the calculated risk value P1 of the account operation can be an overweight risk value, the risk value is overweight, the more levels are, the greater the difference between departments, and the risk value will increase explosively. The risk factor of each account owner exceeding the original authority is set to b 1 , and the risk of the account owner logging in to the device is b 2 :

Figure GDA0003256242890000051
Figure GDA0003256242890000051

特别的,账号显示有多次登陆时,可以将风险值进行累加:In particular, when the account shows that there are multiple logins, the risk value can be accumulated:

Figure GDA0003256242890000052
Figure GDA0003256242890000052

其中,i、n均为整数且1≤i≤n。Wherein, i and n are both integers and 1≤i≤n.

对应的,本发明还提供了一种账号越权操作的识别装置,应用于运维权限管理平台,所述运维权限管理平台包括多个业务域子系统,如图2所示,包括:Correspondingly, the present invention also provides an identification device for account unauthorized operation, which is applied to an operation and maintenance authority management platform. The operation and maintenance authority management platform includes a plurality of business domain subsystems, as shown in FIG. 2 , including:

账号检测模块201,用于当检测到有账号登录系统时,获取该账号的账号信息及该账号登录设备的设备信息;The account detection module 201 is configured to acquire the account information of the account and the device information of the login device of the account when it is detected that there is an account to log in to the system;

账号识别模块202,用于对该账号是否是公用账号进行识别;The account identification module 202 is used to identify whether the account is a public account;

风险值计算模块203,用于若该账号不是公用账号,计算该账号操作的风险值;The risk value calculation module 203 is used to calculate the risk value of the account operation if the account is not a public account;

权限修改模块204,用于若所得风险值超过阈值,则将该账号注销或修改权限。The authority modification module 204 is configured to cancel the account or modify the authority if the obtained risk value exceeds the threshold.

其中,账号信息包括:账号的权限,账号所有人的职责,账号对应设备的设备信息。The account information includes: the authority of the account, the responsibilities of the account owner, and the device information of the device corresponding to the account.

关于上述实施例中的装置,其中各个模块执行操作的具体方式已经在有关该方法的实施例中进行了详细描述,此处将不做详细阐述说明。Regarding the apparatus in the above-mentioned embodiment, the specific manner in which each module performs operations has been described in detail in the embodiment of the method, and will not be described in detail here.

本发明通过梳理设备端口分布图、信通点位人员属性数据、人事资料,分析出账号所有人与登录账号设备间的关系、账号所有人与登录设备所有人间关系,用行为设定树判断其具体的违规行为。因此,可较为简单的,不占用资源的寻找出可能出现的共有性账号,确保降低越权账号的出现率。求和的计算方式可以排除大量偶然性的数据登陆状况。The invention analyzes the relationship between the account owner and the login account device, the relationship between the account owner and the login device owner by combing the device port distribution map, the information and communication point personnel attribute data, and the personnel data, and uses the behavior setting tree to determine the relationship between the account owner and the login account device. specific violations. Therefore, it is relatively simple to find possible common accounts without occupying resources, so as to ensure that the occurrence rate of unauthorized accounts is reduced. The summation calculation method can exclude a large number of accidental data logging conditions.

本领域技术人员在考虑说明书及实践这里公开的发明后,将容易想到本发明的其它实施方案。本申请旨在涵盖本发明的任何变型、用途或者适应性变化,这些变型、用途或者适应性变化遵循本发明的一般性原理并包括本发明未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的,本发明的真正范围和精神由本申请的权利要求指出。Other embodiments of the invention will readily suggest themselves to those skilled in the art upon consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses or adaptations of the invention which follow the general principles of the invention and which include common knowledge or conventional techniques in the art not disclosed by the invention . The specification and examples are to be regarded as exemplary only, with the true scope and spirit of the invention being indicated by the claims of this application.

应当理解的是,本发明并不局限于上面已经描述并在附图中示出的精确结构,并且可以在不脱离其范围进行各种修改和改变。本发明的范围仅由所附的权利要求来限制。It should be understood that the present invention is not limited to the precise structures described above and illustrated in the accompanying drawings, and that various modifications and changes may be made without departing from its scope. The scope of the present invention is limited only by the appended claims.

Claims (5)

1. The identification method of the account number unauthorized operation is applied to an operation and maintenance authority management platform, the operation and maintenance authority management platform comprises a plurality of service domain subsystems, and the identification method is characterized by comprising the following steps:
step 101, when detecting that an account logs in a system, acquiring account information of the account and equipment information of account logging equipment;
step 102, identifying whether the account is a public account;
step 103, if the account is not a public account, calculating a risk value of the account operation;
step 104, if the obtained risk value exceeds a threshold value, canceling the account or modifying the authority;
calculating the risk value P of the account operation1Either the physical risk value or the override risk value,
calculating the risk value P of the account operation1When the physical risk value is the physical risk value, the device information of the device corresponding to the account is ID1(d1,f1,r2) The device information of the device logged in by the account is ID2(d2,f2,r2) Then the physical risk value P1
P1=|(d1-d2)*1000|+|(f1-f2)*100|+|(r1-r2)|
Wherein, ID1、d1、f1、r1Respectively representing the equipment number, the hierarchical position of the secondary node, the hierarchical position below the secondary node and the actual geographic position, ID, of the equipment corresponding to the account2、d2、f2、r2Respectively representing the equipment number, the hierarchical position of a secondary node, the hierarchical position below the secondary node and the actual geographic position of equipment logged in by the account;
calculating the risk value P of the account operation1When the risk value is an unauthorized risk value, the risk coefficient of each account owner exceeding the original authority is set as b1The risk of the account owner logging in the device is b2
Figure FDA0003302022250000011
2. The method for identifying account unauthorized operation according to claim 1, wherein the account information includes: the authority of the account, the responsibility of the account owner, and the equipment information of the equipment corresponding to the account.
3. The method for identifying unauthorized account operation according to claim 1, wherein when the account shows multiple logins, the risk values are accumulated:
Figure FDA0003302022250000021
wherein i and n are integers, and i is more than or equal to 1 and less than or equal to n.
4. The recognition device of account number unauthorized operation, characterized in that, be applied to operation and maintenance authority management platform, operation and maintenance authority management platform includes a plurality of business domain subsystems, its characterized in that includes:
the account detection module is used for acquiring account information of the account and equipment information of the account login equipment when detecting that the account logs in the system;
the account number identification module is used for identifying whether the account number is a public account number;
the risk value calculation module is used for calculating the risk value of the account operation if the account is not a public account;
the permission modification module is used for canceling the account number or modifying permission if the obtained risk value exceeds a threshold value;
the identification device for the account number unauthorized operation is used for executing an identification method for the account number unauthorized operation, and the identification method for the account number unauthorized operation specifically comprises the following steps:
step 101, when detecting that an account logs in a system, acquiring account information of the account and equipment information of account logging equipment;
step 102, identifying whether the account is a public account;
step 103, if the account is not a public account, calculating a risk value of the account operation;
step 104, if the obtained risk value exceeds a threshold value, canceling the account or modifying the authority;
calculating the risk value P of the account operation1Either the physical risk value or the override risk value,
calculating the risk value P of the account operation1When the physical risk value is the physical risk value, the device information of the device corresponding to the account is ID1(d1,f1,r2) The device information of the device logged in by the account is ID2(d2,f2,r2) Then the physical risk value P1
P1=|(d1-d2)*1000|+|(f1-f2)*100|+|(r1-r2)|
Wherein, ID1、d1、f1、r1Respectively representing the equipment number, the hierarchical position of the secondary node, the hierarchical position below the secondary node and the actual geographic position, ID, of the equipment corresponding to the account2、d2、f2、r2Respectively representing the equipment number, the hierarchical position of a secondary node, the hierarchical position below the secondary node and the actual geographic position of equipment logged in by the account;
calculating the risk value P of the account operation1When the risk value is an unauthorized risk value, the risk coefficient of each account owner exceeding the original authority is set as b1The risk of the account owner logging in the device is b2
Figure FDA0003302022250000031
5. The apparatus for recognizing an account unauthorized operation according to claim 4, wherein the account information includes: the authority of the account, the responsibility of the account owner, and the equipment information of the equipment corresponding to the account.
CN201911075032.7A 2019-11-06 2019-11-06 Identification method and device for unauthorized account operation Active CN110881032B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911075032.7A CN110881032B (en) 2019-11-06 2019-11-06 Identification method and device for unauthorized account operation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911075032.7A CN110881032B (en) 2019-11-06 2019-11-06 Identification method and device for unauthorized account operation

Publications (2)

Publication Number Publication Date
CN110881032A CN110881032A (en) 2020-03-13
CN110881032B true CN110881032B (en) 2022-02-22

Family

ID=69729096

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911075032.7A Active CN110881032B (en) 2019-11-06 2019-11-06 Identification method and device for unauthorized account operation

Country Status (1)

Country Link
CN (1) CN110881032B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105139139A (en) * 2015-08-31 2015-12-09 国家电网公司 Data processing method, device and system for operation and maintenance audit
CN107154919A (en) * 2016-03-03 2017-09-12 中国移动通信集团江苏有限公司 A kind of safe login method and device
EP3257226A1 (en) * 2015-04-30 2017-12-20 Palmaso ApS Method for identifying unauthorized access of an account of an online service
CN108696490A (en) * 2017-04-11 2018-10-23 腾讯科技(深圳)有限公司 The recognition methods of account permission and device
CN108710807A (en) * 2018-07-16 2018-10-26 国网安徽省电力有限公司亳州供电公司 It is gone beyond one's commission management method and its system based on regional electrical energy system
CN110135693A (en) * 2019-04-12 2019-08-16 北京中科闻歌科技股份有限公司 A kind of Risk Identification Method, device, equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8751794B2 (en) * 2011-12-28 2014-06-10 Pitney Bowes Inc. System and method for secure nework login

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3257226A1 (en) * 2015-04-30 2017-12-20 Palmaso ApS Method for identifying unauthorized access of an account of an online service
CN105139139A (en) * 2015-08-31 2015-12-09 国家电网公司 Data processing method, device and system for operation and maintenance audit
CN107154919A (en) * 2016-03-03 2017-09-12 中国移动通信集团江苏有限公司 A kind of safe login method and device
CN108696490A (en) * 2017-04-11 2018-10-23 腾讯科技(深圳)有限公司 The recognition methods of account permission and device
CN108710807A (en) * 2018-07-16 2018-10-26 国网安徽省电力有限公司亳州供电公司 It is gone beyond one's commission management method and its system based on regional electrical energy system
CN110135693A (en) * 2019-04-12 2019-08-16 北京中科闻歌科技股份有限公司 A kind of Risk Identification Method, device, equipment and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Optimization of the structures locations using a genetic algorithm in the transmission line design";Enes Kalajac、Almir Karabegović、Mirza Ponjavić;《2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO)》;20180702;全文 *
"基于ITIL的应用级运维支撑平台研究与实现";李灿全;《中国优秀硕士学位论文全文数据库 信息科技辑》;20130715(第7期);全文 *

Also Published As

Publication number Publication date
CN110881032A (en) 2020-03-13

Similar Documents

Publication Publication Date Title
US11157629B2 (en) Identity risk and cyber access risk engine
CN110781930A (en) User portrait grouping and behavior analysis method and system based on log data of network security equipment
US9992213B2 (en) Risk-adaptive access control of an application action based on threat detection data
JP4903287B2 (en) User classification and leveling management system in image information management system
CN102710598B (en) System and method for reducing security risk in computer network
CN108960456A (en) Private clound secure, integral operation platform
JP2010537285A5 (en)
CN109446768B (en) Application access behavior abnormity detection method and system
CN106487810A (en) A kind of cloud platform security postures cognitive method
CN118229032B (en) Self-adaptive enterprise data management method and system based on business dynamic change
CN111222162B (en) Industry cloud resource access control method and device
CN118842651A (en) Access permission method, system and medium based on cloud computing
CN120296755A (en) Zero trust API dynamic access control method, computer device, and medium
JP5962472B2 (en) Anonymized data generation method, apparatus and program
Petrenko Developing an Enterprise Continuity Program
CN110881032B (en) Identification method and device for unauthorized account operation
KR102789440B1 (en) Method and apparatus for managing personal information access records
Parekh et al. Aligning with cybersecurity framework by modelling OT security.
US20240394377A1 (en) Data security risk posture
CN115587374B (en) Dynamic access control method and control system based on trust value
US10462208B2 (en) File transfer system with dynamic file exchange control functions
CN105844386A (en) An enterprise data system based on browser server model
CN110706098A (en) A blockchain-based precision poverty alleviation system and method
CN110175109B (en) User type determining method, determining device, equipment and medium
Da Silva et al. Return on security investment for cloud computing: a customer perspective

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant